Details of VAR-200801-0247

ID

VAR-200801-0247

CVE

CVE-2008-0174

TITLE

GE Fanuc Proficy Real-Time Information Portal Sensitive Information Disclosure Vulnerability

Trust: 0.8

sources: IVD: 0642781e-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-200801-408

DESCRIPTION

GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges. GE Fanuc Proficy Information Portal , the authentication information is sent in clear text. The attacker obtains authentication information by intercepting this communication, Portal may be invaded. GE Fanuc Proficy Information Portal is a web-based system status reporting system that connects production information systems and inter-company networks and handles data such as production information in an integrated manner online. this Proficy Information Portal Because the credentials are sent in clear text, it is possible for an attacker to intercept this communication and obtain the credentials.Credentials may be obtained by an attacker who can intercept communications. Information obtained may lead to further attacks. Background ----------------- GE-Fanuc's Proficy Information Portal 2.6 is a web based reporting application for the SCADA environment. As such it will usually be installed in a buffer zone between the SCADA and the corporate network, which makes it a very sensitive application as it can access both networks. Description ---------------- The login process of Proficy involves sending the username in cleartext and the password in Base64 encoded format. Workaround/Fix ----------------------- The vendor issued a KB article on how to resolve this vulnerability at the GE-Fanuc website, yet the proposed solution was not verified by C4. Additional Information ------------------------------- For additional information please contact us at info@c4-security.com. Note that we will respond only to verified utility personnel and governmental agencies. The CVE identifier assigned to this vulnerability by CERT is CVE-2008-0174 Credit --------- This vulnerability was discovered by Eyal Udassin of C4. Regards, Eyal Udassin - C4 (Formerly Swift Coders) 33 Jabotinsky St. The Twin Towers #1, Ramat Gan, Israel eyal.udassin@c4-security.com / www.c4-security.com <http://www.c4-security.com/> +972-547-684989

Trust: 2.88

sources: NVD: CVE-2008-0174 // CERT/CC: VU#180876 // JVNDB: JVNDB-2008-001053 // BID: 30754 // IVD: 0642781e-2352-11e6-abef-000c29c66e3d // PACKETSTORM: 63006

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.2

sources: IVD: 0642781e-2352-11e6-abef-000c29c66e3d

AFFECTED PRODUCTS

vendor:	ge	model:	proficy real-time information portal	scope:	lte	version:	2.6	Trust: 1.0
vendor:	ge fanuc	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	ge fanuc	model:	proficy real-time information portal	scope:	lte	version:	2.6 and earlier	Trust: 0.8
vendor:	ge fanuc	model:	proficy real-time information portal	scope:	eq	version:	-	Trust: 0.8
vendor:	ge fanuc	model:	proficy real-time information portal	scope:	eq	version:	2.6	Trust: 0.6
vendor:	ge	model:	fanuc proficy real-time information portal	scope:	eq	version:	2.6	Trust: 0.3
vendor:	proficy real time information portal	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 0642781e-2352-11e6-abef-000c29c66e3d // CERT/CC: VU#180876 // BID: 30754 // JVNDB: JVNDB-2008-001053 // CNNVD: CNNVD-200801-408 // NVD: CVE-2008-0174

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-0174
value:	CRITICAL
Trust: 1.0
CARNEGIE MELLON:	VU#180876
value:	0.17
Trust: 0.8
NVD:	CVE-2008-0174
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-200801-408
value:	MEDIUM
Trust: 0.6
IVD:	0642781e-2352-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

nvd@nist.gov:	CVE-2008-0174
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	0642781e-2352-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2008-0174
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2008-0174
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 0642781e-2352-11e6-abef-000c29c66e3d // CERT/CC: VU#180876 // JVNDB: JVNDB-2008-001053 // CNNVD: CNNVD-200801-408 // NVD: CVE-2008-0174

PROBLEMTYPE DATA

problemtype:	CWE-312	Trust: 1.0
problemtype:	Plaintext storage of important information (CWE-312) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2008-001053 // NVD: CVE-2008-0174

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200801-408

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-200801-408

PATCH

title:

KB12459 GE Fanuc

url:

http://support.gefanuc.com/support/index?page=kbchannel&id=KB12459

Trust: 0.8

sources: JVNDB: JVNDB-2008-001053

EXTERNAL IDS

db:	NVD	id:	CVE-2008-0174	Trust: 3.8
db:	CERT/CC	id:	VU#180876	Trust: 2.6
db:	SECTRACK	id:	1019273	Trust: 2.4
db:	BID	id:	30754	Trust: 1.9
db:	SREASON	id:	3590	Trust: 1.6
db:	CNNVD	id:	CNNVD-200801-408	Trust: 0.8
db:	EXPLOIT-DB	id:	6921	Trust: 0.8
db:	JVNDB	id:	JVNDB-2008-001053	Trust: 0.8
db:	BUGTRAQ	id:	20080129 RE: C4 SECURITY ADVISORY - GE FANUC PROFICY INFORMATION PORTAL 2.6 AUTHENTICATION VULNERABILITY	Trust: 0.6
db:	BUGTRAQ	id:	20080125 C4 SECURITY ADVISORY - GE FANUC PROFICY INFORMATION PORTAL 2.6 AUTHENTICATION VULNERABILITY	Trust: 0.6
db:	IVD	id:	0642781E-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	PACKETSTORM	id:	63006	Trust: 0.1

