CVE-2019-25349

HIGH

ScadaApp for iOS 1.1.4.0 - Denial of Service via Servername Field Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25349. PoCs published by Luis Martínez.

AI-analyzed exploit summary This PoC exploits a local Denial of Service (DoS) vulnerability in scadaApp for iOS 1.1.4.0 by sending a 257-byte buffer of 'A' characters to the 'Servername' field, causing the application to crash. The exploit requires manual steps to trigger the crash, including pasting the buffer into the app's login form.

Description

ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-character buffer during login to trigger an application crash on iOS devices.

Exploits (1)

exploitdb WORKING POC
by Luis Martínez · pythondosios
https://www.exploit-db.com/exploits/47678

This PoC exploits a local Denial of Service (DoS) vulnerability in scadaApp for iOS 1.1.4.0 by sending a 257-byte buffer of 'A' characters to the 'Servername' field, causing the application to crash. The exploit requires manual steps to trigger the crash, including pasting the buffer into the app's login form.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: scadaApp for iOS 1.1.4.0
Auth required
Prerequisites: Python to generate the payload · Access to the scadaApp login interface · Clipboard access to paste the payload
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/47678

Scores

CVSS v3 7.5
EPSS 0.0024
EPSS Percentile 14.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-120
Status published
Published Feb 18, 2026
Tracked Since Feb 19, 2026