The PACTware Consortium created a new service pack that mitigates the exceptional conditions vulnerability in its PACTware application, according to a report on ICS-CERT.

Ivan Sanchez from Nullcode Team, who discovered the vulnerability, tested the new version to validate it resolves the vulnerability. PACTware Version 4.1, Service Pack 3 suffers from the issue.

Wind River Patches TCP Predictability Hole
Wonderware Patches Vulnerability
GarrettCom Plugs Magnum Holes
Hospira Plum A+, Symbiq Vulnerabilities

Successful exploitation of this vulnerability could crash the application.

Germany-based PACTware Consortium is a union of international companies that develop a common software for operating field instruments.

Schneider Bold

The affected product, PACTware, is a fieldbus-independent software for operating field instruments. According to PACTware Consortium, PACTware sees action across most sectors around the world.

Uploading a specially crafted file could result in an internal error the applications does not handle correctly, which may cause a crash.

CVE-2015-0989 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 1.2.

This vulnerability is not exploitable remotely and cannot end up exploited without user interaction. No known public exploits specifically target this vulnerability.

Crafting a working exploit for this vulnerability would be difficult. Social engineering is mandatory to convince the user to accept the malformed file. Additional user interaction would end up needed to load the malformed file. This decreases the likelihood of a successful exploit.

PACTware Consortium has released a new service pack of the PACTware application that resolves the vulnerability. PACTware Consortium recommends upgrading to PACTware Version 4.1, Service Pack 4.

Contact PACTware Consortium for Service Pack 4.

Click here for PACTware Consortium’s main download page.

Pin It on Pinterest

Share This