Sign-up

ID

VAR-201107-0263


CVE

CVE-2011-2963


TITLE

Progea Movicon of TCPUploadServer.exe Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2011-003492

DESCRIPTION

TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not require authentication for critical functions, which allows remote attackers to obtain sensitive information, delete files, execute arbitrary programs, or cause a denial of service (crash) via a crafted packet to TCP port 10651. Progea Movicon is a new generation of automated monitoring software. A vulnerability exists in TCPUploadServer.exe provided by Progea Movicon that allows remote unauthenticated hosts to execute arbitrary commands on the server. The attacker sends a specially crafted message to the server TCP port 10651, which allows the system to respond to the OS version and driver information. In addition, an attacker sending a specially crafted message can cause the file to be deleted or the server to crash. Progea Movicon is prone to a security-bypass vulnerability. An attacker can exploit this issue to perform unauthorized actions, obtain sensitive information, and cause denial-of-service conditions. Versions prior to Movicon 11.2 Build 1084 are vulnerable

Trust: 2.79

sources: NVD: CVE-2011-2963 // JVNDB: JVNDB-2011-003492 // CNVD: CNVD-2011-1214 // BID: 46907 // IVD: c25a1730-2354-11e6-abef-000c29c66e3d // IVD: 9b4ea056-1f9a-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: c25a1730-2354-11e6-abef-000c29c66e3d // IVD: 9b4ea056-1f9a-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-1214

AFFECTED PRODUCTS

vendor:progeamodel:moviconscope:eqversion:11.2

Trust: 2.5

vendor:progea srlmodel:moviconscope:ltversion:11.2

Trust: 0.8

vendor:progea srlmodel:moviconscope:eqversion:build 1084

Trust: 0.8

vendor:moviconmodel: - scope:eqversion:11.2

Trust: 0.4

vendor:progeamodel:movicon buildscope:neversion:11.21084

Trust: 0.3

sources: IVD: c25a1730-2354-11e6-abef-000c29c66e3d // IVD: 9b4ea056-1f9a-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-1214 // BID: 46907 // JVNDB: JVNDB-2011-003492 // CNNVD: CNNVD-201107-460 // NVD: CVE-2011-2963

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-2963
value: HIGH

Trust: 1.0

NVD: CVE-2011-2963
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201107-460
value: CRITICAL

Trust: 0.6

IVD: c25a1730-2354-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

IVD: 9b4ea056-1f9a-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2011-2963
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: c25a1730-2354-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 9b4ea056-1f9a-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: c25a1730-2354-11e6-abef-000c29c66e3d // IVD: 9b4ea056-1f9a-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2011-003492 // CNNVD: CNNVD-201107-460 // NVD: CVE-2011-2963

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2011-003492 // NVD: CVE-2011-2963

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201107-460

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201107-460

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-003492

PATCH
title:Top Pageurl:http://www.progea.com
Trust: 0.8
title:Progea Movicon 'TCPUploadServer.exe' security bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/3376
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2011-1214 // 
            
            
            
            JVNDB: JVNDB-2011-003492

EXTERNAL IDS
db:NVDid:CVE-2011-2963
Trust: 3.1
db:BIDid:46907
Trust: 2.5
db:ICS CERTid:ICSA-11-056-01A
Trust: 2.4
db:ICS CERTid:ICSA-11-056-01
Trust: 1.9
db:EXPLOIT-DBid:17034
Trust: 1.6
db:OSVDBid:72888
Trust: 1.6
db:CNNVDid:CNNVD-201107-460
Trust: 1.0
db:CNVDid:CNVD-2011-1214
Trust: 0.8
db:JVNDBid:JVNDB-2011-003492
Trust: 0.8
db:IVDid:C25A1730-2354-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:IVDid:9B4EA056-1F9A-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: c25a1730-2354-11e6-abef-000c29c66e3d // 
            
            
            
            IVD: 9b4ea056-1f9a-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2011-1214 // 
            
            
            
            BID: 46907 // 
            
            
            
            JVNDB: JVNDB-2011-003492 // 
            
            
            
            CNNVD: CNNVD-201107-460 // 
            
            
            
            NVD: CVE-2011-2963

REFERENCES
url:http://www.us-cert.gov/control_systems/pdf/icsa-11-056-01a.pdf
Trust: 2.4
url:http://www.us-cert.gov/control_systems/pdf/icsa-11-056-01.pdf
Trust: 1.9
url:http://www.securityfocus.com/bid/46907
Trust: 1.6
url:http://www.osvdb.org/72888
Trust: 1.6
url:http://www.exploit-db.com/exploits/17034
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2963
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2963
Trust: 0.8
url:http://www.securityfocus.com/bid/46907http
Trust: 0.6
url:http://www.progea.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2011-1214 // 
            
            
            
            BID: 46907 // 
            
            
            
            JVNDB: JVNDB-2011-003492 // 
            
            
            
            CNNVD: CNNVD-201107-460 // 
            
            
            
            NVD: CVE-2011-2963

CREDITS
Jeremy Brown
Trust: 0.3
sources:
            
            
            BID: 46907

SOURCES
db:IVDid:c25a1730-2354-11e6-abef-000c29c66e3d
db:IVDid:9b4ea056-1f9a-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2011-1214
db:BIDid:46907
db:JVNDBid:JVNDB-2011-003492
db:CNNVDid:CNNVD-201107-460
db:NVDid:CVE-2011-2963

LAST UPDATE DATE
2025-04-11T23:08:57.694000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2011-1214date:2011-03-24T00:00:00
db:BIDid:46907date:2015-04-13T20:01:00
db:JVNDBid:JVNDB-2011-003492date:2011-12-22T00:00:00
db:CNNVDid:CNNVD-201107-460date:2011-08-04T00:00:00
db:NVDid:CVE-2011-2963date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:c25a1730-2354-11e6-abef-000c29c66e3ddate:2011-07-29T00:00:00
db:IVDid:9b4ea056-1f9a-11e6-abef-000c29c66e3ddate:2011-03-24T00:00:00
db:CNVDid:CNVD-2011-1214date:2011-03-24T00:00:00
db:BIDid:46907date:2011-03-15T00:00:00
db:JVNDBid:JVNDB-2011-003492date:2011-12-22T00:00:00
db:CNNVDid:CNNVD-201107-460date:2011-07-29T00:00:00
db:NVDid:CVE-2011-2963date:2011-07-29T19:55:04.437