Release date:
Updated on: 2013-07-30
Affected Systems:
Ge-ip Proficy CIMPLICITY
Description:
--------------------------------------------------------------------------------
Bugtraq id: 61469
CVE (CAN) ID: CVE-2013-2785
GE Proficy CIMPLICITY is a client/server business visualization and control solution.
The CimWebServer component of GE Proficy CIMPLICITY has a remote code execution vulnerability. This vulnerability occurs because the user input boundary check in the szOptions field is invalid, causing stack corruption, attackers can exploit this vulnerability to execute arbitrary code in the context of a process.
<* Source: ZombiE
Amisto0x07
Link: http://www.zerodayinitiative.com/advisories/ZDI-13-181/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Ge-ip
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.ge-ip.com/products/proficy-hmi-scada-cimplicity/p2819
Http://support.ge-ip.com/support/index? Page = kbchannel & id = KB15602