CVE-2020-37143
Unknown Unknown - Not Provided

Denial of Service in ProficySCADA iOS via Password Field Overflow

Vulnerability report for CVE-2020-37143, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-05

Last updated on: 2026-02-05

Assigner: VulnCheck

Description

ProficySCADA for iOS 5.0.25920 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the password input field. Attackers can overwrite the password field with 257 bytes of repeated characters to trigger an application crash and prevent successful authentication.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-05
Last Modified
2026-02-05
Generated
2026-07-06
AI Q&A
2026-02-05
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
gefanuc proficyscada 5.0.25920

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

I don't know

Executive Summary

CVE-2020-37143 is a denial of service vulnerability in ProficySCADA for iOS version 5.0.25920 and earlier. It occurs because the application does not properly limit or throttle the input length in the password field.

An attacker can exploit this by entering 257 bytes of repeated characters into the password field, which causes the application to crash and prevents successful authentication.

Impact Analysis

This vulnerability can impact users by causing the ProficySCADA application to crash when a specially crafted password input is entered.

As a result, legitimate users may be unable to authenticate and use the application, leading to a denial of service condition.

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition on the ProficySCADA for iOS application. Specifically, an attacker or tester can input 257 bytes of repeated characters into the password field during login to see if the application crashes.'}, {'type': 'paragraph', 'content': "A practical detection method involves using a script to generate a buffer of 257 repeated characters (such as 'A'), copying this buffer to the clipboard, and then pasting it into the password field of the app. If the app crashes or fails to authenticate, the vulnerability is present."}, {'type': 'paragraph', 'content': 'For example, a Python script can be used to generate the payload:'}, {'type': 'list_item', 'content': 'python -c "print(\'A\'*257)"'}, {'type': 'paragraph', 'content': 'Then copy the output to the clipboard and paste it into the password field of ProficySCADA on an iOS device during login.'}] [2]

Mitigation Strategies

Immediate mitigation steps include restricting local access to the ProficySCADA iOS application to trusted users only, as the attack requires local user interaction.

Additionally, avoid pasting or entering unusually long passwords (such as 257 repeated characters) into the password field to prevent triggering the denial of service.

Monitoring and controlling physical or remote access to devices running the vulnerable version of ProficySCADA can reduce the risk of exploitation.

Finally, check for updates or patches from the vendor and apply them once available to fix the vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37143. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart