Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2516

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2012-2516
Last Modified 17 Jul 2012 12:00:00
Published 04 Jul 2012 11:23:18
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2516

Summary

An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component), as used in GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; Proficy HMI/SCADA iFIX 5.0 and 5.1; Proficy Pulse 1.0; Proficy Batch Execution 5.6; SI7 I/O Driver 7.20 through 7.42; and other products, allows remote attackers to execute arbitrary commands via crafted input, related to a "command injection vulnerability."

Vulnerable Systems

Application

  • Intelligent Platforms Proficy Batch Execution 5.6

  • Intelligent Platforms Proficy Historian 3.1

  • Intelligent Platforms Proficy Historian 3.5

  • Intelligent Platforms Proficy Historian 4.0

  • Intelligent Platforms Proficy Historian 4.5

  • Intelligent Platforms Proficy Hmi%2fscada Ifix 5.0

  • Intelligent Platforms Proficy Hmi%2fscada Ifix 5.1

  • Intelligent Platforms Proficy Pulse 1.0

  • Intelligent Platforms Si7 I%2fo Driver 7.20

  • Intelligent Platforms Si7 I%2fo Driver 7.42


References

MISC - http://www.us-cert.gov/control_systems/pdf/ICSA-12-131-02.pdf

CONFIRM - http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14863/en_US/GEIP12-04%20Security%20Advisory%20-%20Proficy%20HTML%20Help.pdf


Last Updated: 27 May 2016 10:53:33