CVE-2011-2963

TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not require authentication for critical functions, which allows remote attackers to obtain sensitive information, delete files, execute arbitrary programs, or cause a denial of service (crash) via a crafted packet to TCP port 10651.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
progeamovicon
11.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.exploit-db.com/exploits/17034
http://www.osvdb.org/72888
http://www.securityfocus.com/bid/46907
http://www.us-cert.gov/control_systems/pdf/ICSA-11-056-01.pdf
http://www.us-cert.gov/control_systems/pdf/ICSA-11-056-01A.pdf
http://www.exploit-db.com/exploits/17034
http://www.osvdb.org/72888
http://www.securityfocus.com/bid/46907
http://www.us-cert.gov/control_systems/pdf/ICSA-11-056-01.pdf
http://www.us-cert.gov/control_systems/pdf/ICSA-11-056-01A.pdf