Patch Out for Moviecon HMI

Wednesday, October 26, 2011 @ 09:10 PM gHale


There is now a hotfix mitigating the two buffer overflow and memory corruption vulnerabilities affecting the Progea Movicon’s PowerHMI product.

The following products suffered from the vulnerabilities:
• Progea Movicon 11.2.1085.3 and earlier.
• Progea Movicon PowerHMI 11.2.1085 and earlier.

RELATED STORIES
SCADA Issues with MICROSYS
UniOPC Update on Server Vulnerabilities
More Holes Beset SCADA Firms
Cogent Patches DataHub Holes

Each of these vulnerabilities were remotely exploitable to cause denial of service, system crash, or execution of arbitrary code.

Progea Srl is an Italian company that offers SCADA products, deployed primarily in Europe, India, and the United States. They see use in the energy, water, and critical manufacturing sectors.

Movicon 11 is an XML-based HMI development system that includes drivers for programmable logic controllers (PLCs). Movicon provides OPC-based connectivity for data transfer, including OPC DA and OPC XML DA services.

A heap-based buffer overflow allows remote attackers to use an HTTP request on Port 808/TCP to cause a denial of service and possibly execute arbitrary code via a negative content-length field. The vulnerability has a CVE-2011-3491 designation. It also has a CVSS v2 base score of 10.0.

A heap-based buffer overflow allows remote attackers to use an HTTP request on Port 808/TCP to cause a denial of service and possibly execute arbitrary code via a long request. This vulnerability has a CVE-2011-3498 designation. It also has a CVSS v2 base score of 10.0.

The memory corruption vulnerability allows remote attackers using a Port 808/TCP HTTP request and Port 12233/TCP EIDP protocol to cause a denial of service and possibly execute arbitrary code via an EIDP packet with a large size field, which writes a zero byte to an arbitrary memory location. CVE-2011-3499 is the designation. Like the others, it has a CVSS v2 base score of 10.0.

There is a public exploit targeting these vulnerabilities. An attacker with a low skill level can create a denial of service attack but a skilled attacker would be able to execute arbitrary code.

Progea has developed and released a hotfix to address this vulnerability. Click here for the hotfix.

Click here for the Progea support group for instructions to aid in the installation of the hotfix:



Leave a Reply

You must be logged in to post a comment.