Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0216

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2009-0216
Last Modified 13 Feb 2009 02:41:25
Published 13 Feb 2009 12:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-0216

Summary

GE Fanuc iFIX 5.0 and earlier relies on client-side authentication involving a weakly encrypted local password file, which allows remote attackers to bypass intended access restrictions and start privileged server login sessions by recovering a password or by using a modified program module.

Vulnerable Systems

Application

  • Ge Fanuc Ifix 2.0

  • Ge Fanuc Ifix 2.2

  • Ge Fanuc Ifix 2.21

  • Ge Fanuc Ifix 2.5

  • Ge Fanuc Ifix 2.6

  • Ge Fanuc Ifix 3.0

  • Ge Fanuc Ifix 3.5

  • Ge Fanuc Ifix 4.0

  • Ge Fanuc Ifix 4.5

  • Ge Fanuc Ifix 5.0


References

CERT-VN - VU#310355

XF - gefanucifix-multiple-unauth-access(48691)

BID - 33739

MISC - http://www.mcgrewsecurity.com/2009/02/10/ge-fanuc-releases-info-on-ifix-vulnerabilities-vu-310355/

CONFIRM - http://support.gefanuc.com/support/index?page=kbchannel&id=S:KB13253&actp=search


Last Updated: 27 May 2016 10:50:10