Sign-up

ID

VAR-201312-0496


TITLE

Multiple GE Proficy Products Ethernet Interface Remote Buffer Overflow Vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2013-14824

DESCRIPTION

GE Intelligent Platforms Proficy HMI/SCADA\342\200\223iFIX is the world's leading industrial automation software solution that provides process visualization, data acquisition and data monitoring for production operations. Multiple GE Proficy products have remote buffer overflow vulnerabilities in the implementation of Ethernet interfaces. When processing Station Manager commands, user input is not properly verified. Causes an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition

Trust: 0.99

sources: CNVD: CNVD-2013-14824 // BID: 63945 // IVD: 9a8e8672-1efa-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 9a8e8672-1efa-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14824

AFFECTED PRODUCTS

vendor:generalmodel:electric rx7i cpuscope:eqversion:6.75

Trust: 1.2

vendor:generalmodel:electric rx7i cpuscope:eqversion:6.12

Trust: 1.2

vendor:generalmodel:electric rx7i hot standby cpuscope:eqversion:6.75

Trust: 0.9

vendor:generalmodel:electric rx7i hot standby cpuscope:eqversion:6.12

Trust: 0.9

vendor:general electricmodel:pacsystems rx3i ethernet interfacescope:eqversion:6.12

Trust: 0.8

vendor:generalmodel:electric rx7i ethernet modulescope:eqversion:6.12

Trust: 0.3

vendor:generalmodel:electric pacsystems rx3i ethernet interfacescope:eqversion:6.12

Trust: 0.3

vendor:generalmodel:electric ethernet niuscope:eqversion:90-306.12

Trust: 0.3

vendor:generalmodel:electric ethernet niuscope:eqversion:90-3012.71

Trust: 0.3

vendor:generalmodel:electric cpu374 plusscope:eqversion:90-306.12

Trust: 0.3

vendor:generalmodel:electric cpu374 plusscope:eqversion:90-3012.71

Trust: 0.3

vendor:generalmodel:electric cpu372 plusscope:eqversion:90-306.12

Trust: 0.3

vendor:generalmodel:electric cpu372 plusscope:eqversion:90-3012.71

Trust: 0.3

sources: IVD: 9a8e8672-1efa-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14824 // BID: 63945

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2013-14824
value: MEDIUM

Trust: 0.6

IVD: 9a8e8672-1efa-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

CNVD: CNVD-2013-14824
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 9a8e8672-1efa-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 9a8e8672-1efa-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14824

THREAT TYPE

network

Trust: 0.3

sources: BID: 63945

TYPE

Boundary Condition Error

Trust: 0.3

sources: BID: 63945

PATCH

title:Multiple GE Proficy Products Ethernet Interface Remote Buffer Overflow Vulnerability Patchurl:https://www.cnvd.org.cn/patchinfo/show/41400

Trust: 0.6

sources: CNVD: CNVD-2013-14824

EXTERNAL IDS

db:BIDid:63945

Trust: 0.9

db:CNVDid:CNVD-2013-14824

Trust: 0.8

db:OSVDBid:100327

Trust: 0.6

db:IVDid:9A8E8672-1EFA-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: 9a8e8672-1efa-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14824 // BID: 63945

REFERENCES

url:http://osvdb.org/100327

Trust: 0.6

url:http://www.ge.com/

Trust: 0.3

url:http://support.ge-ip.com/support/resources/sites/ge_fanuc_support/content/live/kb/14000/kb14872/en_us/geip12-08%20security%20advisory%20-%20buffer%20overflows%20on%20ethernet.pdf

Trust: 0.3

sources: CNVD: CNVD-2013-14824 // BID: 63945

CREDITS

Anonymous

Trust: 0.3

sources: BID: 63945

SOURCES

db:IVDid:9a8e8672-1efa-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-14824
db:BIDid:63945

LAST UPDATE DATE

2022-05-17T01:41:25.015000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-14824date:2013-12-03T00:00:00
db:BIDid:63945date:2012-04-24T00:00:00

SOURCES RELEASE DATE

db:IVDid:9a8e8672-1efa-11e6-abef-000c29c66e3ddate:2013-12-03T00:00:00
db:CNVDid:CNVD-2013-14824date:2013-12-03T00:00:00
db:BIDid:63945date:2012-04-24T00:00:00