sources: IVD: 0642781e-2352-11e6-abef-000c29c66e3d // CERT/CC: VU#180876 // BID: 30754 // JVNDB: JVNDB-2008-001053 // PACKETSTORM: 63006 // CNNVD: CNNVD-200801-408 // NVD: CVE-2008-0174

REFERENCES

url:	http://support.gefanuc.com/support/index?page=kbchannel&id=kb12459	Trust: 2.7
url:	http://securitytracker.com/id?1019273	Trust: 2.4
url:	http://www.kb.cert.org/vuls/id/180876	Trust: 1.8
url:	http://www.securityfocus.com/bid/30754	Trust: 1.6
url:	http://securityreason.com/securityalert/3590	Trust: 1.6
url:	http://www.securityfocus.com/archive/1/487075/100/0/threaded	Trust: 1.0
url:	http://www.securityfocus.com/archive/1/487244/100/0/threaded	Trust: 1.0
url:	http://www.securityfocus.com/archive/1/487075/30/0/threaded	Trust: 0.8
url:	http://support.microsoft.com/kb/324274	Trust: 0.8
url:	http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/iis/36ea667e-c578-43b5-87fa-a2f174efb27a.mspx	Trust: 0.8
url:	http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/iis/523ae943-5e6a-4200-9103-9808baa00157.mspx	Trust: 0.8
url:	http://www.gefanuc.com/as_en/gefanuc/resource_center/hmi_scada/hmiscada_security.html	Trust: 0.8
url:	http://java.sun.com/j2se/1.5.0/docs/guide/rmi/socketfactory/sslinfo.html	Trust: 0.8
url:	http://java.sun.com/j2se/1.5.0/docs/guide/rmi/socketfactory/index.html	Trust: 0.8
url:	http://www.digitalmunition.com/hooked_on_fanucs.rb	Trust: 0.8
url:	http://www.digitalmunition.com/rtipsniff.rb	Trust: 0.8
url:	http://www.milw0rm.com/exploits/6921	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu%23180876/index.html	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0174	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/487075/100/0/threaded	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/487244/100/0/threaded	Trust: 0.6
url:	http://www.gefanuc.com/as_en/products_solutions/production_management/products/proficy_portal.html	Trust: 0.3
url:	/archive/1/487075	Trust: 0.3
url:	http://www.c4-security.com/>	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2008-0174	Trust: 0.1

sources: CERT/CC: VU#180876 // BID: 30754 // JVNDB: JVNDB-2008-001053 // PACKETSTORM: 63006 // CNNVD: CNNVD-200801-408 // NVD: CVE-2008-0174

CREDITS

Trust: 0.9

sources: BID: 30754 // CNNVD: CNNVD-200801-408

SOURCES

db:	IVD	id:	0642781e-2352-11e6-abef-000c29c66e3d
db:	CERT/CC	id:	VU#180876
db:	BID	id:	30754
db:	JVNDB	id:	JVNDB-2008-001053
db:	PACKETSTORM	id:	63006
db:	CNNVD	id:	CNNVD-200801-408
db:	NVD	id:	CVE-2008-0174

LAST UPDATE DATE

2025-04-10T23:25:42.523000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#180876	date:	2008-11-13T00:00:00
db:	BID	id:	30754	date:	2008-11-10T16:45:00
db:	JVNDB	id:	JVNDB-2008-001053	date:	2024-03-01T04:50:00
db:	CNNVD	id:	CNNVD-200801-408	date:	2008-09-11T00:00:00
db:	NVD	id:	CVE-2008-0174	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	IVD	id:	0642781e-2352-11e6-abef-000c29c66e3d	date:	2008-01-28T00:00:00
db:	CERT/CC	id:	VU#180876	date:	2008-01-25T00:00:00
db:	BID	id:	30754	date:	2008-01-25T00:00:00
db:	JVNDB	id:	JVNDB-2008-001053	date:	2008-02-07T00:00:00
db:	PACKETSTORM	id:	63006	date:	2008-01-26T00:14:33
db:	CNNVD	id:	CNNVD-200801-408	date:	2008-01-28T00:00:00
db:	NVD	id:	CVE-2008-0174	date:	2008-01-29T02:00:00