What is the CVSS score of CVE-2020-37143?

CVE-2020-37143 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.1%.

Which versions of SCADA are affected by CVE-2020-37143?

ProficySCADA iOS users are vulnerable to a denial-of-service attack that can crash the application through malicious password input, disrupting operational visibility and control of industrial…

Is there a public PoC exploit available for CVE-2020-37143?

Yes, a public proof-of-concept exploit is available for CVE-2020-37143. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2020-37143?

Within 24 hours: Inventory all ProficySCADA iOS deployments and restrict network access to trusted sources only. Within 7 days: Implement network segmentation to limit which systems can communicate with the application; evaluate switching to alternative HMI interfaces where available. Within 30 days: Contact Proficy for patch availability timeline and develop a migration plan if patch remains unavailable.

SCADA CVE-2020-37143

HIGH

Allocation of Resources Without Limits or Throttling (CWE-770)

2026-02-05 disclosure@vulncheck.com

SCADA Denial Of Service

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Feb 05, 2026 - 20:47 vuln.today

Public exploit code

CVE Published

Feb 05, 2026 - 17:16 nvd

HIGH 7.5

DescriptionCVE.org

ProficySCADA for iOS 5.0.25920 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the password input field. Attackers can overwrite the password field with 257 bytes of repeated characters to trigger an application crash and prevent successful authentication.

AnalysisAI

ProficySCADA for iOS 5.0.25920 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the password input field. [CVSS 7.5 HIGH]

Technical ContextAI

This vulnerability (CWE-770: Allocation of Resources Without Limits or Throttling) ProficySCADA for iOS 5.0.25920 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the password input field. Attackers can overwrite the password field with 257 bytes of repeated characters to trigger an application crash and prevent successful authentication.

Affected ProductsAI

ProficySCADA for iOS 5.0.25920 contains a denial of service vulnerability that

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2020-37143 vulnerability details – vuln.today

Back

SCADA CVE-2020-37143

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code