OTPulse
FeedAboutContact

MICROSYS PROMOTIC Memory Corruption Vulnerability

Monitor5ICS-CERT ICSA-16-026-01Oct 29, 2016
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionRequired
Summary

PROMOTIC versions prior to 8.3.11 contain a memory corruption vulnerability (CWE-122) that can be triggered through local user interaction with the application interface. Exploitation requires local access and valid user credentials. The vulnerability can cause application crash or hang, disrupting process monitoring and control activities. No vendor patch is available.

What this means
What could happen
A local user on a PROMOTIC engineering workstation could cause the application to crash or become unresponsive by triggering a memory corruption condition. This could disrupt process monitoring and control activities.
Who's at risk
This affects organizations using PROMOTIC software on engineering workstations for process monitoring and control. IT and control system operators should be aware that local users with access to these workstations could disrupt the application's availability. Industrial automation facilities, water utilities, and manufacturing plants using PROMOTIC for SCADA or supervisory control are the primary concern.
How it could be exploited
An attacker with local access to a PROMOTIC workstation could interact with the application interface in a specific way that triggers improper memory handling, causing the application to crash or hang. The attacker would need to be logged in with user credentials and interact with the UI.
Prerequisites
  • Local access to PROMOTIC engineering workstation
  • Valid user account credentials on the workstation
  • User interaction with the affected application feature
local access requireduser interaction requiredno patch availableapplication availability impact
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
PROMOTIC: <8.3.11<8.3.11No fix (EOL)
Remediation & Mitigation
0/4
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGImplement workstation-level access controls and disable unnecessary local user accounts
Mitigations - no patch available
0/3
PROMOTIC: <8.3.11 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGLimit physical and logical access to PROMOTIC engineering workstations to authorized personnel only
HARDENINGMonitor PROMOTIC process logs for unexpected crashes or hangs
HARDENINGKeep engineering workstations on isolated network segments separate from production systems
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/09e2e061-f55f-4ecb-ad08-0fc6f443340a