CVE-2014-0778 - Vulnerability Details - OpenCVE

TCPUploader module listens on Port 10651/TCP for incoming connections. Exploitation of this vulnerability could allow a remote unauthenticated user access to release OS version information. While this is a minor vulnerability, it represents a method for further network reconnaissance.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Progea	Movicon

Configuration 1 [-]

cpe:2.3:a:progea:movicon:11.4:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://ics-cert.us-cert.gov/advisories/ICSA-14-105-01
http://www.progea.com/it-it/downloads/software.aspx
https://www.cisa.gov/news-events/ics-advisories/icsa-14-105-01

History

Wed, 24 Sep 2025 21:30:00 +0000

Type	Values Removed	Values Added
Description	The TCPUploader module in Progea Movicon 11.4 before 11.4.1150 allows remote attackers to obtain potentially sensitive version information via network traffic to TCP port 10651.	TCPUploader module listens on Port 10651/TCP for incoming connections. Exploitation of this vulnerability could allow a remote unauthenticated user access to release OS version information. While this is a minor vulnerability, it represents a method for further network reconnaissance.
Title		Progea Movicon SCADA Exposure of Sensitive Information to an Unauthorized Actor
References		http://www.progea.com/it-it/downloads/software.aspx https://www.cisa.gov/news-events/ics-advisories/icsa-14-105-01
Metrics	cvssV2_0 `{'score': 5.0, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:N'}`	cvssV2_0 `{'score': 4.3, 'vector': 'AV:N/AC:M/Au:N/C:P/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2014-04-19T19:00:00

Updated: 2025-09-24T21:24:10.830Z

Reserved: 2014-01-02T00:00:00

Link: CVE-2014-0778

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-04-19T19:55:07.200

Modified: 2025-09-24T22:15:34.967

Link: CVE-2014-0778

Redhat

No data.

{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Movicon", "vendor": "Progea", "versions": [{"lessThan": "Build 1150", "status": "affected", "version": "11.4", "versionType": "custom"}, {"status": "unaffected", "version": "11.4.1150"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Celil \u00dcn\u00fcver of SignalSEC Ltd."}], "datePublic": "2014-04-15T06:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "TCPUploader module listens on Port 10651/TCP for incoming connections. \nExploitation of this vulnerability could allow a remote unauthenticated \nuser access to release OS version information. While this is a minor \nvulnerability, it represents a method for further network \nreconnaissance."}], "value": "TCPUploader module listens on Port 10651/TCP for incoming connections. \nExploitation of this vulnerability could allow a remote unauthenticated \nuser access to release OS version information. While this is a minor \nvulnerability, it represents a method for further network \nreconnaissance."}], "metrics": [{"cvssV2_0": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-09-24T21:24:10.830Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-105-01"}, {"url": "http://www.progea.com/it-it/downloads/software.aspx"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Progea has updated and fixed the vulnerability in Movicon Version \n11.4.1150. This is available as a download from the Progea Technical \nSupport site: <a target=\"_blank\" rel=\"nofollow\" href=\"http://www.progea.com/it-it/downloads/software.aspx\">http://www.progea.com/it-it/downloads/software.aspx</a> .</p>\n<p>Users will be required to register on the Progea web site to download this new version.</p>\n\n<br>"}], "value": "Progea has updated and fixed the vulnerability in Movicon Version \n11.4.1150. This is available as a download from the Progea Technical \nSupport site:\u00a0 http://www.progea.com/it-it/downloads/software.aspx \u00a0.\n\n\nUsers will be required to register on the Progea web site to download this new version."}], "source": {"advisory": "ICSA-14-105-01", "discovery": "EXTERNAL"}, "title": "Progea Movicon SCADA Exposure of Sensitive Information to an Unauthorized Actor", "x_generator": {"engine": "Vulnogram 0.2.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2014-0778", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The TCPUploader module in Progea Movicon 11.4 before 11.4.1150 allows remote attackers to obtain potentially sensitive version information via network traffic to TCP port 10651."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-105-01", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-105-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:27:19.423Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-105-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2014-0778", "datePublished": "2014-04-19T19:00:00", "dateReserved": "2014-01-02T00:00:00", "dateUpdated": "2025-09-24T21:24:10.830Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:progea:movicon:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "CF66CD14-C48F-4828-940E-81D067D9C11F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "TCPUploader module listens on Port 10651/TCP for incoming connections. \nExploitation of this vulnerability could allow a remote unauthenticated \nuser access to release OS version information. While this is a minor \nvulnerability, it represents a method for further network \nreconnaissance."}, {"lang": "es", "value": "El m\u00f3dulo TCPUploader en Progea Movicon 11.4 anterior a 11.4.1150 permite a atacantes remotos obtener informaci\u00f3n de versi\u00f3n potencialmente sensible a trav\u00e9s de trafico de red hacia puerto TCP 10651."}], "id": "CVE-2014-0778", "lastModified": "2025-09-24T22:15:34.967", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "ics-cert@hq.dhs.gov", "type": "Secondary", "userInteractionRequired": false}, {"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-04-19T19:55:07.200", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "http://www.progea.com/it-it/downloads/software.aspx"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-105-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-105-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Secondary"}]}