CVE-2013-2823
https://notcve.org/view.php?id=CVE-2013-2823
The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line. El driver (1) Catapult DNP3 I/O anterior a la versión 7.2.0.60 y el driver (2) GE Intelligent Platforms Proficy DNP3 I/O anterior a la versión 7.20k, tal y como se usa en DNPDrv.exe (también conocido como servidor de estación maestro DNP) en GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY y iFIX, permite físicamente a atacantes próximos provocar una denegación de servicio (bucle infinito) a través de una entrada manipulada sobre una linea de serie. • http://ics-cert.us-cert.gov/advisories/ICSA-13-297-01 http://ics-cert.us-cert.gov/advisories/ICSA-13-297-02 http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15805 http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/15000/KB15805/en_US/GEIP13-04%20Security%20Advisory%20-%20Proficy%20HMI%20SCADA%20DNP3%20Driver%20from%20Catapult%20Software.pdf • CWE-20: Improper Input Validation •
CVE-2013-2811
https://notcve.org/view.php?id=CVE-2013-2811
The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet. El driver (1) Catapult DNP3 I/O anterior a la versión 7.2.0.60 y (2) el driver GE Intelligent Platforms Proficy DNP3 I/O anterior a 7.20k, tal y como se usa en DNPDrv.exe (también conocido como servidor de estación maestro DNP) en GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY e iFIX, permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de paquetes DNP3 TCP manipulados. • http://ics-cert.us-cert.gov/advisories/ICSA-13-297-01 http://ics-cert.us-cert.gov/advisories/ICSA-13-297-02 http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15805 http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/15000/KB15805/en_US/GEIP13-04%20Security%20Advisory%20-%20Proficy%20HMI%20SCADA%20DNP3%20Driver%20from%20Catapult%20Software.pdf • CWE-20: Improper Input Validation •
CVE-2012-2516 – GE Proficy Historian KeyHelp ActiveX LaunchTriPane Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-2516
An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component), as used in GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; Proficy HMI/SCADA iFIX 5.0 and 5.1; Proficy Pulse 1.0; Proficy Batch Execution 5.6; SI7 I/O Driver 7.20 through 7.42; and other products, allows remote attackers to execute arbitrary commands via crafted input, related to a "command injection vulnerability." Un control ActiveX en KeyHelp.ocx en KeyWorks KeyHelp Module (también conocido como el componente HTML Help), tal como se utiliza en GE Intelligent Platforms Proficy Historian v3.1, v3.5, v4.0 y v4.5; Proficy HMI/SCADA iFIX v5.0 y v5.1; Proficy Pulse v1,0; Proficy Batch Execution v5,6, SI7 ??E/S Driverv 7.20 hasta 7.42, y otros productos, permite a atacantes remotos ejecutar comandos arbitrarios a través de la entrada hecha a mano, relacionada con una "vulnerabilidad de inyección de comandos." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE Proficy Historian. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the KeyHelp.ocx ActiveX control. • https://www.exploit-db.com/exploits/21888 http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14863/en_US/GEIP12-04%20Security%20Advisory%20-%20Proficy%20HTML%20Help.pdf http://www.us-cert.gov/control_systems/pdf/ICSA-12-131-02.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2012-2515
https://notcve.org/view.php?id=CVE-2012-2515
Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXtender Desktop 5.4; EMC Captiva Quickscan Pro 4.6 SP1; GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; GE Intelligent Platforms Proficy HMI/SCADA iFIX 5.0 and 5.1; GE Intelligent Platforms Proficy Pulse 1.0; GE Intelligent Platforms Proficy Batch Execution 5.6; GE Intelligent Platforms SI7 I/O Driver 7.20 through 7.42; and other products, allow remote attackers to execute arbitrary code via a long string in the second argument to the (1) JumpMappedID or (2) JumpURL method. Múltiples desbordamientos de búfer en el control ActiveX KeyHelp.KeyCtrl.1 en KeyHelp.ocx v1.2.312 en KeyWorks KeyHelp Module (también conocido como el componente HTML Help), tal como se utiliza en EMC Documentum ApplicationXtender Desktop v5.4; EMC Captiva Quickscan Pro v4.6 SP1; GE Intelligent Platforms Proficy Historian v3.1, v3.5, v4.0 y v4.5; GE Intelligent Platforms Proficy HMI/SCADA iFIX v5.0 y v5.1; Proficy Pulse v1,0; Proficy Batch Execution v5,6, SI7 ??E/S Driverv 7.20 hasta 7.42, y otros productos, permite a atacantes remotos ejecutar código de su elección a través de una larga cadena en el segundo argumento del método (1) JumpMappedID o (2) JumpURL. • http://retrogod.altervista.org/9sg_emc_keyhelp.html http://secunia.com/advisories/36905 http://secunia.com/advisories/36914 http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14863/en_US/GEIP12-04%20Security%20Advisory%20-%20Proficy%20HTML%20Help.pdf http://www.securityfocus.com/bid/36546 http://www.us-cert.gov/control_systems/pdf/ICSA-12-131-02.pdf http://www.vupen.com/english/advisories/2009/2793 http://www.vupen.com/english/advisories& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-0216
https://notcve.org/view.php?id=CVE-2009-0216
GE Fanuc iFIX 5.0 and earlier relies on client-side authentication involving a weakly encrypted local password file, which allows remote attackers to bypass intended access restrictions and start privileged server login sessions by recovering a password or by using a modified program module. GE Fanuc iFIX v5.0 y versiones anteriores utiliza una autenticación en el lado del cliente que involucra a un fichero de contraseña local con un cifrado débil, permite a atacantes remotos saltarse las restricciones de acceso implementadas e iniciar sesiones de inicio en servidores privilegiados al recuperar una contraseña o usando un módulo de programa modificado. • http://support.gefanuc.com/support/index?page=kbchannel&id=S:KB13253&actp=search http://www.kb.cert.org/vuls/id/310355 http://www.mcgrewsecurity.com/2009/02/10/ge-fanuc-releases-info-on-ifix-vulnerabilities-vu-310355 http://www.securityfocus.com/bid/33739 https://exchange.xforce.ibmcloud.com/vulnerabilities/48691 • CWE-255: Credentials Management Errors •