What is CVE-2011-3322?

CVE-2011-3322 is a vulnerability in Scadatec Procyon_scada, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2011-09-15.

Is CVE-2011-3322 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Scadatec Procyon_scada

CVE-2011-3322

Core Server HMI Service (Coreservice.exe) in Scadatec Limited Procyon SCADA 1.06, and other versions before 1.14, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password to the T…

Vulnerability class: Buffer Overflow

EPSS: 0.716 (98.8th percentile) — read the EPSS interpretation.

Affected products

Scadatec Procyon_scada — versions 1.06, 1.13
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

rapid7/metasploit-framework

References

17827 (Exploit, exploit, x_refsource_EXPLOIT-DB)
procyon-telnet-bo(69632) (vdb-entry, x_refsource_XF)
cret@cert.org (x_refsource_MISC)
45866 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
cret@cert.org (US Government Resource, x_refsource_MISC)
8374 (x_refsource_SREASON, third-party-advisory)
75371 (x_refsource_OSVDB, vdb-entry)
49480 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2011-3322?: CVE-2011-3322 is a vulnerability in Scadatec Procyon_scada, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2011-09-15.
Is CVE-2011-3322 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.