CVE-2020-37143
Denial of Service in ProficySCADA iOS via Password Field Overflow
Publication date: 2026-02-05
Last updated on: 2026-02-05
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gefanuc | proficyscada | 5.0.25920 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
CVE-2020-37143 is a denial of service vulnerability in ProficySCADA for iOS version 5.0.25920 and earlier. It occurs because the application does not properly limit or throttle the input length in the password field.
An attacker can exploit this by entering 257 bytes of repeated characters into the password field, which causes the application to crash and prevents successful authentication.
How can this vulnerability impact me? :
This vulnerability can impact users by causing the ProficySCADA application to crash when a specially crafted password input is entered.
As a result, legitimate users may be unable to authenticate and use the application, leading to a denial of service condition.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition on the ProficySCADA for iOS application. Specifically, an attacker or tester can input 257 bytes of repeated characters into the password field during login to see if the application crashes.'}, {'type': 'paragraph', 'content': "A practical detection method involves using a script to generate a buffer of 257 repeated characters (such as 'A'), copying this buffer to the clipboard, and then pasting it into the password field of the app. If the app crashes or fails to authenticate, the vulnerability is present."}, {'type': 'paragraph', 'content': 'For example, a Python script can be used to generate the payload:'}, {'type': 'list_item', 'content': 'python -c "print(\'A\'*257)"'}, {'type': 'paragraph', 'content': 'Then copy the output to the clipboard and paste it into the password field of ProficySCADA on an iOS device during login.'}] [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting local access to the ProficySCADA iOS application to trusted users only, as the attack requires local user interaction.
Additionally, avoid pasting or entering unusually long passwords (such as 257 repeated characters) into the password field to prevent triggering the denial of service.
Monitoring and controlling physical or remote access to devices running the vulnerable version of ProficySCADA can reduce the risk of exploitation.
Finally, check for updates or patches from the vendor and apply them once available to fix the vulnerability.