Description
Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an EIDP packet with a large size field, which writes a zero byte to an arbitrary memory location.
Exploits (1)
References (3)
Core 3
Core References
Exploit x_refsource_misc
http://aluigi.altervista.org/adv/movicon_3-adv.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/69789
US Government Resource x_refsource_misc
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-256-01.pdf
Scores
EPSS
0.5492
EPSS Percentile
98.1%
Details
CWE
CWE-119
Status
published
Products (3)
progea/movicon_powerhmi
11
progea/movicon_powerhmi
11.0.1017
progea/movicon_powerhmi
< 11.2.1085
Published
Sep 16, 2011
Tracked Since
Feb 18, 2026