CVE-2012-0232 – GE Proficy Real-Time Information Portal Remote Interface Service Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2012-0232

Directory traversal vulnerability in rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6, 3.0, 3.0 SP1, and 3.5 allows remote attackers to modify the configuration via crafted strings. Vulnerabilidad de salto de directorio en rifsrvd.exe en Remote Interface Service en GE Intelligent Platforms Proficy Real-Time Information Portal v2.6, v3.0, v3.0 SP1, y v3.5, permite a atacantes remotos modificar la configuracíón a través de de cadenas manipuladas. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE Proficy Real-Time Information Portal. Authentication is not required to exploit this vulnerability. This specific flaw exists within the Remote Interface Service (rifsrvd.exe). The Remote Interface Service listens on TCP port 5159 by default. • http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB14768 http://www.securityfocus.com/bid/52439 http://www.us-cert.gov/control_systems/pdf/ICSA-12-032-03.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •