November 29, 2011

Security research Luigi Auriemma has publically disclosed a use-after-free vulnerability in the MICROSYS PROMOTIC SCADA application.

The vulnerability is exploitable when the program loads a specially crafted project file, and could allow arbitrary execute of code.

At this time, limited information is available regarding this vulnerability. 

ICS-ALERT-11-333-01

PROMOTIC Product Info (English)
PROMOTIC Trial Software Download

Luigi Auriemma PoC

Not available at this time.

Disclosure (Luigi Auriemma)
Open-Source Vulnerability Database #77385
Secunia Vulnerability Report and Statistics on PROMOTIC 8.x

Hike in Public Release of SCADA Holes (ISSSource)