GE Proficy Plant Applications Suite Remote Memory Corruption Vulnerabilities

Bugtraq ID:	52434
Class:	Boundary Condition Error
CVE:	CVE-2012-0230 CVE-2012-0231
Remote:	Yes
Local:	No
Published:	Mar 13 2012 12:00AM
Updated:	Mar 13 2012 12:00AM
Credit:	Luigi Auriemma through ZDI
Vulnerable:	General Electric Proficy Plant 4.4.1 General Electric Proficy Plant 4.3.1 General Electric Proficy Plant 5.0
Not Vulnerable:

GE Proficy Plant Applications Suite Remote Memory Corruption Vulnerabilities

GE Proficy Plant applications suite is prone to multiple remote memory-corruption vulnerabilities.

Successful exploits may allow attackers to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Proficy Plant applications suite 5.0 and prior versions are vulnerable.

GE Proficy Plant Applications Suite Remote Memory Corruption Vulnerabilities

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

GE Proficy Plant Applications Suite Remote Memory Corruption Vulnerabilities

Solution:
The vendor released updates. Please see the references for more information.

GE Proficy Plant Applications Suite Remote Memory Corruption Vulnerabilities

References:

• ICSA-12-032-02�??MULTIPLE MEMORY CORRUPTION VULNERABILITIES IN PROFICY PLANT APPLI (US-CERT)
  
• Proficy Plant Applications Homepage (US-CERT)