CVE-2017-14019

28 Oct 2017

[ICS] Progea Movicon SCADA/HMI Vulnerabilities

Vendor: Progea
Equipment: Movicon SCADA/HMI
Vulnerability: Uncontrolled Search Path Element, Unquoted Search Path or Element

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-290-01

CVE-ID
CVE-2017-14017
CVE-2017-14019

AFFECTED PRODUCTS
The following versions of Movicon HMI, an HMI software platform, are affected:

  • Movicon Version 11.5.1181 and prior.

 

IMPACT
Successful exploitation of these vulnerabilities could allow privilege escalation or arbitrary code execution.

Read on for details.

Read more