Posts Tagged ‘GE Intelligent Platforms Proficy Historian Data Archiver’

Wednesday, March 14, 2012 @ 12:03 PM gHale

GE created a series of patches to mitigate vulnerabilities in their GE Intelligent Systems platform, according to reports on ICS-CERT.

In one of the holes, GE patched a vulnerability concerning a directory traversal in the Proficy Real-Time Information Portal. The vulnerability came via independent security researcher Luigi Auriemma through the Zero Day Initiative (ZDI).

RELATED STORIES
Multiple Holes with xArrow
ABB Patches Robot Software
Advantech’s New Version of WebAccess
DLL Hijacking Hole with 7T

If exploited, the vulnerability could allow an attacker to create or overwrite a file on the system running Real-Time Information Portal. GE said these Proficy Real-Time Information Portal versions suffer from the vulnerability:
• 3.5
• 3.0 SP1
• 3.0
• 2.6.

Proficy Real-Time Information Portal Versions 2.5 and prior do not suffer from this vulnerability.

Proficy Real-Time Information Portal is a web-based data visualization and reporting tool deployed across multiple industries worldwide, GE said.

A directory traversal vulnerability exists in the Remote Interface Service (rifsrvd.exe) that runs on Port 5159/TCP by default. The Remote Interface Service creates a file on the system and does not sufficiently validate two input strings used to create a configuration file on the server.

The vulnerability may allow a remote attacker to set the file’s name and extension (to create a new file or to overwrite an existing file), and supply text that can insert into the file.

GE said the vulnerability does not allow the attacker to directly execute the file and does not allow the attacker to define the file’s entire contents. CVE-2012-0232 is the number assigned to this vulnerability.

GE Intelligent Platforms released a security advisory and free product update Software Improvement Modules (SIMs) to address this vulnerability in Proficy Real-Time Information Portal Versions 3.5 and 3.0 SP1. Proficy Real-Time Information Portal customers using Versions 3.0 and 2.6 should upgrade to one of the versions described above and apply the appropriate product update. GE Intelligent Platforms urges all users to follow the recommendations in their security advisory. All users must have a valid GE user ID and customer service number to access the advisories and updates. Proficy SIMs are cumulative. All future SIMs will include these updates.

In another vulnerability reported to ICS-CERT by Auriemma through ZDI, GE created patches for multiple memory corruption vulnerabilities in Proficy Plant Applications.

Proficy Plant Applications versions 5.0 and prior suffer from the holes. Exploiting these vulnerabilities could cause multiple Proficy services to crash and potentially allow an attacker to take control of a system running the affected software.

Proficy Plant Applications suite is an Operations Management software product deployed across multiple industries worldwide, GE said. Proficy Plant Applications services process incoming TCP/IP traffic in a way that creates these memory corruption vulnerabilities. These vulnerabilities are remotely exploitable.

PRRDS.EXE MEMORY CORRUPTION
Proficy Remote Data Service (PRRDS.exe) listens on Port 12299/TCP by default. CVE-2012-0230 is the number assigned to this vulnerability.

PRLICENSEMGR.EXE MEMORY CORRUPTION
Proficy Server License Manager (PRLicenseMgr.exe) listens on Port 12401/TCP by default. CVE-2012-0231 is the number assigned to this vulnerability.

GE Intelligent Platforms recommends users apply product updates to supported Proficy Plant Applications Versions 5.0 and 4.4.1. Proficy Plant Applications customers using unsupported Versions 4.3.1, 4.2.3, 4.2.2, and 215.8 should contact GE Intelligent Platforms Support for assistance with obtaining and applying a patch. GE Intelligent Platforms urges all customers to follow the recommendations in their security advisory. All users need a valid GE user ID and customer service number to access the advisories and updates. Proficy SIMs are cumulative. All future SIMs will include these updates.

In one more vulnerability reported by Auriemma through ZDI, GE patched a memory corruption vulnerability in the GE Intelligent Platforms Proficy Historian Data Archiver. If exploited, this vulnerability could allow an attacker to cause the Historian Data Archiver service to crash, which may lead to arbitrary code execution.

This vulnerability affects the following GE Intelligent Platforms products:
• Proficy Historian: Versions 4.5 and prior
• Proficy HMI/SCADA – CIMPLICITY: Version 8.2 (with Proficy Historian 4.5 or prior installed)
• Proficy HMI/SCADA – iFIX: Versions 5.5, 5.0, and 5.1 (with Proficy Historian 4.5 or prior installed).

Proficy Historian is a data historian that collects, archives, and distributes production information. Proficy Historian product covers multiple industries worldwide.

A memory corruption vulnerability exists because of the way the Historian Data Archiver service (ihDataArchiver.exe or ihDataArchiver_x64.exe) processes incoming traffic on Port 14000/TCP. A specially crafted packet may cause the Historian Data Archiver service to crash and may allow arbitrary code execution. CVE-2012-0229 is the number assigned to this vulnerability. This vulnerability is remotely exploitable.

GE Intelligent Platforms released a security advisory and free product update Software Improvement Modules (SIMs) to address this vulnerability in Proficy software. GE Intelligent Platforms urges all users to follow the recommendations in their security advisory. All users need a valid GE user ID and customer service number to access the advisory and update.

GE Intelligent Platforms recommends users apply product updates to Proficy Historian Versions 3.1, 3.5, 4.0, and 4.5. Proficy Historian customers using versions older than 3.1 are should upgrade to 3.1 or greater and then apply the appropriate product update.

GE Intelligent Platforms also recommends that Proficy HMI/SCADA – iFIX and Proficy HMI/SCADA – CIMPLICITY customers who installed Proficy Historian apply these product updates as well. Alternatively, Proficy HMI/SCADA customers may uninstall the Proficy Historian software if it is not in use.

GE provided the following installation instructions for iFIX and CIMPLICITY SIMs.

Option 1: Apply a product update to the Proficy Historian software. Refer to the information above for “Historian Installations” and apply the appropriate product update to Proficy Historian.

Option 2: Uninstall Proficy Historian if not in use.
1. Double-click the Add/Remove Programs icon in the Control Panel. The Add/Remove Programs dialog box opens.
2. Select Proficy Historian, and click the Remove button.
a. To uninstall Historian and save the current Historian configuration and data, select Do Not Delete Archives and click Next.
b. To uninstall Historian and delete the current Historian configuration and data, select Delete Archives, and click Next.
3. The uninstall proceeds and all Historian components end up removed.

 
 
Archived Entries