Computer Security
[EN] securityvulns.ru no-pyccku


GE Intelligent Platforms Proficy Historian code execution
Published:13.08.2012
Source:
SecurityVulns ID:12504
Type:client
Threat Level:
6/10
Description:Multiple Data Archiver (TCP/14000) service memory corruptions.
Affected:GE : Proficy Historian 4.5
CVE:CVE-2012-0232 (Directory traversal vulnerability in rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6, 3.0, 3.0 SP1, and 3.5 allows remote attackers to modify the configuration via crafted strings.)
 CVE-2012-0229 (The Data Archiver service in GE Intelligent Platforms Proficy Historian 4.5 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted session on TCP port 14000 to (1) ihDataArchiver.exe or (2) ihDataArchiver_x64.exe.)
Original documentdocumentZDI, ZDI-12-133 : GE Proficy Historian ihDataArchiver.exe Multiple Opcode Parsing Remote Code Execution Vulnerabilities (13.08.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod