Unauthenticated Remote Code Execution and Denial of Service in Progea Movicon 11.2

Unauthenticated Remote Code Execution and Denial of Service in Progea Movicon 11.2

CVE-2011-2963 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not require authentication for critical functions, which allows remote attackers to obtain sensitive information, delete files, execute arbitrary programs, or cause a denial of service (crash) via a crafted packet to TCP port 10651.

Learn more about our Cis Benchmark Audit For Server Software.