Release date:
Updated on:
Affected Systems:
Common Electric Proficy HMI/SCADA-iFIX 5.1
Common Electric Proficy HMI/SCADA-iFIX 5.0
General Electric Proficy Historian 4.5
General Electric Proficy Historian 4.0
General Electric Proficy Historian 3.5
General Electric Proficy Historian 3.1
Description:
--------------------------------------------------------------------------------
Bugtraq id: 54215
CVE (CAN) ID: CVE-2012-2515, CVE-2012-2516
GE Proficy provides data collection, automated process control, and automated hardware products and services.
Multiple GE Proficy products have remote stack buffer overflow and Command Injection Vulnerabilities. Attackers can exploit these vulnerabilities to execute arbitrary shell commands and code in applications using ActiveX controls.
<* Source: Andrea Micalizzi
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
General Electric
----------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.ge-ip.com/products/2420