MICROSYS Fixes Memory Corruption Hole

Tuesday, January 26, 2016 @ 05:01 PM gHale

MICROSYS created a new version to mitigate the memory corruption vulnerability in its PROMOTIC application, according to a report on ICS-CERT.

Researcher Praveen Darshanam of Versa Networks, who discovered the issue, tested the new version to validate it resolves the vulnerability.

Hospira Buffer Overflow Vulnerability
Hole in CAREL’s Unsupported Line
Advantech Fixes Authentication Hole
Siemens Clears Web Server XSS Hole

PROMOTIC versions prior to version 8.3.11 suffer from the issue.

Exploitation of this vulnerability requires user interaction. An attacker who successfully exploits this vulnerability may be able to crash the browser and possibly execute arbitrary code.

MICROSYS is a Czech-based company with headquarters in Ostrava.

The affected product, PROMOTIC, is a Microsoft Windows-based supervisory control and data acquisition (SCADA) human-machine interface (HMI) software programming suite for creating applications that monitor, control, and display technological processes. This suite also includes support for a web interface.

PROMOTIC sees action across several sectors including critical manufacturing, energy, and water and wastewater systems. The PROMOTIC system primarily sees use in the Czech and Slovak Republics along with Poland, Hungary, Slovenia, Serbia, Bulgaria, and Romania.

This vulnerability can end up exploited when a valid user runs malicious HTML code. This may happen if the attacker tricks via a phishing attack or another social engineering method into visiting a malicious web site hosting this code.

CVE-2016-0869 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.0.

This vulnerability is not exploitable remotely and cannot suffer exploitation without user interaction. The exploit only triggers when a local user runs the vulnerable application and loads the malformed HTML file.

No known public exploits specifically target this vulnerability. Crafting a working exploit for this vulnerability would be simple. Social engineering would be mandatory to convince the user to accept the malformed HTML file. This decreases the likelihood of a successful exploit.

MICROSYS recommends users with affected versions of PROMOTIC update their installations by downloading the latest version and installation instructions.

Click here for MICROSYS’ news release that contains additional information about new features and bug fixes for available stable and developmental PROMOTIC software versions.