CVE-2011-4518

MICROSYS PROMOTIC < 8.1.5 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4518.

AI-analyzed exploit summary The document describes a remote code execution vulnerability in Microsys PROMOTIC SCADA software (version 8.1.4) due to an uninitialized pointer in the GetPromoticSite method of the PmTable.ocx ActiveX control. The vulnerability requires user interaction for exploitation, and no fix is available.

Description

Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors.

Exploits (1)

exploitdb WRITEUP
doswindows
https://www.exploit-db.com/exploits/18049

The document describes a remote code execution vulnerability in Microsys PROMOTIC SCADA software (version 8.1.4) due to an uninitialized pointer in the GetPromoticSite method of the PmTable.ocx ActiveX control. The vulnerability requires user interaction for exploitation, and no fix is available.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Microsys PROMOTIC 8.1.4
No auth needed
Prerequisites: User interaction to execute ActiveX control
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2
Core References
Various Sources x_refsource_confirm
http://www.promotic.eu/en/pmdoc/News.htm#ver80105
US Government Resource x_refsource_misc
http://ics-cert.us-cert.gov/advisories/ICSA-12-024-02

Scores

EPSS 0.2638
EPSS Percentile 97.7%

Details

CWE
CWE-22
Status published
Products (19)
microsys/promotic 8.0.0
microsys/promotic 8.0.1
microsys/promotic 8.0.2
microsys/promotic 8.0.3
microsys/promotic 8.0.4
microsys/promotic 8.0.5
microsys/promotic 8.0.6
microsys/promotic 8.0.7
microsys/promotic 8.0.8
microsys/promotic 8.0.9
... and 9 more
Published May 23, 2013
Tracked Since Feb 18, 2026