Details of VAR-201404-0550

ID

VAR-201404-0550

CVE

CVE-2014-0778

TITLE

Progea Movicon Information Disclosure Vulnerability

Trust: 1.0

sources: IVD: 0f1d93f6-2352-11e6-abef-000c29c66e3d // IVD: 7d742b41-463f-11e9-aaf2-000c29342cb1 // CNVD: CNVD-2014-02544

DESCRIPTION

TCPUploader module listens on Port 10651/TCP for incoming connections. Exploitation of this vulnerability could allow a remote unauthenticated user access to release OS version information. While this is a minor vulnerability, it represents a method for further network reconnaissance. Progea Movicon of TCPUploade The module contains a vulnerability that allows important version information to be obtained.By a third party TCP port 10651 You may get important information through network traffic to. Movicon is an industrial monitoring software developed by the Italian automation software provider PROGEA (Scada/HMI). Progea Movicon is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Progea Movicon 11.4 prior to Build 1150 are vulnerable

Trust: 2.79

sources: NVD: CVE-2014-0778 // JVNDB: JVNDB-2014-002190 // CNVD: CNVD-2014-02544 // BID: 66934 // IVD: 0f1d93f6-2352-11e6-abef-000c29c66e3d // IVD: 7d742b41-463f-11e9-aaf2-000c29342cb1

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.0

sources: IVD: 0f1d93f6-2352-11e6-abef-000c29c66e3d // IVD: 7d742b41-463f-11e9-aaf2-000c29342cb1 // CNVD: CNVD-2014-02544

AFFECTED PRODUCTS

vendor:	progea	model:	movicon	scope:	eq	version:	11.4	Trust: 1.6
vendor:	progea srl	model:	movicon	scope:	eq	version:	11.4.1150	Trust: 0.8
vendor:	progea srl	model:	movicon	scope:	lt	version:	11.4	Trust: 0.8
vendor:	progea	model:	movicon	scope:	-	version:	-	Trust: 0.6
vendor:	movicon	model:	-	scope:	eq	version:	11.4	Trust: 0.4
vendor:	progea	model:	movicon	scope:	eq	version:	11.3	Trust: 0.3
vendor:	progea	model:	movicon	scope:	eq	version:	11.2.1085.4	Trust: 0.3
vendor:	progea	model:	movicon	scope:	eq	version:	11.2.1085.3	Trust: 0.3
vendor:	progea	model:	movicon build	scope:	eq	version:	11.21085	Trust: 0.3
vendor:	progea	model:	movicon build	scope:	eq	version:	11.21084	Trust: 0.3
vendor:	progea	model:	movicon	scope:	eq	version:	11.2	Trust: 0.3
vendor:	progea	model:	movicon build	scope:	ne	version:	11.41150	Trust: 0.3

sources: IVD: 0f1d93f6-2352-11e6-abef-000c29c66e3d // IVD: 7d742b41-463f-11e9-aaf2-000c29342cb1 // CNVD: CNVD-2014-02544 // BID: 66934 // CNNVD: CNNVD-201404-388 // JVNDB: JVNDB-2014-002190 // NVD: CVE-2014-0778

CVSS

SEVERITY

CVSSV2

CVSSV3

ics-cert@hq.dhs.gov:	CVE-2014-0778
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2014-0778
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-0778
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-02544
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201404-388
value:	MEDIUM
Trust: 0.6
IVD:	0f1d93f6-2352-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
IVD:	7d742b41-463f-11e9-aaf2-000c29342cb1
value:	MEDIUM
Trust: 0.2

nvd@nist.gov:	CVE-2014-0778
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ics-cert@hq.dhs.gov:	CVE-2014-0778
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2014-02544
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	0f1d93f6-2352-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
IVD:	7d742b41-463f-11e9-aaf2-000c29342cb1
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 0f1d93f6-2352-11e6-abef-000c29c66e3d // IVD: 7d742b41-463f-11e9-aaf2-000c29342cb1 // CNVD: CNVD-2014-02544 // CNNVD: CNNVD-201404-388 // JVNDB: JVNDB-2014-002190 // NVD: CVE-2014-0778 // NVD: CVE-2014-0778

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2014-002190 // NVD: CVE-2014-0778

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201404-388

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201404-388

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002190

PATCH

title:	Top Page	url:	http://www.progea.com/	Trust: 0.8
title:	Progea Movicon patch for information disclosure vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/45065	Trust: 0.6

sources: CNVD: CNVD-2014-02544 // JVNDB: JVNDB-2014-002190

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0778	Trust: 3.7
db:	ICS CERT	id:	ICSA-14-105-01	Trust: 3.3
db:	CNVD	id:	CNVD-2014-02544	Trust: 1.0
db:	CNNVD	id:	CNNVD-201404-388	Trust: 1.0
db:	BID	id:	66934	Trust: 0.9
db:	JVNDB	id:	JVNDB-2014-002190	Trust: 0.8
db:	SECUNIA	id:	57980	Trust: 0.6
db:	IVD	id:	0F1D93F6-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	7D742B41-463F-11E9-AAF2-000C29342CB1	Trust: 0.2

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-14-105-01	Trust: 3.3
url:	http://www.progea.com/it-it/downloads/software.aspx	Trust: 1.3
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-14-105-01	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0778	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0778	Trust: 0.8
url:	http://secunia.com/advisories/57980	Trust: 0.6

sources: CNVD: CNVD-2014-02544 // BID: 66934 // CNNVD: CNNVD-201404-388 // JVNDB: JVNDB-2014-002190 // NVD: CVE-2014-0778

CREDITS

Celil ?nüver of SignalSEC Ltd

Trust: 0.3

sources: BID: 66934

SOURCES

db:	IVD	id:	0f1d93f6-2352-11e6-abef-000c29c66e3d
db:	IVD	id:	7d742b41-463f-11e9-aaf2-000c29342cb1
db:	CNVD	id:	CNVD-2014-02544
db:	BID	id:	66934
db:	CNNVD	id:	CNNVD-201404-388
db:	JVNDB	id:	JVNDB-2014-002190
db:	NVD	id:	CVE-2014-0778

LAST UPDATE DATE

2025-09-25T23:26:26.777000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-02544	date:	2014-04-21T00:00:00
db:	BID	id:	66934	date:	2014-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201404-388	date:	2014-04-23T00:00:00
db:	JVNDB	id:	JVNDB-2014-002190	date:	2014-04-23T00:00:00
db:	NVD	id:	CVE-2014-0778	date:	2025-09-24T22:15:34.967

SOURCES RELEASE DATE

db:	IVD	id:	0f1d93f6-2352-11e6-abef-000c29c66e3d	date:	2014-04-21T00:00:00
db:	IVD	id:	7d742b41-463f-11e9-aaf2-000c29342cb1	date:	2014-04-21T00:00:00
db:	CNVD	id:	CNVD-2014-02544	date:	2014-04-21T00:00:00
db:	BID	id:	66934	date:	2014-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201404-388	date:	2014-04-23T00:00:00
db:	JVNDB	id:	JVNDB-2014-002190	date:	2014-04-23T00:00:00
db:	NVD	id:	CVE-2014-0778	date:	2014-04-19T19:55:07.200