Progea Movicon SCADA/HMI

Monitor6.8ICS-CERT ICSA-17-290-01Oct 17, 2017

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionRequired

Summary

Progea Movicon SCADA/HMI versions 11.5.1181 and earlier contain improper neutralization vulnerabilities (CWE-427, CWE-428) in project file handling and code execution mechanisms. An authenticated user with high privilege can inject and execute arbitrary code on the Movicon server through manipulation of project files or application settings, potentially compromising the integrity of the SCADA/HMI system.

What this means

What could happen

An attacker with high-privilege access to a Movicon HMI could execute arbitrary code on the device, potentially altering process setpoints, stopping operations, or corrupting historian data in energy and manufacturing facilities.

Who's at risk

Energy utilities and manufacturing facilities running Movicon HMI version 11.5.1181 or earlier. This affects operators who rely on the HMI for process monitoring and control of critical infrastructure.

How it could be exploited

An attacker with high-privilege engineering credentials could inject malicious code or manipulate project files through the HMI interface. The attack requires high privilege (PR:H) and user interaction (UI:R), likely involving social engineering or account compromise to convince an operator or engineer to open a crafted file or configuration.

Prerequisites

High-privilege account on Movicon HMI (engineering/administrative credentials)
User interaction required (victim must open or import a malicious project/file)
Network access to the Movicon server or direct local access

remotely exploitablehigh-privilege credentials required (reduces exposure but privilege escalation is possible)user interaction requiredaffects HMI/control interfaceno patch available

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

Movicon:≤ 11.5.1181No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGRestrict HMI access to trusted engineering staff with high-privilege accounts; enforce strong password policies and multi-factor authentication where possible

HARDENINGImplement network segmentation to isolate Movicon HMI from untrusted networks; restrict inbound access to port 80/443 (HTTP/HTTPS) from known engineering workstations only

WORKAROUNDDisable remote access to Movicon HMI if not required for operations; if remote access is necessary, require VPN with multi-factor authentication

Mitigations - no patch available

0/1

Movicon: has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGTrain operators and engineers on not opening project files from untrusted sources and to verify authenticity before importing any configurations

CVEs (2)

CVE-2017-14017 CVE-2017-14019

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f766f20f-ce1a-4ceb-977a-8a30fca7533c