KLA10300 ACE vulnerability in GE IP products

2012-07-0400:00:00

Kaspersky Lab

threats.kaspersky.com

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

Low

0.91 High

EPSS

Percentile

98.9%

JSON

A buffer overflow was found in GE IP products. By exploiting this vulnerability malicious users can execute arbitrary code and commands. This vulnerability can be exploited remotely via a specially designed input.

Original advisories

GE IP bulletin

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Proficy-HMI-SCADA-iFIX

CVE list

CVE-2012-2515 critical

CVE-2012-2516 critical

Solution

Update to latest version

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Affected Products

Proficy Historian versions 4.5, 4.0, 3.5, and 3.1Proficy HMI/SCADA – iFIX versions 5.1 and 5.0Proficy Pulse version 1.0Proficy Batch Execution version 5.6SI7 I/O Driver versions from 7.20 to 7.42

References

support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14863/en_US/GEIP12-04%20Security%20Advisory%20-%20Proficy%20HTML%20Help.pdf

statistics.securelist.com/

threats.kaspersky.com/en/class/Exploit/

threats.kaspersky.com/en/product/Proficy-HMI-SCADA-iFIX/