CVE ID | CVE-2012-0229 |
CVSS SCORE | 10.0, AV:N/AC:L/Au:N/C:C/I:C/A:C |
AFFECTED VENDORS |
GE |
AFFECTED PRODUCTS |
Proficy Historian ihDataArchiver |
VULNERABILITY DETAILS |
The specific flaw exists within the ihDataArchiver.exe process which listens by default on TCP port 14000. Several errors are present in the code responsible for parsing data from the network. By providing malformed data for opcodes 6, 7, 8, 10, and 12 the process can be made to corrupt memory which can lead to arbitrary code execution in the context of the user running the service. |
ADDITIONAL DETAILS |
GE has issued an update to correct this vulnerability. More details can be found at:
http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB14767 |
DISCLOSURE TIMELINE |
|
CREDIT | Luigi Auriemma |