OTPulse
FeedAboutContact

MICROSYS PROMOTIC Stack Buffer Overflow

Low RiskICS-CERT ICSA-15-062-01Dec 4, 2015
Summary

MICROSYS PROMOTIC contains a stack buffer overflow vulnerability (CWE-121) that could allow an attacker to execute arbitrary code or crash the application. Affected versions are stable branch 8.2.19 and earlier, and development branch 8.3.2 and earlier. No patch is currently available from the vendor.

What this means
What could happen
A stack buffer overflow in PROMOTIC could allow an attacker to execute arbitrary code on the affected device or cause it to crash, potentially disrupting monitoring and control of industrial processes.
Who's at risk
Organizations using PROMOTIC for industrial automation, process monitoring, and SCADA-like functions should evaluate this risk. This includes water treatment facilities, power distribution operators, and manufacturing plants that rely on PROMOTIC for real-time control and alarming.
How it could be exploited
An attacker must send specially crafted input to the PROMOTIC application that overwrites the stack buffer. This could occur through network communication, file processing, or local interaction depending on how PROMOTIC is deployed and what input vectors it accepts.
Prerequisites
  • Access to an input vector accepted by PROMOTIC (network port, file upload, or local interface)
  • Knowledge of application memory layout or ability to craft overflow payload
No patch availableStack buffer overflow can lead to code executionAffects control system software
Exploitability
Moderate exploit probability (EPSS 4.6%)
Affected products (2)
2 pending
ProductAffected VersionsFix Status
PROMOTIC: <stable_8.2.19<stable 8.2.19No fix yet
PROMOTIC: <development_8.3.2<development 8.3.2No fix yet
Remediation & Mitigation
0/3
Do now
0/2
HARDENINGIsolate PROMOTIC systems on a dedicated network segment with strict ingress/egress controls to limit exposure to untrusted input sources
WORKAROUNDContact MICROSYS to inquire about security patch availability or end-of-life status for your PROMOTIC version
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor PROMOTIC process for crashes or unexpected terminations that may indicate exploitation attempts
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/dca3e679-6d2d-46e3-be01-aab9886b29dc