There is a memory corruption vulnerability in the Progea Movicon application that a remote attacker can exploit.
ICS-CERT coordinated these vulnerabilities with Progea, which produced a new version (V11.3) that resolves the reported vulnerability. Dillon Beresford of IXIA, who reported the vulnerability, tested the new version and confirms that it resolves the vulnerability.
Progea said the Movicon versions prior to 11.3 suffer from the vulnerability. An attacker can cause the server to read an invalid memory address resulting in a denial of service.
Progea Srl is an Italian company that offers SCADA products deployed primarily in Europe, India, and the United States. The energy, water, critical manufacturing, and several other industry sectors use the product line.
Movicon 11 is an XML-based human-machine interface development system that includes drivers for programmable logic controllers (PLCs). Movicon provides OPC-based connectivity for data transfer, including OPC DA and OPC XML DA services.
Movicon suffers from an out-of-bounds read vulnerability that an attacker can exploit by sending a specially crafted HTTP POST request to the Movicon OPC server (default Port 9090/TCP). The request will result in a denial of service.
CVE-2012-1804 is the number assigned to this vulnerability, which has a CVSS V2 base score of 7.8.
To resolve this issue, Progea recommends installing the new version of Movicon. The user must register to access the new version.