EUVD-2009-0225

Malware in sbrugna...

CVE-2009-0216

GE Fanuc iFIX 5.0 and earlier relies on client-side authentication involving a weakly encrypted local password file, which allows remote attackers to bypass intended access restrictions and start privileged server login sessions by recovering a password or by using a modified program module...

Authentication flaw

GE Fanuc iFIX 5.0 and earlier relies on client-side authentication involving a weakly encrypted local password file, which allows remote attackers to bypass intended access restrictions and start privileged server login sessions by recovering a password or by using a modified program module...

CVE-2009-0216

GE Fanuc iFIX 5.0 and earlier relies on client-side authentication involving a weakly encrypted local password file, which allows remote attackers to bypass intended access restrictions and start privileged server login sessions by recovering a password or by using a modified program module...

CVE-2009-0216

CVE-2009-0216 affects GE Fanuc iFIX 5.0 and earlier. The vulnerability arises from client-side authentication that stores passwords in a locally shared file, using weak encryption, enabling a remote attacker to recover credentials and bypass access controls to start privileged server login sessio...

GE Fanuc Proficy HMI/SCADA iFIX uses insecure authentication techniques

Overview Vulnerabilities in the way GE Fanuc iFIX handles authentication could allow a remote attacker to log on to the system with elevated privileges. Description GE Fanuc iFIX is SCADA client/server software that includes a Human Machine Interface HMI componant and runs on Microsoft Windows CE...

hooked_on_fanucs.rb.txt

$Id: hookedonfanucs.rb This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/projects/Framework/ msfcli...

GE Fanuc Real Time Information Portal 2.6 writeFile() API Exploit (meta)

No description provided by source. $Id: hookedonfanucs.rb This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

GE Fanuc Real Time Information Portal 2.6 - writeFile() API (Metasploit)

GE Fanuc Real Time Information Portal 2.6 - writeFile API Metasploit $Id: hookedonfanucs.rb This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...

GE Fanuc Real Time Information Portal 2.6 writeFile() API Exploit (meta)

Exploit for unknown platform in category remote exploits ======================================================================== GE Fanuc Real Time Information Portal 2.6 writeFile API Exploit meta ======================================================================== $Id: hookedonfanucs.rb Th...

GE Fanuc Real Time Information Portal 2.6 - 'writeFile()' API (Metasploit)

$Id: hookedonfanucs.rb This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/projects/Framework/ require 'msf/core'...

GE-Fanuc Proficy Real-Time Information Portal远程脚本上传及执行漏洞

BUGTRAQ ID: 27446 CVECAN ID: CVE-2008-0175 Proficy Real-Time Information Portal是一个基于Web的解决方案，将基于在线和过程的系统与厂级连接性、分析和人机界面器件集成起来。 Proficy Real-Time Information Portal在处理用户请求时存在漏洞，远程攻击者可能利用此漏洞控制服务器。 Proficy Real-Time Information Portal没有对Add WebSource执行正确的Java...

Unrestricted file upload

Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the main virtual directory...

Heap overflow

Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI SCADA system 7.0 before 7.0 SIM 9, and earlier versions before 6.1 SP6 Hot fix - 0107081625176106, allow remote attackers to execute arbitrary code via unknown vectors...

Design/Logic Flaw

GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges...

CVE-2008-0176

Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI SCADA system 7.0 before 7.0 SIM 9, and earlier versions before 6.1 SP6 Hot fix - 0107081625176106, allow remote attackers to execute arbitrary code via unknown vectors...

CVE-2008-0174

GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges...

CVE-2008-0175

Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the main virtual directory...

CVE-2008-0174

GE Fanuc Proficy Real-Time Information Portal (2.6 and earlier) uses HTTP Basic Authentication, transmitting usernames in cleartext and passwords in Base64, enabling credential theft and potential privilege gain via network interception. Affects Proficy Information Portal up to version 2.6. Remed...

CVE-2008-0175

GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier is affected by an unrestricted file upload vulnerability via Add WebSource, exploitable to upload arbitrary files (including ASP) to the main virtual directory. Root cause is a faulty Java RMI call that lets an authenticated attacker s...