CVE-2011-3491 - Buffer Errors vulnerability in Progea Movicon Powerhmi 11/11.0.1017/11.2.1085

Publication

2011-09-16

Last modification

2017-08-29

Summary

Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative Content-Length field.

Description

Movicon is prone to multiple heap-based buffer-overflow vulnerabilities and a denial-of-service vulnerability.Remote attackers can exploit these issues to execute arbitrary code in the context of the application or cause denial-of-service conditions.Movicon 11.2 Build 1085 is vulnerable; other versions may also be affected.

Solution

Vendor updates are available. Please contact the vendor for more information.

Exploit

The following example input and exploit code are available: /data/vulnerabilities/exploits/49605.zip

Classification

CWE-119 - Buffer Errors

Risk level (CVSS AV:N/AC:L/Au:N/C:C/I:C/A:C)

High

10.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Progea Movicon Powerhmi  11.2.1085 , 11 , 11.0.1017