OTPulse
FeedAboutContact

Scadatec Limited Procyon Telnet Buffer Overflow

Act NowICS-CERT ICSA-11-216-01May 7, 2011
Summary

Stack-based buffer overflow vulnerability in the Telnet service of Scadatec Limited Procyon HMI versions earlier than 1.14. The vulnerability allows remote unauthenticated attackers to send a specially crafted Telnet command that overflows a buffer, potentially causing denial of service or arbitrary code execution on the HMI system.

What this means
What could happen
An attacker with network access to the Procyon HMI could overflow a buffer in the Telnet service to crash the application or execute arbitrary commands on the system. This could disrupt HMI operations and potentially compromise control of monitored industrial processes.
Who's at risk
Energy and manufacturing operators who use Scadatec Procyon HMI systems for monitoring and control of industrial processes. This includes power plants, substations, water treatment facilities, and manufacturing plants that rely on the HMI for operator interface and process visibility.
How it could be exploited
An attacker sends a specially crafted Telnet command to the Procyon HMI that exceeds the expected buffer size, overflowing memory and potentially allowing code execution. The attacker needs only network access to the Telnet port (typically 23) and no authentication credentials.
Prerequisites
  • Network access to Procyon HMI Telnet service (port 23)
  • No authentication required
  • Procyon HMI version earlier than 1.14
remotely exploitableno authentication requiredlow complexityhigh EPSS score (74.5%)no patch availablebuffer overflow vulnerability
Exploitability
High exploit probability (EPSS 74.5%)
Affected products (1)
ProductAffected VersionsFix Status
Scadatec Limited Procyon HMI: <1.14<1.14No fix (EOL)
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDRestrict network access to the Procyon HMI Telnet service using firewall rules; disable Telnet if not required for operations
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Scadatec Procyon HMI to version 1.14 or later if available from vendor
Mitigations - no patch available
0/1
Scadatec Limited Procyon HMI: <1.14 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement network segmentation to isolate the HMI from untrusted networks and limit access to authorized engineering workstations only
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/7b2f4a62-744f-4205-8a6d-e5fa6854e8bf