Lucene search

IcscertCVE-2012-3010

HistoryNov 01, 2012 - 10:44 a.m.

CVE-2012-3010

2012-11-0110:44:45

CWE-20

icscert

web.nvd.nist.gov

cve-2012-3010

rifsrvd.exe

remote interface service

ge intelligent platforms

proficy real-time information portal

denial of service

memory corruption

service crash

arbitrary code

vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

8.2

Confidence

High

EPSS

0.047

Percentile

92.7%

JSON

rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3021 and CVE-2012-3026.

Affected configurations

Nvd

Node

geintelligent_platforms_proficy_real-time_information_portalMatch2.6

geintelligent_platforms_proficy_real-time_information_portalMatch3.0

geintelligent_platforms_proficy_real-time_information_portalMatch3.0sp1

geintelligent_platforms_proficy_real-time_information_portalMatch3.5

geintelligent_platforms_proficy_real-time_information_portalMatch3.5sp1

VendorProductVersionCPE
geintelligent_platforms_proficy_real-time_information_portal2.6cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:2.6:*:*:*:*:*:*:*
geintelligent_platforms_proficy_real-time_information_portal3.0cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.0:*:*:*:*:*:*:*
geintelligent_platforms_proficy_real-time_information_portal3.0cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.0:sp1:*:*:*:*:*:*
geintelligent_platforms_proficy_real-time_information_portal3.5cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.5:*:*:*:*:*:*:*
geintelligent_platforms_proficy_real-time_information_portal3.5cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.5:sp1:*:*:*:*:*:*

Vendor	Product	Version	CPE
ge	intelligent_platforms_proficy_real-time_information_portal	2.6	cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:2.6:::::::*
ge	intelligent_platforms_proficy_real-time_information_portal	3.0	cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.0:::::::*
ge	intelligent_platforms_proficy_real-time_information_portal	3.0	cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.0:sp1::::::
ge	intelligent_platforms_proficy_real-time_information_portal	3.5	cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.5:::::::*
ge	intelligent_platforms_proficy_real-time_information_portal	3.5	cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.5:sp1::::::

References

support.ge-ip.com/support/index?page=kbchannel&id=S:KB15050

support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/15000/KB15050/en_US/GEIP12-10%20Security%20Advisory%20-%20Proficy%20Portal%20rifsrvd.pdf

www.securityfocus.com/bid/55935

www.us-cert.gov/control_systems/pdf/ICSA-12-234-01.pdf

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

8.2

Confidence

High

EPSS

0.047

Percentile

92.7%

JSON

Related for CVE-2012-3010