CVE-2011-3499

Progea Movicon / PowerHMI <11.2.1085 - DoS/Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-3499. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary The writeup details multiple memory corruption vulnerabilities in Progea Movicon/PowerHMI SCADA/HMI software, including heap overflows via negative Content-Length fields and arbitrary memory writes through malformed EIDP protocol packets. Exploits are provided as external binary files for remote execution.

Description

Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an EIDP packet with a large size field, which writes a zero byte to an arbitrary memory location.

Exploits (1)

exploitdb WRITEUP
by Luigi Auriemma · textdoswindows
https://www.exploit-db.com/exploits/17842

The writeup details multiple memory corruption vulnerabilities in Progea Movicon/PowerHMI SCADA/HMI software, including heap overflows via negative Content-Length fields and arbitrary memory writes through malformed EIDP protocol packets. Exploits are provided as external binary files for remote execution.

Classification
Writeup 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Progea Movicon / PowerHMI <= 11.2.1085
No auth needed
Prerequisites: Network access to target's port 808 or 12233 · Target running a Movicon project
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/69789

Scores

EPSS 0.1590
EPSS Percentile 96.5%

Details

CWE
CWE-119
Status published
Products (3)
progea/movicon_powerhmi 11
progea/movicon_powerhmi 11.0.1017
progea/movicon_powerhmi < 11.2.1085
Published Sep 16, 2011
Tracked Since Feb 18, 2026