VAR-200801-0248
Vulnerability from variot - Updated: 2025-04-10 23:00Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the main virtual directory. An attacker can run an executable server-side script ( Example: Windows Internet Information Server of ASP shell Etc.) or execute arbitrary commands with web server execution privileges. GE Fanuc Proficy Information Portal Is a web-based system status reporting system that connects production information systems and inter-enterprise networks and handles data such as production information online. This action could allow an attacker to access a vulnerable production information system.
The Proficy Real-Time Information Portal has a vulnerability in processing user requests, and remote attackers could use this vulnerability to control the server.
Proficy Real-Time Information Portal does not perform the correct Java RMI call to Add WebSource, allowing the user to set the name and path of the file location, and another parameter of the file itself is the base64-encoded content. A successful exploit can allow an attacker to upload arbitrary scripts and execute them in the context of the application. Proficy Real Time Information Portal 2.6 is vulnerable; other versions may also be affected. Background
GE-Fanuc's Proficy Information Portal 2.6 is a web based reporting application for the SCADA environment. As such it will usually be installed in a buffer zone between the SCADA and the corporate network, which makes it a very sensitive application as it can reach both networks.
Impact
An authenticated attacker can compromise the server running Proficy Information Portal, enabling him to progress to the control/process network.
Workaround/Fix
Vendor fix will be available by Feb 15th. A possible workaround is to remove the write permission of the IIS user from the Proficy directory.
Additional Information
For additional information please contact us at info@c4-security.com. Note that we will respond only to verified utility personnel and governmental agencies. The CVE identifier assigned to this vulnerability by CERT is CVE-2008-0175
Credit
This vulnerability was discovered and exploited by Eyal Udassin of C4.
Regards,
Eyal Udassin - C4 (Formerly Swift Coders) 33 Jabotinsky St. The Twin Towers #1, Ramat Gan, Israel eyal.udassin@c4-security.com / www.c4-security.com http://www.c4-security.com/ +972-547-684989 .
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.
Download and test it today: https://psi.secunia.com/
Read more about this new version: https://psi.secunia.com/?page=changelog
TITLE: Proficy Real-Time Information Portal "Add WebSource" File Upload Vulnerability
SECUNIA ADVISORY ID: SA28678
VERIFY ADVISORY: http://secunia.com/advisories/28678/
CRITICAL: Less critical
IMPACT: System access
WHERE:
From local network
SOFTWARE: Proficy Real-Time Information Portal 2.x http://secunia.com/product/17343/
DESCRIPTION: Eyal Udassin has reported a vulnerability in Proficy Real-Time Information Portal, which can be exploited by malicious users to compromise a vulnerable system.
The vulnerability is caused due to an error in the "Add WebSource" feature when handling file uploads. This can be exploited to e.g.
The vulnerability is reported in version 2.6. Other versions may also be affected.
SOLUTION: The vendor will reportedly release a SIM (Software Improvement Module) by February 15, 2008.
PROVIDED AND/OR DISCOVERED BY: Eyal Udassin, C4 Security
ORIGINAL ADVISORY: GE Fanuc (KB12460): http://support.gefanuc.com/support/index?page=kbchannel&id=KB12460
C4 Security (via BugTraq): http://archives.neohapsis.com/archives/bugtraq/2008-01/0373.html
OTHER REFERENCES: US-CERT VU#339345: http://www.kb.cert.org/vuls/id/339345
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200801-0248",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proficy real-time information portal",
"scope": "lte",
"trust": 1.8,
"vendor": "ge fanuc",
"version": "2.6"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ge fanuc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "proficy real-time information portal",
"scope": "eq",
"trust": 0.6,
"vendor": "ge fanuc",
"version": "2.6"
},
{
"model": "fanuc proficy real-time information portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "2.6"
},
{
"model": "fanuc proficy real-time information portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "proficy real time information portal",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "06837a6c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#339345"
},
{
"db": "CNVD",
"id": "CNVD-2008-0433"
},
{
"db": "BID",
"id": "27446"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001055"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-409"
},
{
"db": "NVD",
"id": "CVE-2008-0175"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ge_fanuc:proficy_real-time_information_portal",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001055"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Eyal Udassin of C4",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200801-409"
}
],
"trust": 0.6
},
"cve": "CVE-2008-0175",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2008-0175",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "06837a6c-2352-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-0175",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#339345",
"trust": 0.8,
"value": "0.84"
},
{
"author": "NVD",
"id": "CVE-2008-0175",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200801-409",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "06837a6c-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "06837a6c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#339345"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001055"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-409"
