OSVDB ID: 86258

Title: General Electric (GE) Intelligent Platforms Proficy Real-Time Information Portal Unspecified Overflow (2012-3010)

Info

Disclosure

Oct 15, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Oct 15, 2012

Description

General Electric (GE) Intelligent Platforms Proficy Real-Time Information Portal is prone to an overflow condition. The Remote Interface Service (rifsrvd.exe) fails to properly sanitize user-supplied input resulting in a buffer overflow. This may allow a remote attacker to potentially cause a denial of service or execute arbitrary code. No further details have been provided.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: Vendor Verified, Coordinated Disclosure
OSVDB: SCADA

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a patch to address this vulnerability.

Products

General Electric Company

Proficy Real-Time Information Portal

2.6
3.0
3.0 SP1
3.5
3.5 SP1

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/86258