CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2013-0651
https://notcve.org/view.php?id=CVE-2013-0651
27 Jan 2013 — The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to read configuration files, and discover data-source credentials, via a direct request. El proceso de instalación de GE Intelligent Platforms Proficy Real-Time Information Portal almacena información sensible bajo la raíz Web con control de acceso insuficientes, lo que permite a atacantes remotos leer... • http://www.us-cert.gov/control_systems/pdf/ICSA-13-022-01.pdf • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 1CVE-2013-0653 – GE Proficy Cimplicity WebView Substitute.bcl Directory Traversal
https://notcve.org/view.php?id=CVE-2013-0653
27 Jan 2013 — Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to read arbitrary files via a crafted packet. Vulnerabilidad de salto de directorio en substitute.bcl en el subsistema WebView CimWeb en GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY v4.01 a la v8.0, y Proficy Process Systems con CIMPLICITY, permite a atacantes remotos le... • https://packetstorm.news/files/id/180783 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2013-0654
https://notcve.org/view.php?id=CVE-2013-0654
27 Jan 2013 — CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary commands or cause a denial of service (daemon crash) via a crafted packet. CimWebServer en GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY v4.01 a la v8.0, y Proficy Process Systems con CIMPLICITY, permite a atacantes remotos ejecutar comandos arbitrarios o causar una denegación de servicio (caída del demonio) a través de ... • http://www.us-cert.gov/control_systems/pdf/ICSA-13-022-02.pdf • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2012-4689
https://notcve.org/view.php?id=CVE-2012-4689
17 Jan 2013 — Integer overflow in CimWebServer.exe in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to cause a denial of service (daemon crash) via a malformed HTTP request. Un desbordamiento de entero en CimWebServer.exe en GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY v4.01 hasta la v8.0, y Proficy Process Systems con CIMPLICITY, permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a... • http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15153 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 2%CPEs: 5EXPL: 0CVE-2012-3021
https://notcve.org/view.php?id=CVE-2012-3021
01 Nov 2012 — rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3010 and CVE-2012-3026. rifsrvd.exe en la interfaz de servicio remoto en GE Intelligent Platforms Proficy Real-Time Information Portal v2.6 a v3.5 SP1 permite a atacantes remotos provocar una dene... • http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15050 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 2%CPEs: 5EXPL: 0CVE-2012-3010
https://notcve.org/view.php?id=CVE-2012-3010
01 Nov 2012 — rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3021 and CVE-2012-3026. rifsrvd.exe en la interfaz de servicio remoto en GE Intelligent Platforms Proficy Real-Time Information Portal v2.6 a v3.5 SP1 permite a atacantes remotos provocar una dene... • http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15050 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 2%CPEs: 5EXPL: 0CVE-2012-3026
https://notcve.org/view.php?id=CVE-2012-3026
01 Nov 2012 — rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3010 and CVE-2012-3021. rifsrvd.exe en la interfaz de servicio remoto en GE Intelligent Platforms Proficy Real-Time Information Portal v2.6 a v3.5 SP1 permite a atacantes remotos provocar una dene... • http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15050 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 81%CPEs: 10EXPL: 1CVE-2012-2516 – GE Proficy Historian KeyHelp ActiveX LaunchTriPane Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-2516
05 Jul 2012 — An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component), as used in GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; Proficy HMI/SCADA iFIX 5.0 and 5.1; Proficy Pulse 1.0; Proficy Batch Execution 5.6; SI7 I/O Driver 7.20 through 7.42; and other products, allows remote attackers to execute arbitrary commands via crafted input, related to a "command injection vulnerability." Un control ActiveX en KeyHelp.ocx en KeyWorks KeyHelp Module (también conocido como... • https://www.exploit-db.com/exploits/21888 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 85%CPEs: 12EXPL: 2CVE-2012-2515
https://notcve.org/view.php?id=CVE-2012-2515
05 Jul 2012 — Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXtender Desktop 5.4; EMC Captiva Quickscan Pro 4.6 SP1; GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; GE Intelligent Platforms Proficy HMI/SCADA iFIX 5.0 and 5.1; GE Intelligent Platforms Proficy Pulse 1.0; GE Intelligent Platforms Proficy Batch Execution 5.6; GE Intelligent Platforms SI7 I/O ... • http://retrogod.altervista.org/9sg_emc_keyhelp.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 8%CPEs: 6EXPL: 0CVE-2012-0230
https://notcve.org/view.php?id=CVE-2012-0230
15 Mar 2012 — PRRDS.exe in the Proficy Remote Data Service in GE Intelligent Platforms Proficy Plant Applications 5.0 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TCP session on port 12299. PRLicenseMgr.exe en Proficy Server License Manager en GE Intelligent Platforms Proficy Plant Applications v5.0 y anteriores permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente ejecutar código a tr... • http://secunia.com/advisories/48415 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •