Vulnerability CVE-2012-3026

Vulnerability CVE-2012-3026

Published: 2012-11-01 Modified: 2012-11-02

Description:

rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3010 and CVE-2012-3021.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
10/10	10/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
GE -> Intelligent platforms proficy real-time information portal

References:

http://www.us-cert.gov/control_systems/pdf/ICSA-12-234-01.pdf

http://www.securityfocus.com/bid/55935

http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/15000/KB15050/en_US/GEIP12-10%20Security%20Advisory%20-%20Proficy%20Portal%20rifsrvd.pdf

http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15050

Vulnerability CVE-2012-3026

CWE-20

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

10/10

10/10

10/10

Remote

Low

No required

Complete

Complete

Complete

Affected software

References: