OTPulse
FeedAboutContact

PACTware Exceptional Conditions Vulnerability

Low RiskICS-CERT ICSA-15-176-02Mar 28, 2015
Summary

PACTware 4.1_Service_Pack_3 contains an exceptional condition vulnerability (CWE-703) that may cause the application to enter an unexpected state or crash when processing certain inputs or conditions. The vulnerability affects device configuration and engineering workflows managed through PACTware.

What this means
What could happen
PACTware may enter an unexpected state or crash when processing exceptional conditions, potentially disrupting engineering workflows or causing loss of unsaved configuration data on devices managed through the application.
Who's at risk
Engineering teams and OT operators who use PACTware for device configuration and management in industrial automation environments, including users managing field devices via PACTware on engineering workstations.
How it could be exploited
An attacker with network access to PACTware could send specially crafted inputs or trigger exceptional conditions that cause the application to fail or behave unexpectedly. This could be done locally on an engineering workstation or remotely if PACTware is exposed to the network.
Prerequisites
  • Access to a system running PACTware 4.1_Service_Pack_3
  • Ability to send network traffic to PACTware or interact with the application interface
no patch availableimpacts engineering tools
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (1)
ProductAffected VersionsFix Status
PACTware: 4.1_Service_Pack_3.4.1 Service Pack 3.No fix (EOL)
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDMonitor PACTware for unexpected crashes or behavior changes and maintain current backups of device configurations
Mitigations - no patch available
0/2
PACTware: 4.1_Service_Pack_3. has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement network segmentation to restrict access to engineering workstations running PACTware to authorized personnel only
HARDENINGRestrict local and remote access to PACTware applications to trusted engineering networks and users
View full CISA ICS-CERT advisory
โ†‘โ†“ Navigate ยท Esc Close
API: /api/v1/advisories/a68ff1da-473a-405d-9c55-c951cb89ba00