VAR-201612-0529
Vulnerability from variot - Updated: 2022-05-17 01:36GE Proficy HMI / SCADA-iFIX configuration software is used for process visualization, data acquisition, analysis, and operation monitoring. The software uses the SCADA engine, has multiple connection options, and uses an open, highly scalable distributed network model.
A remote denial of service vulnerability exists in the GE configuration software iFIX V5.8. Because the IFix configuration system fails to properly receive the input data of the Modbus PLC, a remote attacker can use this vulnerability to trigger the configuration system to stop working from a lower computer and launch a remote denial of service attack
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201612-0529",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ifix configuration system",
"scope": "eq",
"trust": 0.6,
"vendor": "ge intellution",
"version": "5.8"
},
{
"model": "ifix configuration system",
"scope": "eq",
"trust": 0.2,
"vendor": "ge intellution the",
"version": "5.8"
}
],
"sources": [
{
"db": "IVD",
"id": "877a5540-d450-4d0f-b3ea-cfab47a200ce"
},
{
"db": "CNVD",
"id": "CNVD-2016-11928"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-11928",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "877a5540-d450-4d0f-b3ea-cfab47a200ce",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2016-11928",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "877a5540-d450-4d0f-b3ea-cfab47a200ce",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "877a5540-d450-4d0f-b3ea-cfab47a200ce"
},
{
"db": "CNVD",
"id": "CNVD-2016-11928"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Proficy HMI / SCADA-iFIX configuration software is used for process visualization, data acquisition, analysis, and operation monitoring. The software uses the SCADA engine, has multiple connection options, and uses an open, highly scalable distributed network model. \n\nA remote denial of service vulnerability exists in the GE configuration software iFIX V5.8. Because the IFix configuration system fails to properly receive the input data of the Modbus PLC, a remote attacker can use this vulnerability to trigger the configuration system to stop working from a lower computer and launch a remote denial of service attack",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11928"
},
{
"db": "IVD",
"id": "877a5540-d450-4d0f-b3ea-cfab47a200ce"
}
],
"trust": 0.72
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-11928",
"trust": 0.8
},
{
"db": "IVD",
"id": "877A5540-D450-4D0F-B3EA-CFAB47A200CE",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "877a5540-d450-4d0f-b3ea-cfab47a200ce"
},
{
"db": "CNVD",
"id": "CNVD-2016-11928"
}
]
},
"id": "VAR-201612-0529",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "877a5540-d450-4d0f-b3ea-cfab47a200ce"
},
{
"db": "CNVD",
"id": "CNVD-2016-11928"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "877a5540-d450-4d0f-b3ea-cfab47a200ce"
},
{
"db": "CNVD",
"id": "CNVD-2016-11928"
}
]
},
"last_update_date": "2022-05-17T01:36:34.269000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Remote Denial of Service Vulnerability in GE Configuration Software iFIX 5.8",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/84916"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11928"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "877a5540-d450-4d0f-b3ea-cfab47a200ce"
},
{
"db": "CNVD",
"id": "CNVD-2016-11928"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-07T00:00:00",
"db": "IVD",
"id": "877a5540-d450-4d0f-b3ea-cfab47a200ce"
},
{
"date": "2017-01-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11928"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11928"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Remote Denial of Service Vulnerability in GE Configuration Software iFIX V5.8",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11928"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Denial of service",
"sources": [
{
"db": "IVD",
"id": "877a5540-d450-4d0f-b3ea-cfab47a200ce"
}
],
"trust": 0.2
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…