ID

VAR-190001-0833


TITLE

PROMOTIC ActiveX Control 'GetPromoticSite' Method Remote Code Execution Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2011-4612 // BID: 50430

DESCRIPTION

PROMOTIC is a SCADA software. The PmTable.ocx ActiveX (19BA6EE6-4BB4-11D1-8085-0020AFC8C4AF) control incorrectly handles the GetPromoticSite method, and a remote attacker can exploit the vulnerability to execute arbitrary code through an uninitialized pointer vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. PROMOTIC 8.1.4 is vulnerable; other versions may also be affected

Trust: 0.99

sources: CNVD: CNVD-2011-4612 // BID: 50430 // IVD: 95563236-1f81-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 95563236-1f81-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-4612

AFFECTED PRODUCTS

vendor:promoticmodel:promoticscope:eqversion:8.1.4

Trust: 0.9

vendor:promoticmodel: - scope:eqversion:*

Trust: 0.2

vendor:promoticmodel: - scope:eqversion:8.1.4

Trust: 0.2

sources: IVD: 95563236-1f81-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-4612 // BID: 50430

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD: 95563236-1f81-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

IVD: 95563236-1f81-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

sources: IVD: 95563236-1f81-11e6-abef-000c29c66e3d

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201110-718

TYPE

Unknown

Trust: 0.3

sources: BID: 50430

EXTERNAL IDS

db:BIDid:50430

Trust: 1.5

db:CNVDid:CNVD-2011-4612

Trust: 0.8

db:CNNVDid:CNNVD-201110-718

Trust: 0.6

db:IVDid:95563236-1F81-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: 95563236-1f81-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-4612 // BID: 50430 // CNNVD: CNNVD-201110-718

REFERENCES

url:http://aluigi.altervista.org/adv/promotic_2-adv.txt

Trust: 0.9

url:http://www.securityfocus.com/bid/50430

Trust: 0.6

url:http://www.promotic.eu/en/promotic/scada-pm.htm

Trust: 0.3

sources: CNVD: CNVD-2011-4612 // BID: 50430 // CNNVD: CNNVD-201110-718

CREDITS

Luigi Auriemma

Trust: 0.9

sources: BID: 50430 // CNNVD: CNNVD-201110-718

SOURCES

db:IVDid:95563236-1f81-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2011-4612
db:BIDid:50430
db:CNNVDid:CNNVD-201110-718

LAST UPDATE DATE

2022-05-17T01:55:33.339000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2011-4612date:2011-11-01T00:00:00
db:BIDid:50430date:2011-10-31T00:00:00
db:CNNVDid:CNNVD-201110-718date:2011-11-02T00:00:00

SOURCES RELEASE DATE

db:IVDid:95563236-1f81-11e6-abef-000c29c66e3ddate:2011-11-01T00:00:00
db:CNVDid:CNVD-2011-4612date:2011-11-01T00:00:00
db:BIDid:50430date:2011-10-31T00:00:00
db:CNNVDid:CNNVD-201110-718date:1900-01-01T00:00:00