Progea Movicon SCADA Information Disclosure Vulnerability

Low RiskICS-CERT ICSA-14-105-01Jan 16, 2014

Summary

Progea Movicon SCADA contains an information disclosure vulnerability that allows unauthorized access to sensitive data. The vulnerability affects versions prior to 11.4 Build 1150.

What this means

What could happen

An attacker could access sensitive information stored in or transmitted by Movicon SCADA systems, potentially compromising operational data, configuration details, or credentials needed to control critical infrastructure.

Who's at risk

Energy sector organizations running Progea Movicon SCADA systems should evaluate this risk. Movicon is commonly used for supervisory control and data acquisition in power generation, distribution, and other critical energy infrastructure. This affects any facility using Movicon versions prior to 11.4 Build 1150.

How it could be exploited

An attacker with network access to a Movicon SCADA system could exploit the information disclosure flaw to retrieve sensitive data without proper authentication or authorization. The attack does not require code execution, only the ability to communicate with the affected system.

Prerequisites

Network access to the Movicon SCADA application or its communication ports
Movicon version prior to 11.4 Build 1150 running in the environment

remotely exploitableinformation disclosureno patch availableaffects energy sector critical infrastructure

Exploitability

Moderate exploit probability (EPSS 1.6%)

Affected products (1)

ProductAffected VersionsFix Status

Progea Movicon: <11.4_Build_1150<11.4 Build 115011.4_Build_1150

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGImplement strict network segmentation to limit access to Movicon SCADA systems from unauthorized networks or users

HARDENINGDeploy firewall rules to restrict inbound connections to Movicon systems to only necessary administrative and engineering workstations

HARDENINGConduct a review of current Movicon deployment versions and document all systems running affected versions (<11.4 Build 1150)

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXPlan migration to Movicon 11.4 Build 1150 or later when vendor releases fixed version, following change management procedures and maintenance windows

CVEs (1)

CVE-2014-0778

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/1ed82cbf-056e-49ac-ba95-fff600025d27