Sign-up

ID

VAR-201203-0281


CVE

CVE-2012-0232


TITLE

GE Proficy Real-Time Information Portal 'rifsrvd.exe' Directory Traversal Vulnerability

Trust: 1.1

sources: IVD: 047facac-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-1310 // BID: 52439

DESCRIPTION

Directory traversal vulnerability in rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6, 3.0, 3.0 SP1, and 3.5 allows remote attackers to modify the configuration via crafted strings. Authentication is not required to exploit this vulnerability.This specific flaw exists within the Remote Interface Service (rifsrvd.exe). The Remote Interface Service listens on TCP port 5159 by default. The process does not sufficiently validate two input strings that are used to create a configuration file on the server. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed ID_SAVE_SRVC_CFG message packets to the target, which could ultimately lead to remote code execution under the context of the SYSTEM user. GE Proficy Real-Time Information Portal is a web-based production data visualization analysis tool. Verification, which allows an attacker to create a new file or overwrite an existing file or inject text into the file. Exploiting the issue may allow an attacker to overwrite arbitrary files on the affected system. This could aid in further attacks. - -- Vendor Response: GE has issued an update to correct this vulnerability. More details can be found at: http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB14768 - -- Disclosure Timeline: 2011-10-17 - Vulnerability reported to vendor 2012-08-22 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * Luigi Auriemma - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8 wsBVAwUBUDT+zlVtgMGTo1scAQKDJAf/eocBDbik7+EJStiu8UIZ5cFL0Rh4dpl9 i+rz9uc/CcYUUfTthpX02GRclDb7PsuKrgxA1mj8a/1D21hfNPUMAVkKvgFDM02e oPBBv9Rn2i7w3KPpJ0NFsJHXP/yqeuP/D1ead+JoAPycFSToFmcm3ZZ8SXKHLLLH SWmqcf+SGRrvzjLrqZZceGpKJJhS7SSwLyhdT3XUKYeiQBcCsx2XgrhgMBR+uSDm 9KvvqU1tAPXUF6f2h+pIshwD5T/r6YkYFgBl7IkaqKV+e0QlurIa2lUOEajLTPVp jTksxLAx75ohmSpuII+MQXzqxgoc7FMCvF0Seh7NjtTamJiUL0v59Q== =2JFM -----END PGP SIGNATURE-----

Trust: 3.33

sources: NVD: CVE-2012-0232 // JVNDB: JVNDB-2012-001805 // ZDI: ZDI-12-148 // CNVD: CNVD-2012-1310 // BID: 52439 // IVD: 047facac-2354-11e6-abef-000c29c66e3d // PACKETSTORM: 115784

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 047facac-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-1310

AFFECTED PRODUCTS

vendor:gemodel:intelligent platforms proficy real-time information portalscope:eqversion:2.6

Trust: 1.6

vendor:gemodel:intelligent platforms proficy real-time information portalscope:eqversion:3.5

Trust: 1.6

vendor:gemodel:intelligent platforms proficy real-time information portalscope:eqversion:3.0

Trust: 1.6

vendor:generalmodel:electric proficy real-time information portalscope:eqversion:2.6

Trust: 0.9

vendor:generalmodel:electric proficy real-time information portalscope:eqversion:3.0

Trust: 0.9

vendor:generalmodel:electric proficy real-time information portal sp1scope:eqversion:3.0

Trust: 0.9

vendor:generalmodel:electric proficy real-time information portalscope:eqversion:3.5

Trust: 0.9

vendor:general electricmodel:proficy real-time information portalscope:eqversion:2.6

Trust: 0.8

vendor:general electricmodel:proficy real-time information portalscope:eqversion:3.0

Trust: 0.8

vendor:general electricmodel:proficy real-time information portalscope:eqversion:3.0 sp1

Trust: 0.8

vendor:general electricmodel:proficy real-time information portalscope:eqversion:3.5

Trust: 0.8

vendor:gemodel:proficy real-time information portalscope: - version: -

Trust: 0.7

vendor:intelligent platforms proficy real time information portalmodel: - scope:eqversion:3.0

Trust: 0.4

vendor:generalmodel:electric proficy real-time information portalscope:neversion:2.5

Trust: 0.3

vendor:intelligent platforms proficy real time information portalmodel: - scope:eqversion:2.6

Trust: 0.2

vendor:intelligent platforms proficy real time information portalmodel: - scope:eqversion:3.5

Trust: 0.2

sources: IVD: 047facac-2354-11e6-abef-000c29c66e3d // ZDI: ZDI-12-148 // CNVD: CNVD-2012-1310 // BID: 52439 // JVNDB: JVNDB-2012-001805 // CNNVD: CNNVD-201203-252 // NVD: CVE-2012-0232

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-0232
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-0232
value: MEDIUM

Trust: 0.8

ZDI: CVE-2012-0232
value: HIGH

Trust: 0.7

CNNVD: CNNVD-201203-252
value: MEDIUM

Trust: 0.6

IVD: 047facac-2354-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2012-0232
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2012-0232
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

IVD: 047facac-2354-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 047facac-2354-11e6-abef-000c29c66e3d // ZDI: ZDI-12-148 // JVNDB: JVNDB-2012-001805 // CNNVD: CNNVD-201203-252 // NVD: CVE-2012-0232

