56 matches found
CVE-2016-0869
The CVE-2016-0869 vulnerability affects MICROSYS PROMOTIC prior to version 8.3.11. It is a heap-based buffer overflow in the HTML handling that can be triggered by a user loading a malformed HTML document, leading to a denial of service. Connected advisories (ICS-CERT ICSA-16-026-01) confirm memo...
MICROSYS PROMOTIC Stack Buffer Overflow
OVERVIEW An anonymous researcher working with HP’s Zero Day Initiative has identified a stack-based buffer overflow vulnerability in the MICROSYS, spol. s r.o. PROMOTIC application. MICROSYS, spol. s r.o. has produced a new version that mitigates this vulnerability. This vulnerability could be...
Microsys Promotic PmBase64Decode Buffer Overflow (CVE-2014-9205)
A stack-based buffer overflow vulnerability exists in Microsys's Promotic. The vulnerability is due to an insufficient boundary check on user-supplied data in the PmBase64Decode function. A remote, unauthenticated attacker can exploit this vulnerability by supplying a maliciously crafted base64...
Stack overflow
Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data...
CVE-2014-9205
CVE-2014-9205 affects MICROSYS PROMOTIC: stack-based buffer overflow in the PmBase64Decode function in a demonstration application. Vulnerable in PROMOTIC stable prior to 8.2.19 and development prior to 8.3.2. Attackers can remotely execute arbitrary code by sending large data; ZDI assigns CVSSv2...
CVE-2014-9205
Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data...
MICROSYS PROMOTIC Stack Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of MICROSYS PROMOTIC. Authentication is not required to exploit this vulnerability. The program blindly copies attacker-supplied data into a fixed-sized buffer without validating the length of this da...
MICROSYS PROMOTIC Buffer Overflow Vulnerability
MICROSYS PROMOTIC is a SCADA software. MICROSYS PROMOTIC suffers from a buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code or launch a denial-of-service attack within the context of the application because the program fails to properly bounds check...
Network Time Protocol Vulnerabilities (Supplement Update A)
OVERVIEW --------- Begin Update A Part 1 of 2 -------- This advisory supplement is to accompany the NCCIC/ICS-CERT advisory titled ICSA-14-353-01C Network Time Protocol Vulnerabilities that was published February 5, 2015, on the ICS‑CERT web site. --------- End Update A Part 1 of 2 ----------...
Microsys CyberPatrol 4.0 4.003/4.0 4.005 Insecure Registration Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1977/info CyberPatrol is popular web access restriction software by Microsys. A vulnerability exists in the way CyberPatrol submits registration information from its client software to Microsys' backend...
Microsys PROMOTIC 8.1.4 ActiveX GetPromoticSite Unitialized Pointer
No description provided by source. Luigi Auriemma Application: Microsys PROMOTIC http://www.promotic.eu/en/promotic/scada-pm.htm Versions: 8.1.4 Platforms: Windows Bug: ActiveX GetPromoticSite unitialized pointer Exploitation: remote Date: 30 Oct 2011 Author: Luigi Auriemma e-mail:...
Microsys Promotic < 8.1.5 Multiple Vulnerabilities - Active Check
Microsys Promotic is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2011-4519
Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page...
CVE-2011-4520
Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page...
Heap overflow
Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page...
Stack overflow
Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page...
Directory traversal
Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors...
CVE-2011-4518
CVE-2011-4518 is a directory traversal vulnerability in the PROMOTIC web server’s PmWebDir object, affecting MICROSYS PROMOTIC before 8.1.5. Remote attackers could read arbitrary files via unspecified vectors. Multiple sources (Red Hat, NVD/NVD-linked references, ICS-CERT) corroborate the vulnera...
CVE-2011-4520
PROMOTIC ActiveX heap overflow (CVE-2011-4520) affects MICROSYS PROMOTIC
CVE-2011-4519
CVE-2011-4519 affects MICROSYS PROMOTIC before 8.1.5, where an ActiveX component contains a stack overflow vulnerability. A crafted HTML page can remotely trigger a denial of service on affected clients. Public analysis across multiple feeds confirms the ActiveX stack overflow, with remediation g...