},
{
"db": "NVD",
"id": "CVE-2008-0175"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the main virtual directory. An attacker can run an executable server-side script ( Example: Windows Internet Information Server of ASP shell Etc.) or execute arbitrary commands with web server execution privileges. GE Fanuc Proficy Information Portal Is a web-based system status reporting system that connects production information systems and inter-enterprise networks and handles data such as production information online. This action could allow an attacker to access a vulnerable production information system. \n\n\u00a0The Proficy Real-Time Information Portal has a vulnerability in processing user requests, and remote attackers could use this vulnerability to control the server. \n\n\u00a0Proficy Real-Time Information Portal does not perform the correct Java RMI call to Add WebSource, allowing the user to set the name and path of the file location, and another parameter of the file itself is the base64-encoded content. \nA successful exploit can allow an attacker to upload arbitrary scripts and execute them in the context of the application. \nProficy Real Time Information Portal 2.6 is vulnerable; other versions may also be affected. Background\n-----------------\nGE-Fanuc\u0027s Proficy Information Portal 2.6 is a web based reporting\napplication for the SCADA environment. As such it will usually be installed\nin a buffer zone between the SCADA and the corporate network, which makes it\na very sensitive application as it can reach both networks. \n\nImpact\n----------\nAn authenticated attacker can compromise the server running Proficy\nInformation Portal, enabling him to progress to the control/process network. \n \nWorkaround/Fix\n-----------------------\nVendor fix will be available by Feb 15th. \nA possible workaround is to remove the write permission of the IIS user from\nthe Proficy directory. \n \nAdditional Information\n-------------------------------\nFor additional information please contact us at info@c4-security.com. Note\nthat we will respond only to verified utility personnel and governmental\nagencies. \nThe CVE identifier assigned to this vulnerability by CERT is CVE-2008-0175\n \nCredit\n--------\nThis vulnerability was discovered and exploited by Eyal Udassin of C4. \n \nRegards,\n \nEyal Udassin - C4 (Formerly Swift Coders)\n33 Jabotinsky St. The Twin Towers #1, Ramat Gan, Israel\neyal.udassin@c4-security.com / www.c4-security.com\n\u003chttp://www.c4-security.com/\u003e \n+972-547-684989\n. \n\n----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nProficy Real-Time Information Portal \"Add WebSource\" File Upload\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA28678\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/28678/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nProficy Real-Time Information Portal 2.x\nhttp://secunia.com/product/17343/\n\nDESCRIPTION:\nEyal Udassin has reported a vulnerability in Proficy Real-Time\nInformation Portal, which can be exploited by malicious users to\ncompromise a vulnerable system. \n\nThe vulnerability is caused due to an error in the \"Add WebSource\"\nfeature when handling file uploads. This can be exploited to e.g. \n\nThe vulnerability is reported in version 2.6. Other versions may also\nbe affected. \n\nSOLUTION:\nThe vendor will reportedly release a SIM (Software Improvement\nModule) by February 15, 2008. \n\nPROVIDED AND/OR DISCOVERED BY:\nEyal Udassin, C4 Security\n\nORIGINAL ADVISORY:\nGE Fanuc (KB12460):\nhttp://support.gefanuc.com/support/index?page=kbchannel\u0026id=KB12460\n\nC4 Security (via BugTraq):\nhttp://archives.neohapsis.com/archives/bugtraq/2008-01/0373.html\n\nOTHER REFERENCES:\nUS-CERT VU#339345:\nhttp://www.kb.cert.org/vuls/id/339345\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-0175"
},
{
"db": "CERT/CC",
"id": "VU#339345"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001055"
},
{
"db": "CNVD",
"id": "CNVD-2008-0433"
},
{
"db": "BID",
"id": "27446"
},
{
"db": "IVD",
"id": "06837a6c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "63005"
},
{
"db": "PACKETSTORM",
"id": "63060"
}
],
"trust": 3.51
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-0175",
"trust": 3.6
},
{
"db": "CERT/CC",
"id": "VU#339345",
"trust": 3.0
},
{
"db": "BID",
"id": "27446",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "28678",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1019274",
"trust": 2.4
},
{
"db": "VUPEN",
"id": "ADV-2008-0307",
"trust": 1.6
},
{
"db": "SREASON",
"id": "3591",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2008-0433",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200801-409",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "0811",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001055",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20080125 C4 SECURITY ADVISORY - GE FANUC PROFICY INFORMATION PORTAL 2.6 ARBITRARY FILE UPLOAD AND EXECUTION",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080129 RE: C4 SECURITY ADVISORY - GE FANUC PROFICY INFORMATION PORTAL 2.6 ARBITRARY FILE UPLOAD AND EXECUTION",
"trust": 0.6
},
{
"db": "IVD",
"id": "06837A6C-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "63005",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "63060",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "06837a6c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#339345"
},
{