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2012-001805 // NVD: CVE-2012-0232

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 115784 // CNNVD: CNNVD-201203-252

TYPE

Path traversal

Trust: 0.8

sources: IVD: 047facac-2354-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201203-252

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-001805

PATCH
title:GEIP12-03url:http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB14768
Trust: 1.5
title:Top Pageurl:http://www.ge-ip.com
Trust: 0.8
title:partnerurl:http://www.ge-ip.co.jp/partner.html
Trust: 0.8
title:Top Pageurl:http://www.ge-ip.co.jp
Trust: 0.8
title:GE Proficy Real-Time Information Portal 'rifsrvd.exe' directory traversal vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/13351
Trust: 0.6
sources:
            
            
            ZDI: ZDI-12-148 // 
            
            
            
            CNVD: CNVD-2012-1310 // 
            
            
            
            JVNDB: JVNDB-2012-001805

EXTERNAL IDS
db:NVDid:CVE-2012-0232
Trust: 4.3
db:ICS CERTid:ICSA-12-032-03
Trust: 3.3
db:BIDid:52439
Trust: 1.9
db:ZDIid:ZDI-12-148
Trust: 1.1
db:CNVDid:CNVD-2012-1310
Trust: 0.8
db:CNNVDid:CNNVD-201203-252
Trust: 0.8
db:JVNDBid:JVNDB-2012-001805
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-1419
Trust: 0.7
db:NSFOCUSid:19060
Trust: 0.6
db:IVDid:047FACAC-2354-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:PACKETSTORMid:115784
Trust: 0.1
sources:
            
            
            IVD: 047facac-2354-11e6-abef-000c29c66e3d // 
            
            
            
            ZDI: ZDI-12-148 // 
            
            
            
            CNVD: CNVD-2012-1310 // 
            
            
            
            BID: 52439 // 
            
            
            
            JVNDB: JVNDB-2012-001805 // 
            
            
            
            PACKETSTORM: 115784 // 
            
            
            
            CNNVD: CNNVD-201203-252 // 
            
            
            
            NVD: CVE-2012-0232

REFERENCES
url:http://www.us-cert.gov/control_systems/pdf/icsa-12-032-03.pdf
Trust: 3.3
url:http://support.ge-ip.com/support/index?page=kbchannel&id=s:kb14768
Trust: 2.4
url:http://www.securityfocus.com/bid/52439
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0232
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0232
Trust: 0.8
url:http://www.nsfocus.net/vulndb/19060
Trust: 0.6
url:http://www.ge-ip.com/products/2811
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/zdi-12-148/
Trust: 0.3
url:http://www.zerodayinitiative.com/advisories/disclosure_policy/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-0232
Trust: 0.1
url:http://twitter.com/thezdi
Trust: 0.1
url:http://www.tippingpoint.com
Trust: 0.1
url:http://www.zerodayinitiative.com
Trust: 0.1
url:http://www.zerodayinitiative.com/advisories/zdi-12-148
Trust: 0.1
sources:
            
            
            ZDI: ZDI-12-148 // 
            
            
            
            CNVD: CNVD-2012-1310 // 
            
            
            
            BID: 52439 // 
            
            
            
            JVNDB: JVNDB-2012-001805 // 
            
            
            
            PACKETSTORM: 115784 // 
            
            
            
            CNNVD: CNNVD-201203-252 // 
            
            
            
            NVD: CVE-2012-0232

CREDITS
Luigi Auriemma
Trust: 1.6
sources:
            
            
            ZDI: ZDI-12-148 // 
            
            
            
            BID: 52439 // 
            
            
            
            CNNVD: CNNVD-201203-252

SOURCES
db:IVDid:047facac-2354-11e6-abef-000c29c66e3d
db:ZDIid:ZDI-12-148
db:CNVDid:CNVD-2012-1310
db:BIDid:52439
db:JVNDBid:JVNDB-2012-001805
db:PACKETSTORMid:115784
db:CNNVDid:CNNVD-201203-252
db:NVDid:CVE-2012-0232

LAST UPDATE DATE
2025-04-11T23:04:14.410000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-12-148date:2012-08-22T00:00:00
db:CNVDid:CNVD-2012-1310date:2012-03-15T00:00:00
db:BIDid:52439date:2012-08-22T17:55:00
db:JVNDBid:JVNDB-2012-001805date:2012-03-19T00:00:00
db:CNNVDid:CNNVD-201203-252date:2012-03-15T00:00:00
db:NVDid:CVE-2012-0232date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:047facac-2354-11e6-abef-000c29c66e3ddate:2012-03-15T00:00:00
db:ZDIid:ZDI-12-148date:2012-08-22T00:00:00
db:CNVDid:CNVD-2012-1310date:2012-03-15T00:00:00
db:BIDid:52439date:2012-03-13T00:00:00
db:JVNDBid:JVNDB-2012-001805date:2012-03-19T00:00:00
db:PACKETSTORMid:115784date:2012-08-23T01:55:10
db:CNNVDid:CNNVD-201203-252date:2012-03-15T00:00:00
db:NVDid:CVE-2012-0232date:2012-03-15T18:55:00.853