MICROSYS PROMOTIC Vulnerabilities

Low RiskICS-CERT ICSA-12-024-02Oct 27, 2012

Summary

MICROSYS PROMOTIC versions prior to 8.1.5 contain two vulnerabilities: CWE-22 (path traversal) and CWE-119 (buffer overflow). These allow an attacker with network access to exploit these weaknesses to read files, modify system behavior, or execute arbitrary code on the host running PROMOTIC. No patch is currently available from the vendor.

What this means

What could happen

An attacker with network access to PROMOTIC could exploit path traversal or buffer overflow vulnerabilities to read, write, or execute code on systems running the application, potentially disrupting monitoring and control of industrial processes.

Who's at risk

This affects operators running PROMOTIC as a supervisory control and data acquisition (SCADA) or human-machine interface (HMI) platform for industrial monitoring. Water utilities, power facilities, and manufacturing plants using PROMOTIC for process visualization and control should assess their exposure. The vulnerability is particularly concerning if PROMOTIC instances are accessible from networked engineering workstations or remote access points.

How it could be exploited

An attacker on the same network as a PROMOTIC installation could send a crafted request exploiting path traversal (CWE-22) to access files outside the intended directory, or trigger a buffer overflow (CWE-119) by sending oversized input to a vulnerable code path. This could allow reading sensitive files, modifying configuration, or achieving code execution on the machine running PROMOTIC.

Prerequisites

Network access to PROMOTIC application port
PROMOTIC version prior to 8.1.5 deployed

remotely exploitableno patch availablepath traversal capabilitybuffer overflow potentiallow complexity attack

Exploitability

Moderate exploit probability (EPSS 8.5%)

Affected products (1)

ProductAffected VersionsFix Status

PROMOTIC: <8.1.5<8.1.5No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGImplement network segmentation and firewall rules to restrict access to PROMOTIC to only trusted engineering and operations networks

WORKAROUNDDisable PROMOTIC remote access features if not required for operations

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to and from PROMOTIC systems for suspicious connection attempts or oversized requests

HOTFIXUpgrade PROMOTIC to version 8.1.5 or later when a patch becomes available

CVEs (3)

CVE-2011-4518 CVE-2011-4519 CVE-2011-4520

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/be7351f0-26dd-4c48-8aa5-9cc840b4d0fb