CVE-2011-2963

Progea Movicon - Authentication Bypass

Title source: rule

Description

TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not require authentication for critical functions, which allows remote attackers to obtain sensitive information, delete files, execute arbitrary programs, or cause a denial of service (crash) via a crafted packet to TCP port 10651.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jeremy Brown · pythonremotewindows

https://www.exploit-db.com/exploits/17034

View Code ZIP pw:eip

References (5)

[Exploit] http://www.exploit-db.com/exploits/17034

[Exploit] http://www.securityfocus.com/bid/46907

[Patch, US Government Resource] http://www.us-cert.gov/control_systems/pdf/ICSA-11-056-01.pdf

[Patch, US Government Resource] http://www.us-cert.gov/control_systems/pdf/ICSA-11-056-01A.pdf

[Third Party Advisory, VDB Entry] http://www.osvdb.org/72888

Scores

EPSS 0.1987

EPSS Percentile 95.3%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

progea/movicon

Timeline

Published Jul 29, 2011

Tracked Since Feb 18, 2026