CVE-2011-3491

Progea Movicon/PowereHMI <11.2.1085 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-3491.

AI-analyzed exploit summary The document details three memory corruption vulnerabilities in Progea Movicon/PowerHMI SCADA/HMI software, including heap overflows via negative Content-Length fields and buffer overflows in HTTP request handling. It provides technical analysis and references external PoC files for exploitation.

Description

Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative Content-Length field.

Exploits (1)

exploitdb WRITEUP
doswindows
https://www.exploit-db.com/exploits/17842

The document details three memory corruption vulnerabilities in Progea Movicon/PowerHMI SCADA/HMI software, including heap overflows via negative Content-Length fields and buffer overflows in HTTP request handling. It provides technical analysis and references external PoC files for exploitation.

Classification
Writeup 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Progea Movicon / PowerHMI <= 11.2.1085
No auth needed
Prerequisites: Network access to target port 808 or 12233
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/69787
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/75494

Scores

EPSS 0.1703
EPSS Percentile 96.7%

Details

CWE
CWE-119
Status published
Products (3)
progea/movicon_powerhmi 11
progea/movicon_powerhmi 11.0.1017
progea/movicon_powerhmi < 11.2.1085
Published Sep 16, 2011
Tracked Since Feb 18, 2026