VAR-201312-0496
Vulnerability from variot - Updated: 2022-05-17 01:41GE Intelligent Platforms Proficy HMI/SCADA\342\200\223iFIX is the world's leading industrial automation software solution that provides process visualization, data acquisition and data monitoring for production operations. Multiple GE Proficy products have remote buffer overflow vulnerabilities in the implementation of Ethernet interfaces. When processing Station Manager commands, user input is not properly verified. Causes an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201312-0496",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric rx7i cpu",
"scope": "eq",
"trust": 1.2,
"vendor": "general",
"version": "6.75"
},
{
"model": "electric rx7i cpu",
"scope": "eq",
"trust": 1.2,
"vendor": "general",
"version": "6.12"
},
{
"model": "electric rx7i hot standby cpu",
"scope": "eq",
"trust": 0.9,
"vendor": "general",
"version": "6.75"
},
{
"model": "electric rx7i hot standby cpu",
"scope": "eq",
"trust": 0.9,
"vendor": "general",
"version": "6.12"
},
{
"model": "pacsystems rx3i ethernet interface",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": "6.12"
},
{
"model": "electric rx7i ethernet module",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "6.12"
},
{
"model": "electric pacsystems rx3i ethernet interface",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "6.12"
},
{
"model": "electric ethernet niu",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "90-306.12"
},
{
"model": "electric ethernet niu",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "90-3012.71"
},
{
"model": "electric cpu374 plus",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "90-306.12"
},
{
"model": "electric cpu374 plus",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "90-3012.71"
},
{
"model": "electric cpu372 plus",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "90-306.12"
},
{
"model": "electric cpu372 plus",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "90-3012.71"
}
],
"sources": [
{
"db": "IVD",
"id": "9a8e8672-1efa-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-14824"
},
{
"db": "BID",
"id": "63945"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "BID",
"id": "63945"
}
],
"trust": 0.3
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-14824",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "9a8e8672-1efa-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2013-14824",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "9a8e8672-1efa-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "9a8e8672-1efa-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-14824"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Intelligent Platforms Proficy HMI/SCADA\\342\\200\\223iFIX is the world\u0027s leading industrial automation software solution that provides process visualization, data acquisition and data monitoring for production operations. Multiple GE Proficy products have remote buffer overflow vulnerabilities in the implementation of Ethernet interfaces. When processing Station Manager commands, user input is not properly verified. Causes an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14824"
},
{
"db": "BID",
"id": "63945"
},
{
"db": "IVD",
"id": "9a8e8672-1efa-11e6-abef-000c29c66e3d"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "63945",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-14824",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "100327",
"trust": 0.6
},
{
"db": "IVD",
"id": "9A8E8672-1EFA-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "9a8e8672-1efa-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-14824"
},
{
"db": "BID",
"id": "63945"
}
]
},
"id": "VAR-201312-0496",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "9a8e8672-1efa-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-14824"
}
],
"trust": 1.1666666700000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "9a8e8672-1efa-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-14824"
}
]
},
"last_update_date": "2022-05-17T01:41:25.015000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Multiple GE Proficy Products Ethernet Interface Remote Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/41400"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14824"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://osvdb.org/100327"
},
{
"trust": 0.3,
"url": "http://www.ge.com/"
},
{
"trust": 0.3,
"url": "http://support.ge-ip.com/support/resources/sites/ge_fanuc_support/content/live/kb/14000/kb14872/en_us/geip12-08%20security%20advisory%20-%20buffer%20overflows%20on%20ethernet.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14824"
},
{
"db": "BID",
"id": "63945"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "9a8e8672-1efa-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-14824"
},
{
"db": "BID",
"id": "63945"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-03T00:00:00",
"db": "IVD",
"id": "9a8e8672-1efa-11e6-abef-000c29c66e3d"
},
{
"date": "2013-12-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14824"
},
{
"date": "2012-04-24T00:00:00",
"db": "BID",
"id": "63945"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14824"
},
{
"date": "2012-04-24T00:00:00",
"db": "BID",
"id": "63945"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "63945"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple GE Proficy Products Ethernet Interface Remote Buffer Overflow Vulnerabilities",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14824"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "63945"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…