PT-2012-4075 · Ge Intelligent Platforms · Si7 I/O Driver+4
Published
2012-07-05
·
Updated
2012-08-29
·
CVE-2012-2516
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
GE Intelligent Platforms Proficy Historian versions 3.1 through 4.5
Proficy HMI/SCADA iFIX versions 5.0 through 5.1
Proficy Pulse version 1.0
Proficy Batch Execution version 5.6
SI7 I/O Driver versions 7.20 through 7.42
Description
The issue allows remote attackers to execute arbitrary commands via crafted input, related to a command injection vulnerability.
Recommendations
For GE Intelligent Platforms Proficy Historian versions 3.1 through 4.5, update to a version that includes a fix for the command injection vulnerability.
For Proficy HMI/SCADA iFIX versions 5.0 through 5.1, update to a version that includes a fix for the command injection vulnerability.
For Proficy Pulse version 1.0, update to a version that includes a fix for the command injection vulnerability.
For Proficy Batch Execution version 5.6, update to a version that includes a fix for the command injection vulnerability.
For SI7 I/O Driver versions 7.20 through 7.42, update to a version that includes a fix for the command injection vulnerability.
Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ge Intelligent Platforms Proficy Historian
Proficy Batch Execution
Proficy Hmi/Scada Ifix
Proficy Pulse
Si7 I/O Driver