CVSS: 10.0EPSS: 10%CPEs: 8EXPL: 0CVE-2012-0229 – GE Proficy Historian ihDataArchiver.exe Multiple Opcode Parsing Remote Code Execution Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-0229
15 Mar 2012 — The Data Archiver service in GE Intelligent Platforms Proficy Historian 4.5 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted session on TCP port 14000 to (1) ihDataArchiver.exe or (2) ihDataArchiver_x64.exe. El servicio Data Archiver service en GE Intelligent Platforms Proficy Historian v4.5 y anteriores permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente ejecutar código a ... • http://secunia.com/advisories/48369 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.4EPSS: 15%CPEs: 4EXPL: 0CVE-2012-0232 – GE Proficy Real-Time Information Portal Remote Interface Service Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0232
15 Mar 2012 — Directory traversal vulnerability in rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6, 3.0, 3.0 SP1, and 3.5 allows remote attackers to modify the configuration via crafted strings. Vulnerabilidad de salto de directorio en rifsrvd.exe en Remote Interface Service en GE Intelligent Platforms Proficy Real-Time Information Portal v2.6, v3.0, v3.0 SP1, y v3.5, permite a atacantes remotos modificar la configuracíón a través de de cadenas manipuladas.... • http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB14768 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 8%CPEs: 6EXPL: 0CVE-2012-0231
https://notcve.org/view.php?id=CVE-2012-0231
15 Mar 2012 — PRLicenseMgr.exe in the Proficy Server License Manager in GE Intelligent Platforms Proficy Plant Applications 5.0 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TCP session on port 12401. PRLicenseMgr.exe en Proficy Server License Manager en GE Intelligent Platforms Proficy Plant Applications v5.0 y anteriores permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente ejecutar c... • http://secunia.com/advisories/48415 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 3%CPEs: 3EXPL: 0CVE-2011-1919
https://notcve.org/view.php?id=CVE-2011-1919
02 Nov 2011 — Multiple stack-based buffer overflows in GE Intelligent Platforms Proficy Applications before 4.4.1 SIM 101 and 5.x before 5.0 SIM 43 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted TCP message traffic to (1) PRProficyMgr.exe in Proficy Server Manager, (2) PRGateway.exe in Proficy Server Gateway, (3) PRRDS.exe in Proficy Remote Data Service, or (4) PRLicenseMgr.exe in Proficy Server License Manager. Múltiples desbordamientos de buffer basado ... • http://www.securityfocus.com/bid/50474 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 15%CPEs: 2EXPL: 0CVE-2011-1918 – GE Proficy Historian ihDataArchiver.exe Trusted Header Size Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1918
02 Nov 2011 — Stack-based buffer overflow in the Data Archiver service in GE Intelligent Platforms Proficy Historian before 3.5 SIM 17 and 4.x before 4.0 SIM 12 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted TCP message traffic. Desbordamiento de buffer de pila en el servicio "Data Archiver" de GE Intelligent Platforms Proficy Historian en versiones anteriores a la 3.5 SIM 17 y 4.x anteriores a 4.0 SIM 12. Permite a atacantes remotos provocar una denegac... • http://ics-cert.us-cert.gov/advisories/ICSA-11-243-03A • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2011-3320
https://notcve.org/view.php?id=CVE-2011-3320
02 Nov 2011 — Cross-site scripting (XSS) vulnerability in the Web Administrator component in GE Intelligent Platforms Proficy Historian 4.x and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el componente Web Administrator en GE Intelligent Platforms Proficy Historian v4.x y anteriores, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro no especif... • http://www.securityfocus.com/bid/50473 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 10EXPL: 0CVE-2009-0216
https://notcve.org/view.php?id=CVE-2009-0216
13 Feb 2009 — GE Fanuc iFIX 5.0 and earlier relies on client-side authentication involving a weakly encrypted local password file, which allows remote attackers to bypass intended access restrictions and start privileged server login sessions by recovering a password or by using a modified program module. GE Fanuc iFIX v5.0 y versiones anteriores utiliza una autenticación en el lado del cliente que involucra a un fichero de contraseña local con un cifrado débil, permite a atacantes remotos saltarse las restricciones de a... • http://support.gefanuc.com/support/index?page=kbchannel&id=S:KB13253&actp=search • CWE-255: Credentials Management Errors •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2008-0174
https://notcve.org/view.php?id=CVE-2008-0174
29 Jan 2008 — GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges. GE Fanuc Proficy Real-Time Information Portal 2.6 y versiones anteriores utiliza autenticación básica HTTP que transmite usuarios y contraseñas en texto en claro codificado base64 y permite a atacantes remotos robar las contraseñas y obtener priviliegios. • http://securityreason.com/securityalert/3590 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 10.0EPSS: 31%CPEs: 2EXPL: 0CVE-2008-0176
https://notcve.org/view.php?id=CVE-2008-0176
29 Jan 2008 — Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI SCADA system 7.0 before 7.0 SIM 9, and earlier versions before 6.1 SP6 Hot fix - 010708_162517_6106, allow remote attackers to execute arbitrary code via unknown vectors. Desbordamiento de búfer basado en montículo en w32rtr.exe de GE Fanuc CIMPLICITY HMI SCADA system 7.0 versiones anteriores a 7.0 SIM 9, y versiones anteriores a 6.1 SP6 Hot fix - 010708_162517_6106, permite a atacantes remotos ejecutar código de su elección mediante vector... • http://secunia.com/advisories/28663 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 48%CPEs: 1EXPL: 1CVE-2008-0175 – GE Fanuc Real Time Information Portal 2.6 - 'writeFile()' API
https://notcve.org/view.php?id=CVE-2008-0175
29 Jan 2008 — Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the main virtual directory. Vulnerabilidad de subida de ficheros no restringida en GE Fanuc Proficy Real-Time Information Portal 2.6 y versiones anteriores permite a atacantes remotos ejecutar código de su elección al subir un fichero con una extensión ejecutable al directorio virtual principal. • https://www.exploit-db.com/exploits/6921 •