Advisory Details

August 3rd, 2012

GE Proficy Historian ihDataArchiver.exe Multiple Opcode Parsing Remote Code Execution Vulnerabilities

ZDI-12-133
ZDI-CAN-1377

CVE ID CVE-2012-0229
CVSS SCORE 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
AFFECTED VENDORS GE
AFFECTED PRODUCTS Proficy Historian ihDataArchiver
VULNERABILITY DETAILS


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE iFix. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the ihDataArchiver.exe process which listens by default on TCP port 14000. Several errors are present in the code responsible for parsing data from the network. By providing malformed data for opcodes 6, 7, 8, 10, and 12 the process can be made to corrupt memory which can lead to arbitrary code execution in the context of the user running the service.

ADDITIONAL DETAILS GE has issued an update to correct this vulnerability. More details can be found at:
http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB14767
DISCLOSURE TIMELINE
  • 2011-10-17 - Vulnerability reported to vendor
  • 2012-08-03 - Coordinated public release of advisory
CREDIT Luigi Auriemma
BACK TO ADVISORIES