CVE-2020-37143
Unknown Unknown - Not Provided
Denial of Service in ProficySCADA iOS via Password Field Overflow

Publication date: 2026-02-05

Last updated on: 2026-02-05

Assigner: VulnCheck

Description
ProficySCADA for iOS 5.0.25920 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the password input field. Attackers can overwrite the password field with 257 bytes of repeated characters to trigger an application crash and prevent successful authentication.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-05
Last Modified
2026-02-05
Generated
2026-06-16
AI Q&A
2026-02-05
EPSS Evaluated
2026-06-14
NVD
CVE-2020-37143
EUVD
EUVD-2020-31037
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gefanuc proficyscada 5.0.25920
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition on the ProficySCADA for iOS application. Specifically, an attacker or tester can input 257 bytes of repeated characters into the password field during login to see if the application crashes.'}, {'type': 'paragraph', 'content': "A practical detection method involves using a script to generate a buffer of 257 repeated characters (such as 'A'), copying this buffer to the clipboard, and then pasting it into the password field of the app. If the app crashes or fails to authenticate, the vulnerability is present."}, {'type': 'paragraph', 'content': 'For example, a Python script can be used to generate the payload:'}, {'type': 'list_item', 'content': 'python -c "print(\'A\'*257)"'}, {'type': 'paragraph', 'content': 'Then copy the output to the clipboard and paste it into the password field of ProficySCADA on an iOS device during login.'}] [2]

Mitigation Strategies

Immediate mitigation steps include restricting local access to the ProficySCADA iOS application to trusted users only, as the attack requires local user interaction.

Additionally, avoid pasting or entering unusually long passwords (such as 257 repeated characters) into the password field to prevent triggering the denial of service.

Monitoring and controlling physical or remote access to devices running the vulnerable version of ProficySCADA can reduce the risk of exploitation.

Finally, check for updates or patches from the vendor and apply them once available to fix the vulnerability.

Compliance Impact

I don't know

Executive Summary

CVE-2020-37143 is a denial of service vulnerability in ProficySCADA for iOS version 5.0.25920 and earlier. It occurs because the application does not properly limit or throttle the input length in the password field.

An attacker can exploit this by entering 257 bytes of repeated characters into the password field, which causes the application to crash and prevents successful authentication.

Impact Analysis

This vulnerability can impact users by causing the ProficySCADA application to crash when a specially crafted password input is entered.

As a result, legitimate users may be unable to authenticate and use the application, leading to a denial of service condition.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37143. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart