Sign-up

ID

VAR-201503-0332


CVE

CVE-2014-9205


TITLE

MICROSYS PROMOTIC Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: 9a45265c-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-01544

DESCRIPTION

Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data. Authentication is not required to exploit this vulnerability.The program blindly copies attacker-supplied data into a fixed-sized buffer without validating the length of this data resulting in a stack buffer overflow. The specific flaw exists within the PmBase64Decode function which ignores the passed-in length of the destination buffer. An attacker can exploit this condition to achieve code execution under the context of the process. MICROSYS PROMOTIC is a SCADA software. Failed exploit attempts will result in a denial-of-service condition

Trust: 3.24

sources: NVD: CVE-2014-9205 // JVNDB: JVNDB-2014-007997 // ZDI: ZDI-15-091 // CNVD: CNVD-2015-01544 // BID: 72874 // IVD: 9a45265c-2351-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 9a45265c-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-01544

AFFECTED PRODUCTS

vendor:microsysmodel:promoticscope:lteversion:8.2.18

Trust: 1.0

vendor:microsysmodel:promoticscope:lteversion:8.3.1

Trust: 1.0

vendor:microsysmodel:promoticscope:ltversion:8.2.19 (stable)

Trust: 0.8

vendor:microsysmodel:promoticscope:ltversion:8.3.2 (development)

Trust: 0.8

vendor:microsysmodel:promoticscope: - version: -

Trust: 0.7

vendor:microsysmodel:spol. s r.o. promoticscope: - version: -

Trust: 0.6

vendor:microsysmodel:promoticscope:eqversion:8.2.18

Trust: 0.6

vendor:microsysmodel:promoticscope:eqversion:8.3.1

Trust: 0.6

vendor:promoticmodel: - scope:eqversion:*

Trust: 0.4

vendor:microsysmodel:promoticscope:eqversion:0

Trust: 0.3

vendor:microsysmodel:promoticscope:neversion:8.3.2

Trust: 0.3

vendor:microsysmodel:promoticscope:neversion:8.2.19

Trust: 0.3

sources: IVD: 9a45265c-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-15-091 // CNVD: CNVD-2015-01544 // BID: 72874 // JVNDB: JVNDB-2014-007997 // CNNVD: CNNVD-201503-211 // NVD: CVE-2014-9205

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-9205
value: HIGH

Trust: 1.0

NVD: CVE-2014-9205
value: HIGH

Trust: 0.8

ZDI: CVE-2014-9205
value: HIGH

Trust: 0.7

CNVD: CNVD-2015-01544
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201503-211
value: HIGH

Trust: 0.6

IVD: 9a45265c-2351-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2014-9205
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 2.5

CNVD: CNVD-2015-01544
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 9a45265c-2351-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 9a45265c-2351-11e6-abef-000c29c66e3d // ZDI: ZDI-15-091 // CNVD: CNVD-2015-01544 // JVNDB: JVNDB-2014-007997 // CNNVD: CNNVD-201503-211 // NVD: CVE-2014-9205

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2014-007997 // NVD: CVE-2014-9205

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201503-211

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 9a45265c-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201503-211

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-007997

PATCH
title:PROMOTIC 8 system newsurl:http://www.promotic.eu/en/pmdoc/News.htm
Trust: 0.8
title:MICROSYS has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-15-062-01
Trust: 0.7
title:Patch for MICROSYS PROMOTIC Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/56082
Trust: 0.6
sources:
            
            
            ZDI: ZDI-15-091 // 
            
            
            
            CNVD: CNVD-2015-01544 // 
            
            
            
            JVNDB: JVNDB-2014-007997

EXTERNAL IDS
db:NVDid:CVE-2014-9205
Trust: 4.2
db:ZDIid:ZDI-15-091
Trust: 3.1
db:ICS CERTid:ICSA-15-062-01
Trust: 2.7
db:BIDid:72874
Trust: 1.5
db:CNVDid:CNVD-2015-01544
Trust: 0.8
db:CNNVDid:CNNVD-201503-211
Trust: 0.8
db:JVNDBid:JVNDB-2014-007997
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-2543
Trust: 0.7
db:IVDid:9A45265C-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: 9a45265c-2351-11e6-abef-000c29c66e3d // 
            
            
            
            ZDI: ZDI-15-091 // 
            
            
            
            CNVD: CNVD-2015-01544 // 
            
            
            
            BID: 72874 // 
            
            
            
            JVNDB: JVNDB-2014-007997 // 
            
            
            
            CNNVD: CNNVD-201503-211 // 
            
            
            
            NVD: CVE-2014-9205

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-15-062-01
Trust: 3.4
url:http://www.zerodayinitiative.com/advisories/zdi-15-091/
Trust: 2.4
url:http://www.promotic.eu/en/pmdoc/news.htm
Trust: 1.6
url:http://www.securityfocus.com/bid/72874
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9205
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9205
Trust: 0.8
url:http://www.promotic.eu/en/index.htm
Trust: 0.3
sources:
            
            
            ZDI: ZDI-15-091 // 
            
            
            
            CNVD: CNVD-2015-01544 // 
            
            
            
            BID: 72874 // 
            
            
            
            JVNDB: JVNDB-2014-007997 // 
            
            
            
            CNNVD: CNNVD-201503-211 // 
            
            
            
            NVD: CVE-2014-9205

CREDITS
Anonymous
Trust: 0.7
sources:
            
            
            ZDI: ZDI-15-091

SOURCES
db:IVDid:9a45265c-2351-11e6-abef-000c29c66e3d
db:ZDIid:ZDI-15-091
db:CNVDid:CNVD-2015-01544
db:BIDid:72874
db:JVNDBid:JVNDB-2014-007997
db:CNNVDid:CNNVD-201503-211
db:NVDid:CVE-2014-9205

LAST UPDATE DATE
2025-04-13T23:22:29.226000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-15-091date:2015-03-12T00:00:00
db:CNVDid:CNVD-2015-01544date:2015-03-11T00:00:00
db:BIDid:72874date:2015-03-03T00:00:00
db:JVNDBid:JVNDB-2014-007997date:2015-03-31T00:00:00
db:CNNVDid:CNNVD-201503-211date:2015-03-30T00:00:00
db:NVDid:CVE-2014-9205date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:9a45265c-2351-11e6-abef-000c29c66e3ddate:2015-03-11T00:00:00
db:ZDIid:ZDI-15-091date:2015-03-12T00:00:00
db:CNVDid:CNVD-2015-01544date:2015-03-11T00:00:00
db:BIDid:72874date:2015-03-03T00:00:00
db:JVNDBid:JVNDB-2014-007997date:2015-03-31T00:00:00
db:CNNVDid:CNNVD-201503-211date:2015-03-10T00:00:00
db:NVDid:CVE-2014-9205date:2015-03-29T10:59:02.727