Proficy SCADA for iOS Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in Proficy SCADA for iOS, version 5.0.25920. This vulnerability allows attackers to crash the application by overwriting the password input field with 257 bytes of repeated characters. This manipulation triggers an application crash, disrupting the authentication process.

Impact

Exploitation of this vulnerability leads to a crash of the Proficy SCADA application, causing a denial-of-service condition where the application becomes unresponsive and authentication is disrupted.

Reproduction

To reproduce this vulnerability, first run a Python script that generates a buffer of 257 bytes of repeated characters. Copy this buffer into the clipboard, then open the Proficy SCADA app on an iPhone. When prompted to enter a password, paste the clipboard content into the password field. After adding a username and attempting to connect, the application will crash.