Microsys PROMOTIC Project File Handling Use-after-free Remote Code Execution

high Nessus Plugin ID 58797

Synopsis

The remote host has a SCADA application that is affected by a remote code execution vulnerability.

Description

The installed version of Microsys PROMOTIC on the remote host is earlier than 8.1.7. As such, it has a use-after-free vulnerability that can be triggered by a specially crafted .pra project file.

By tricking a victim into opening a specially crafted .pra file, a remote attacker can execute arbitrary code subject to the user's privileges.

Solution

Upgrade to Microsys PROMOTIC 8.1.7 or later.

See Also

http://aluigi.altervista.org/adv/promotic_3-adv.txt

https://www.promotic.eu/en/pmdoc/News.htm#ver801057

Plugin Details

Severity: High

ID: 58797

File Name: scada_promotic_use_after_free.nbin

Version: 1.69

Type: local

Family: SCADA

Published: 4/19/2012

Updated: 5/20/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:microsys:promotic

Required KB Items: SCADA/Apps/Microsys/Promotic/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/2/2012

Vulnerability Publication Date: 11/28/2011

Reference Information

CVE: CVE-2011-4874

BID: 52988

ICSA: 12-102-03