ICS-CERT: GE Intelligent Platforms Proficy HTML Vulnerability

Thursday, June 28, 2012

Infosec Island Admin

7fef78c47060974e0b8392e305f0daf0

Independent researcher Andrea Micalizzi has identified a command injection vulnerability in a third-party HTML help application used by some GE Intelligent Platforms Proficy products.

While analyzing this report, GE identified a stack-based buffer overflow vulnerability that also existed in the same component. These vulnerabilities were coordinated through the Zero Day Initiative (ZDI). A remote attacker could exploit these vulnerabilities.

GE Intelligent Platforms has provided a tool to remove the unnecessary ActiveX component that introduced these vulnerabilities.

AFFECTED PRODUCTS

The following GE Intelligent Platforms products are affected:

• Proficy Historian: Versions 4.5, 4.0, 3.5, and 3.1
• Proficy HMI/SCADA – iFIX: Versions 5.1 and 5.0
• Proficy Pulse: Version 1.0
• Proficy Batch Execution: Version 5.6
• SI7 I/O Driver: Versions between 7.20 and 7.42

IMPACT

By luring a user into visiting a malicious website, an attacker could exploit these vulnerabilities to execute arbitrary code on the client or place or replace files on the client.

Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation.

According to GE, Proficy is automation and operations management software that is deployed across multiple industries worldwide.

VULNERABILITY OVERVIEW

STACK-BASED BUFFER OVERFLOW:  A remote stack-based buffer overflow condition exists in the KeyHelp.ocx control because it fails to perform adequate boundary checks on user-supplied input. CVE-2012-2515 has been assigned to this vulnerability. According to the researcher, a CVSS V2 Base score of 7.5 has been assigned.

IMPROPER NEUTRALIZTION OF SPECIAL ELEMENTS:  A remote command injection vulnerability exists in the KeyHelp.ocx control because it fails to restrict or perform adequate validation on user-supplied input. CVE-2012-2516 has been assigned to this vulnerability.

EXPLOITABILITY:  These vulnerabilities are remotely exploitable.

EXISTENCE OF EXPLOIT:  No known public exploits specifically target these vulnerabilities.

DIFFICULTY: An attacker with a medium skill would be able to exploit these vulnerabilities with the use of social engineering.

GE Intelligent Platforms recommends that the KeyHelp.ocx ActiveX control be unregistered and deleted to eliminate these vulnerabilities. GE Intelligent Platforms has recommended specific control removal instructions for each of the affected products to ensure that it continues to function properly once the control is removed. Please see their instructions at the following location:

A username and password may be required.

The full ICS-CERT advisory can be found here:

Source:  http://www.us-cert.gov/control_systems/pdf/ICSA-12-131-02.pdf

Possibly Related Articles:
10451
SCADA
Industrial Control Systems
SCADA Exploits Network Security Infrastructure Buffer Overflow Active X ICS-CERT Industrial Control Systems GE Intelligent Platforms
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.