Progea Movicon Multiple Vulnerabilities
September 13, 2011 (updated October 21, 2011)
Luigi Auriemma has publically disclosed the following
vulnerability with the Progea Movicon application.
Movicon is prone to two buffer overflow and one memory
corruption vulnerabilities affecting the Progea Movicon’s
PowerHMI product.
Remote attackers can exploit these issues to execute
arbitrary code in the context of the application or cause
denial-of-service conditions.
Movicon 11.2 Build 1085 and earlier, Progea Movicon PowerHMI
11.2.1085 and earlier have been confirmed to be vulnerable.
SCADAhacker
comment:
There was an additional disclosure
Movicon 'dwmapi.dll" DLL Loading Arbitrary Code
Execution Vulnerability
that was released at the same time by Mister Teatime, and
was NOT mentioned in the ICS-CERT advisory, as it appeared
to be a software bug that was fixed by the vendor.
Information and links have been provided below.