"db": "CNVD",
"id": "CNVD-2008-0433"
},
{
"db": "BID",
"id": "27446"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001055"
},
{
"db": "PACKETSTORM",
"id": "63005"
},
{
"db": "PACKETSTORM",
"id": "63060"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-409"
},
{
"db": "NVD",
"id": "CVE-2008-0175"
}
]
},
"id": "VAR-200801-0248",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "06837a6c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2008-0433"
}
],
"trust": 1.1820513
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "06837a6c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2008-0433"
}
]
},
"last_update_date": "2025-04-10T23:00:36.707000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Securing Your HMI/SCADA Systems",
"trust": 0.8,
"url": "http://www.gefanuc.com/as_en/gefanuc/resource_center/hmi_scada/hmiscada_security.html"
},
{
"title": "KB12460",
"trust": 0.8,
"url": "http://support.gefanuc.com/support/index?page=kbchannel\u0026id=KB12460"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001055"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-DesignError",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001055"
},
{
"db": "NVD",
"id": "CVE-2008-0175"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://support.gefanuc.com/support/index?page=kbchannel\u0026id=kb12460"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/28678"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/27446"
},
{
"trust": 2.4,
"url": "http://www.securitytracker.com/id?1019274"
},
{
"trust": 2.2,
"url": "http://www.kb.cert.org/vuls/id/339345"
},
{
"trust": 1.6,
"url": "http://securityreason.com/securityalert/3591"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/487079/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/487242/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2008/0307/references"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/archive/1/487079/30/0/threaded"
},
{
"trust": 0.8,
"url": "http://packetstormsecurity.org/0811-exploits/hooked_on_fanucs.rb.txt"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0175"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu%23339345/index.html"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0175"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/487079/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/487242/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/0307/references"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/current/index.html#ge_fanuc_product_vulnerabilities"
},
{
"trust": 0.3,
"url": "http://www.gefanuc.com/as_en/products_solutions/production_management/products/proficy_portal.html"
},
{
"trust": 0.3,
"url": "/archive/1/487079"
},
{
"trust": 0.3,
"url": "/archive/1/487242"
},
{
"trust": 0.1,
"url": "http://www.c4-security.com/\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0175"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/17343/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/?page=changelog"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/28678/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-01/0373.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#339345"
},
{
"db": "BID",
"id": "27446"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001055"
},
{
"db": "PACKETSTORM",
"id": "63005"
},
{
"db": "PACKETSTORM",
"id": "63060"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-409"
},
{
"db": "NVD",
"id": "CVE-2008-0175"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "06837a6c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CERT/CC",
"id": "VU#339345"
},
{
"db": "CNVD",
"id": "CNVD-2008-0433"
},
{
"db": "BID",
"id": "27446"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001055"
},
{
"db": "PACKETSTORM",
"id": "63005"
},
{
"db": "PACKETSTORM",
"id": "63060"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-409"
},
{
"db": "NVD",
"id": "CVE-2008-0175"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-01-24T00:00:00",
"db": "IVD",
"id": "06837a6c-2352-11e6-abef-000c29c66e3d"
},
{
"date": "2008-01-25T00:00:00",
"db": "CERT/CC",
"id": "VU#339345"
},
{
"date": "2008-01-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2008-0433"
},
{
"date": "2008-01-24T00:00:00",
"db": "BID",
"id": "27446"
},
{
"date": "2008-02-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001055"
},
{
"date": "2008-01-26T00:12:46",
"db": "PACKETSTORM",
"id": "63005"
},
{
"date": "2008-01-29T00:00:58",
"db": "PACKETSTORM",
"id": "63060"
},
{
"date": "2008-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200801-409"
},
{
"date": "2008-01-29T02:00:00",
"db": "NVD",
"id": "CVE-2008-0175"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-12-18T00:00:00",
"db": "CERT/CC",
"id": "VU#339345"
},
{
"date": "2008-01-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2008-0433"
},
{
"date": "2008-11-04T17:55:00",
"db": "BID",
"id": "27446"
},
{
"date": "2008-02-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001055"
},
{
"date": "2008-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200801-409"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2008-0175"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200801-409"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE-Fanuc Proficy Real-Time Information Portal Remote script upload and execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "06837a6c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2008-0433"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design error",
"sources": [
{
"db": "IVD",
"id": "06837a6c-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-409"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…