Shodan
Vulnerabilities
Vulnerable Software
Progea:  Security Vulnerabilities
CVE-2017-14017
An Uncontrolled Search Path Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An uncontrolled search path element vulnerability has been identified, which may allow a remote attacker without privileges to execute arbitrary code in the form of a malicious DLL file.
CVSS Score
7.8
EPSS Score
0.003
Published
2017-10-19
CVE-2017-14019
An Unquoted Search Path or Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An unquoted search path or element vulnerability has been identified, which may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate his or her privileges.
CVSS Score
6.7
EPSS Score
0.001
Published
2017-10-19
CVE-2014-0778
The TCPUploader module in Progea Movicon 11.4 before 11.4.1150 allows remote attackers to obtain potentially sensitive version information via network traffic to TCP port 10651.
CVSS Score
5.0
EPSS Score
0.003
Published
2014-04-19
CVE-2012-1804
The OPC server in Progea Movicon before 11.3 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted HTTP request.
CVSS Score
7.8
EPSS Score
0.032
Published
2012-05-14
CVE-2011-3498
Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request.
CVSS Score
10.0
EPSS Score
0.645
Published
2011-09-16
CVE-2011-3499
Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an EIDP packet with a large size field, which writes a zero byte to an arbitrary memory location.
CVSS Score
10.0
EPSS Score
0.592
Published
2011-09-16
CVE-2011-3491
Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative Content-Length field.
CVSS Score
10.0
EPSS Score
0.305
Published
2011-09-16
CVE-2011-2963
TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not require authentication for critical functions, which allows remote attackers to obtain sensitive information, delete files, execute arbitrary programs, or cause a denial of service (crash) via a crafted packet to TCP port 10651.
CVSS Score
10.0
EPSS Score
0.089
Published
2011-07-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved