MICROSYS has an update that fixes a use after free vulnerability in its PROMOTIC line, according to a report with ICS-CERT.
Independent researcher Luigi Auriemma released the proof of concept code without coordination with ICS-CERT or the vendor.
PROMOTIC versions prior to Version 8.1.7 suffer from the issue. Successful exploitation of this vulnerability may result in adverse conditions ranging from the corruption of valid data to the execution of arbitrary code.
PROMOTIC is a Microsoft Windows based supervisory control and data acquisition/human-machine interface (SCADA/HMI) software programming suite for creating applications that monitor, control, and display technological processes.
MICROSYS is a Czech company with headquarters in Ostrava. The PROMOTIC system primarily sees use in the Czech and Slovak Republics, but also in Poland, Hungary, Slovenia, Serbia, Bulgaria, and Romania.
A use after free condition can occur when opening a specially crafted project file. Exploitation of this vulnerability may allow data corruption or arbitrary code execution. CVE-2011-4874 is the number assigned to this vulnerability.
This vulnerability is not remotely exploitable and cannot suffer exploitation without user interaction. The exploit only triggers when a local user runs the vulnerable application and loads the malformed project file.
There are public exploits targeting this vulnerability.
MICROSYS recommends users with affected versions of PROMOTIC update their installations by downloading the latest version from MICROSYS.