CVE-2011-3498

Progea Movicon/PowereHMI <11.2.1085 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-3498.

AI-analyzed exploit summary The writeup details three distinct heap overflow vulnerabilities in Progea Movicon/PowerHMI SCADA software, affecting HTTP request handling on port 808 and an 'EIDP' protocol on port 12233. It includes technical analysis of memory corruption via negative Content-Length fields and arbitrary null-byte writes, with references to external PoC files.

Description

Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request.

Exploits (1)

exploitdb WRITEUP
doswindows
https://www.exploit-db.com/exploits/17842

The writeup details three distinct heap overflow vulnerabilities in Progea Movicon/PowerHMI SCADA software, affecting HTTP request handling on port 808 and an 'EIDP' protocol on port 12233. It includes technical analysis of memory corruption via negative Content-Length fields and arbitrary null-byte writes, with references to external PoC files.

Classification
Writeup 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Progea Movicon / PowerHMI <= 11.2.1085
No auth needed
Prerequisites: Network access to target's port 808 or 12233 · Target running a Movicon project
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/69788

Scores

EPSS 0.1026
EPSS Percentile 95.1%

Details

CWE
CWE-119
Status published
Products (3)
progea/movicon_powerhmi 11
progea/movicon_powerhmi 11.0.1017
progea/movicon_powerhmi < 11.2.1085
Published Sep 16, 2011
Tracked Since Feb 18, 2026