VAR-201312-0503
Vulnerability from variot - Updated: 2022-05-17 02:05GE Intelligent Platforms Proficy HMI/SCADA\342\200\223iFIX is the world's leading industrial automation software solution that provides process visualization, data acquisition and data monitoring for production operations. GE Proficy Machine Edition has an overflow vulnerability in the implementation of Trapi File Server (Trapiserver.exe), which is triggered by specially crafted HTTP messages. Causes a buffer overflow that causes a denial of service. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. GE Proficy Machine Edition 7.00 SIM 7 is vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201312-0503",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proficy machine edition sim",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": "7.007"
},
{
"model": "electric proficy machine edition sim",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "7.007"
},
{
"model": "electric proficy machine edition sim",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "7.008"
}
],
"sources": [
{
"db": "IVD",
"id": "a209c786-1efa-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-14827"
},
{
"db": "BID",
"id": "63943"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "63943"
}
],
"trust": 0.3
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-14827",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "a209c786-1efa-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2013-14827",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "a209c786-1efa-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a209c786-1efa-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-14827"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Intelligent Platforms Proficy HMI/SCADA\\342\\200\\223iFIX is the world\u0027s leading industrial automation software solution that provides process visualization, data acquisition and data monitoring for production operations. GE Proficy Machine Edition has an overflow vulnerability in the implementation of Trapi File Server (Trapiserver.exe), which is triggered by specially crafted HTTP messages. Causes a buffer overflow that causes a denial of service. \nSuccessfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. \nGE Proficy Machine Edition 7.00 SIM 7 is vulnerable",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14827"
},
{
"db": "BID",
"id": "63943"
},
{
"db": "IVD",
"id": "a209c786-1efa-11e6-abef-000c29c66e3d"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "63943",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-14827",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "100316",
"trust": 0.6
},
{
"db": "IVD",
"id": "A209C786-1EFA-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a209c786-1efa-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-14827"
},
{
"db": "BID",
"id": "63943"
}
]
},
"id": "VAR-201312-0503",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a209c786-1efa-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-14827"
}
],
"trust": 1.6333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "a209c786-1efa-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-14827"
}
]
},
"last_update_date": "2022-05-17T02:05:55.782000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GE Proficy Machine Edition \u0027Trapiserver.exe\u0027 patch for remote buffer overflow vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/41397"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14827"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://osvdb.org/100316"
},
{
"trust": 0.3,
"url": "http://www.ge-ip.com/"
},
{
"trust": 0.3,
"url": "http://www.ge-ip.com/products/proficy-view-machine-edition/p2823"
},
{
"trust": 0.3,
"url": "http://support.ge-ip.com/support/resources/sites/ge_fanuc_support/content/live/kb/14000/kb14870/en_us/geip12-06%20security%20advisory%20-%20buffer%20overflow%20in%20proficy%20view.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14827"
},
{
"db": "BID",
"id": "63943"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a209c786-1efa-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-14827"
},
{
"db": "BID",
"id": "63943"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-03T00:00:00",
"db": "IVD",
"id": "a209c786-1efa-11e6-abef-000c29c66e3d"
},
{
"date": "2013-12-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14827"
},
{
"date": "2012-04-24T00:00:00",
"db": "BID",
"id": "63943"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14827"
},
{
"date": "2012-04-24T00:00:00",
"db": "BID",
"id": "63943"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "63943"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Proficy Machine Edition \u0027Trapiserver.exe\u0027 Remote Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "a209c786-1efa-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-14827"
},
{
"db": "BID",
"id": "63943"
}
],
"trust": 1.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Failure to Handle Exceptional Conditions",
"sources": [
{
"db": "BID",
"id": "63943"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…