Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3021

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2012-3021
Last Modified 12 Apr 2013 10:55:02
Published 01 Nov 2012 06:44:45
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-3021

Summary

rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3010 and CVE-2012-3026.

Vulnerable Systems

Application

  • Intelligent Platforms Proficy Real-time Information Portal 2.6

  • Intelligent Platforms Proficy Real-time Information Portal 3.0

  • Intelligent Platforms Proficy Real-time Information Portal 3.5


References

MISC - http://www.us-cert.gov/control_systems/pdf/ICSA-12-234-01.pdf

CONFIRM - http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/15000/KB15050/en_US/GEIP12-10%20Security%20Advisory%20-%20Proficy%20Portal%20rifsrvd.pdf

CONFIRM - http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15050

BID - 55935


Last Updated: 27 May 2016 11:02:14