Microsys Promotic Multiple Vulnerabilities (Windows) Network Vulnerability

Summary

This host is installed with Microsys Promotic and is prone to multiple vulnerabilities.

Impact

Successful exploitation allows attackers to cause stack or heap based buffer overflow or disclose sensitive information or execute arbitrary code within the context of the affected application. Impact Level: System/Application

Solution

Upgrade to Promotic version 8.1.5 or later, For updates refer to http://www.promotic.eu/en/index.htm

Insight

Multiple flaws due to, - Error in PmWebDir object in the web server. - Error in 'vCfg' and 'sID' parameters in 'SaveCfg()'and 'AddTrend()' methods within the PmTrendViewer ActiveX control.

Affected

Promotic versions prior to 8.1.5 on Windows

References

http://aluigi.altervista.org/adv/promotic_1-adv.txt
http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02
http://osvdb.org/76395
http://osvdb.org/76396
http://osvdb.org/76397
http://secunia.com/advisories/46430
http://www.promotic.eu/en/pmdoc/News.htm#ver80105

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-4518, CVE-2011-4519, CVE-2011-4520
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
IBM WebSphere Application Server JSF Application Information Disclosure Vulnerability
Apache mod_include priviledge escalation
JBoss Enterprise Application Platform Multiple Vulnerabilities
BadBlue invalid null byte vulnerability

Take action and discover your vulnerabilities