VYPR
Vendor

Progea

Products
3
CVEs
8
Across products
11
Status
Private

Products

3

Recent CVEs

8
  • CVE-2017-14017HigOct 19, 2017
    risk 0.51cvss 7.8epss 0.01

    An Uncontrolled Search Path Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An uncontrolled search path element vulnerability has been identified, which may allow a remote attacker without privileges to execute arbitrary code in the form of a…

  • CVE-2017-14019MedOct 19, 2017
    risk 0.44cvss 6.7epss 0.00

    An Unquoted Search Path or Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. An unquoted search path or element vulnerability has been identified, which may allow an authorized local user to insert arbitrary code into the unquoted service path and…

  • CVE-2011-3499Sep 16, 2011
    risk 0.04cvss epss 0.16

    Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an EIDP packet with a large size field, which writes a zero byte to an arbitrary memory location.

  • CVE-2011-3498Sep 16, 2011
    risk 0.04cvss epss 0.10

    Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request.

  • CVE-2011-3491Sep 16, 2011
    risk 0.04cvss epss 0.17

    Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative Content-Length field.

  • CVE-2011-2963Jul 29, 2011
    risk 0.04cvss epss 0.08

    TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not require authentication for critical functions, which allows remote attackers to obtain sensitive information, delete files, execute arbitrary programs, or cause a denial of service (crash) via a crafted packet…

  • CVE-2014-0778Apr 19, 2014
    risk 0.00cvss epss 0.01

    TCPUploader module listens on Port 10651/TCP for incoming connections. Exploitation of this vulnerability could allow a remote unauthenticated user access to release OS version information. While this is a minor vulnerability, it represents a method for further network …

  • CVE-2012-1804May 14, 2012
    risk 0.00cvss epss 0.03

    The OPC server in Progea Movicon before 11.3 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted HTTP request.