PT-2012-4075 · Ge Intelligent Platforms · Si7 I/O Driver+4
Publicado
2012-07-05
·
Atualizado
2012-08-29
·
CVE-2012-2516
CVSS v2.0
9.3
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
GE Intelligent Platforms Proficy Historian versions 3.1 through 4.5
Proficy HMI/SCADA iFIX versions 5.0 through 5.1
Proficy Pulse version 1.0
Proficy Batch Execution version 5.6
SI7 I/O Driver versions 7.20 through 7.42
Description
The issue allows remote attackers to execute arbitrary commands via crafted input, related to a command injection vulnerability.
Recommendations
For GE Intelligent Platforms Proficy Historian versions 3.1 through 4.5, update to a version that includes a fix for the command injection vulnerability.
For Proficy HMI/SCADA iFIX versions 5.0 through 5.1, update to a version that includes a fix for the command injection vulnerability.
For Proficy Pulse version 1.0, update to a version that includes a fix for the command injection vulnerability.
For Proficy Batch Execution version 5.6, update to a version that includes a fix for the command injection vulnerability.
For SI7 I/O Driver versions 7.20 through 7.42, update to a version that includes a fix for the command injection vulnerability.
Exploit
Correção
OS Command Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ge Intelligent Platforms Proficy Historian
Proficy Batch Execution
Proficy Hmi/Scada Ifix
Proficy Pulse
Si7 I/O Driver