CVE-2011-3491

Progea Movicon/PowereHMI <11.2.1085 - Buffer Overflow

Title source: llm

Description

Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative Content-Length field.

Exploits (1)

exploitdb WRITEUP

doswindows

https://www.exploit-db.com/exploits/17842

View Code ZIP pw:eip

References (4)

[Exploit] http://aluigi.altervista.org/adv/movicon_1-adv.txt

[Third Party Advisory, VDB Entry] http://osvdb.org/75494

[US Government Resource] http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-01.pdf

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/69787

Scores

EPSS 0.1913

EPSS Percentile 95.4%

Details

CWE

CWE-119

Status published

Products (3)

progea/movicon_powerhmi 11

progea/movicon_powerhmi 11.0.1017

progea/movicon_powerhmi < 11.2.1085

Published Sep 16, 2011

Tracked Since Feb 18, 2026