CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
96.2%
ICS-CERT originally released Advisory ICSA-11-243-03P on the US-CERT secure Portal on August 31, 2011. This web page release was delayed to allow users time to download and install the update.
ICS-CERT received a report from GE Intelligent Platforms and the Zero Day Initiative concerning a stack-based buffer overflow vulnerability in the GE Intelligent Platforms Proficy Historian Data Archiver.
This vulnerability was reported to ZDI by independent security researcher Luigi Auriemma.
ICS-CERT has coordinated with GE Intelligent Platforms to validate this vulnerability, and GE Intelligent Platforms has created a patch to address the issue. ICS-CERT has verified that the patch fully resolves this issue.
This vulnerability affects the following GE Intelligent Platforms products:
A vulnerability exists in Proficy Historian that could cause the Historian Data Archiver service to crash and potentially allow an attacker to take control of a system running the affected software.
Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.
Proficy Historian is a data historian that collects, archives, and distributes production information. According to GE, the Proficy Historian product is deployed across multiple industries worldwide.
CVE-2011-1918 has been assigned to this vulnerability.
A stack-based buffer overflow vulnerability exists as a result of the way that the Historian Data Archiver service (ihDataArchiver.exe or ihDataArchiver_x64.exe) processes incoming TCP/IP message traffic on Port 14000/TCP.
This vulnerability is remotely exploitable.
No publicly available exploits specifically targeting this vulnerability are known to exist.
Exploiting this vulnerability requires a moderate skill set.
GE Intelligent Platforms has released security advisories and free product updates Software Improvement Modules (SIMS) to address recently reported security vulnerabilities in Proficy software. GE Intelligent Platforms urges all customers to follow the recommendations in the security advisories, which can be found at http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB14493. A valid GE SSO ID and Customer Service Number are required to access the advisories and updates.
The following product updates for Proficy Historian address this issue:
Note: Proficy SIMS are cumulative. All future SIMS will include these updates.
GE Intelligent Platforms has provided the following instructions for iFix and CIMPLICITY users:
iFIX and CIMPLICITY installations:
Option 1: If Proficy Historian is in use, refer to the information above for Historian SIM applications and apply the appropriate SIM (update) to the installed version of Proficy Historian.
Option 2: If Proficy Historian is not in use, uninstall Proficy Historian by following the instructions below:
In addition to applying the patch or uninstalling, ICS-CERT recommends that customers using the affected product should consider taking the following proactive measures to decrease the likelihood of successful exploitation of this vulnerability.
The Control Systems Security Program (CSSP) provides a recommended practices section for control system security on the CSSP web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to taking defensive measures.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.
support.ge-ip.com/support/index?page=dwchannel&id=DN3696
support.ge-ip.com/support/index?page=dwchannel&id=DN3698
support.ge-ip.com/support/index?page=dwchannel&id=DN3706
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1918
cisasurvey.gov1.qualtrics.com/jfe/form/SV_9n4TtB8uttUPaM6?product=https://www.cisa.gov/news-events/ics-advisories/icsa-11-243-03a
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
twitter.com/CISAgov
twitter.com/intent/tweet?text=GE%20Intelligent%20Platforms%20Proficy%20Historian%20Data%20Archiver%20Buffer%20Overflow%20Vulnerability%20%28Update%20A%29+https://www.cisa.gov/news-events/ics-advisories/icsa-11-243-03a
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-advisories/icsa-11-243-03a&title=GE%20Intelligent%20Platforms%20Proficy%20Historian%20Data%20Archiver%20Buffer%20Overflow%20Vulnerability%20%28Update%20A%29
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-advisories/icsa-11-243-03a
www.oig.dhs.gov/
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=GE%20Intelligent%20Platforms%20Proficy%20Historian%20Data%20Archiver%20Buffer%20Overflow%20Vulnerability%20%28Update%20A%29&body=www.cisa.gov/news-events/ics-advisories/icsa-11-243-03a