CVE-2009-0216
https://notcve.org/view.php?id=CVE-2009-0216
GE Fanuc iFIX 5.0 and earlier relies on client-side authentication involving a weakly encrypted local password file, which allows remote attackers to bypass intended access restrictions and start privileged server login sessions by recovering a password or by using a modified program module. GE Fanuc iFIX v5.0 y versiones anteriores utiliza una autenticación en el lado del cliente que involucra a un fichero de contraseña local con un cifrado débil, permite a atacantes remotos saltarse las restricciones de acceso implementadas e iniciar sesiones de inicio en servidores privilegiados al recuperar una contraseña o usando un módulo de programa modificado. • http://support.gefanuc.com/support/index?page=kbchannel&id=S:KB13253&actp=search http://www.kb.cert.org/vuls/id/310355 http://www.mcgrewsecurity.com/2009/02/10/ge-fanuc-releases-info-on-ifix-vulnerabilities-vu-310355 http://www.securityfocus.com/bid/33739 https://exchange.xforce.ibmcloud.com/vulnerabilities/48691 • CWE-255: Credentials Management Errors •
CVE-2008-0175 – GE Fanuc Real Time Information Portal 2.6 - 'writeFile()' API
https://notcve.org/view.php?id=CVE-2008-0175
Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the main virtual directory. Vulnerabilidad de subida de ficheros no restringida en GE Fanuc Proficy Real-Time Information Portal 2.6 y versiones anteriores permite a atacantes remotos ejecutar código de su elección al subir un fichero con una extensión ejecutable al directorio virtual principal. • https://www.exploit-db.com/exploits/6921 http://secunia.com/advisories/28678 http://securityreason.com/securityalert/3591 http://support.gefanuc.com/support/index?page=kbchannel&id=KB12460 http://www.kb.cert.org/vuls/id/339345 http://www.securityfocus.com/archive/1/487079/100/0/threaded http://www.securityfocus.com/archive/1/487242/100/0/threaded http://www.securityfocus.com/bid/27446 http://www.securitytracker.com/id?1019274 http://www.vupen.com/english/advisories/2008/ •
CVE-2008-0176
https://notcve.org/view.php?id=CVE-2008-0176
Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI SCADA system 7.0 before 7.0 SIM 9, and earlier versions before 6.1 SP6 Hot fix - 010708_162517_6106, allow remote attackers to execute arbitrary code via unknown vectors. Desbordamiento de búfer basado en montículo en w32rtr.exe de GE Fanuc CIMPLICITY HMI SCADA system 7.0 versiones anteriores a 7.0 SIM 9, y versiones anteriores a 6.1 SP6 Hot fix - 010708_162517_6106, permite a atacantes remotos ejecutar código de su elección mediante vectores desconocidos. • http://secunia.com/advisories/28663 http://securityreason.com/securityalert/3592 http://support.gefanuc.com/support/index?page=kbchannel&id=KB12458 http://www.kb.cert.org/vuls/id/308556 http://www.securityfocus.com/archive/1/487076/100/0/threaded http://www.securityfocus.com/archive/1/487241/100/0/threaded http://www.securityfocus.com/bid/27447 http://www.securitytracker.com/id?1019275 http://www.vupen.com/english/advisories/2008/0306 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •