ICS-CERT: MICROSYS PROMOTIC Vulnerability POC

Friday, April 13, 2012

Infosec Island Admin

7fef78c47060974e0b8392e305f0daf0

Independent researcher Luigi Auriemma has identified and released proof of concept code (POC) for a use after free vulnerability in the MICROSYS, spol. s r.o. PROMOTIC application without coordination with ICS-CERT, the vendor, or any other known coordinating entity.

ICS-CERT has coordinated this vulnerability with MICROSYS, which has produced an update that Mr. Auriemma confirms resolves this vulnerability.

AFFECTED PRODUCTS

The following products are affected:

• PROMOTIC versions prior to Version 8.1.7

IMPACT

Successful exploitation of this vulnerability may result in adverse conditions ranging from the corruption of valid data to the execution of arbitrary code.

Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation.

BACKGROUND

PROMOTIC is a Microsoft Windows based supervisory control and data acquisition human-machine interface (SCADA HMI) software programming suite for creating applications that monitor, control, and display technological processes.

MICROSYS, spol. s r.o. is a Czech company with headquarters in Ostrava. The PROMOTIC system is primarily used in Czech and Slovak Republics. It is also used in Poland, Hungary, Slovenia, Serbia, Bulgaria, and Romania.

USE AFTER FREE: A use after free condition can occur when opening a specially crafted project file. Exploitation of this vulnerability may allow data corruption or arbitrary code execution. CVE-2011-4874 has been assigned to this vulnerability.

EXPLOITABILITY: This vulnerability is not remotely exploitable and cannot be exploited without user interaction. The exploit is only triggered when a local user runs the vulnerable application and loads the malformed project file.

EXISTENCE OF EXPLOIT: Public exploits are known to target this vulnerability.

DIFFICULTY: Crafting a working exploit for this vulnerability would be difficult. Social engineering is required to convince the user to accept the malformed project file. Additional user interaction is needed to load the malformed file. This decreases the likelihood of a successful exploit.

MITIGATION

MICROSYS spol. s r.o. recommends that customers with affected versions of PROMOTIC update their installations by downloading the latest version from MICROSYS’ website http://www.promotic.eu/en/firm/microsys.htm.

MICROSYS has produced a news release that contains additional information about these vulnerabilities: http://www.promotic.eu/en/pmdoc/News.htm#ver801057.

The full ICS-CERT advisory can be found here:

Source:  http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-03.pdf

Possibly Related Articles:
4292
SCADA
Industrial Control Systems
SCADA Vulnerabilities Exploits Infrastructure Proof of Concept Advisory Industrial Control Systems Luigi Auriemma MICROSYS PROMOTIC
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.