Progea Movicon contains a vulnerability that could allow an unauthenticated, remote attacker to gain unauthorized access to the system, allowing the attacker to view sensitive information, modify files, or cause a denial of service (DoS) condition.
The vulnerability exists because the server component of the affected software fails to properly restrict access to exposed interfaces. An unauthenticated, remote attacker could exploit this vulnerability by sending malicious requests to the affected server. If successful, the attacker could bypass security restrictions and gain unauthorized access to the affected system.
Proof-of-concept code that demonstrates an exploit of this vulnerability is publicly available.
Progea has confirmed this vulnerability and released updated software.