CVSS: 9.4EPSS: 10%CPEs: 4EXPL: 0CVE-2012-0232 – GE Proficy Real-Time Information Portal Remote Interface Service Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0232
Directory traversal vulnerability in rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6, 3.0, 3.0 SP1, and 3.5 allows remote attackers to modify the configuration via crafted strings. Vulnerabilidad de salto de directorio en rifsrvd.exe en Remote Interface Service en GE Intelligent Platforms Proficy Real-Time Information Portal v2.6, v3.0, v3.0 SP1, y v3.5, permite a atacantes remotos modificar la configuracíón a través de de cadenas manipuladas. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE Proficy Real-Time Information Portal. Authentication is not required to exploit this vulnerability. This specific flaw exists within the Remote Interface Service (rifsrvd.exe). The Remote Interface Service listens on TCP port 5159 by default. • http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB14768 http://www.securityfocus.com/bid/52439 http://www.us-cert.gov/control_systems/pdf/ICSA-12-032-03.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2008-0174
https://notcve.org/view.php?id=CVE-2008-0174
GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges. GE Fanuc Proficy Real-Time Information Portal 2.6 y versiones anteriores utiliza autenticación básica HTTP que transmite usuarios y contraseñas en texto en claro codificado base64 y permite a atacantes remotos robar las contraseñas y obtener priviliegios. • http://securityreason.com/securityalert/3590 http://securitytracker.com/id?1019273 http://support.gefanuc.com/support/index?page=kbchannel&id=KB12459 http://www.kb.cert.org/vuls/id/180876 http://www.securityfocus.com/archive/1/487075/100/0/threaded http://www.securityfocus.com/archive/1/487244/100/0/threaded http://www.securityfocus.com/bid/30754 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 42%CPEs: 1EXPL: 1CVE-2008-0175 – GE Fanuc Real Time Information Portal 2.6 - 'writeFile()' API
https://notcve.org/view.php?id=CVE-2008-0175
Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the main virtual directory. Vulnerabilidad de subida de ficheros no restringida en GE Fanuc Proficy Real-Time Information Portal 2.6 y versiones anteriores permite a atacantes remotos ejecutar código de su elección al subir un fichero con una extensión ejecutable al directorio virtual principal. • https://www.exploit-db.com/exploits/6921 http://secunia.com/advisories/28678 http://securityreason.com/securityalert/3591 http://support.gefanuc.com/support/index?page=kbchannel&id=KB12460 http://www.kb.cert.org/vuls/id/339345 http://www.securityfocus.com/archive/1/487079/100/0/threaded http://www.securityfocus.com/archive/1/487242/100/0/threaded http://www.securityfocus.com/bid/27446 http://www.securitytracker.com/id?1019274 http://www.vupen.com/english/advisories/2008/ •