GE Proficy Historian Data Archiver Service Remote Memory Corruption Vulnerability

Bugtraq ID:	52437
Class:	Boundary Condition Error
CVE:	CVE-2012-0229
Remote:	Yes
Local:	No
Published:	Mar 13 2012 12:00AM
Updated:	Mar 19 2015 09:48AM
Credit:	GE and Zero Day Initiative.
Vulnerable:	General Electric Proficy HMI/SCADA-iFIX 5.5 General Electric Proficy HMI/SCADA-iFIX 5.1 General Electric Proficy HMI/SCADA-iFIX 5.0 General Electric Proficy HMI/SCADA-CIMPLICITY 8.2 General Electric Proficy HMI/SCADA-CIMPLICITY 8.1 General Electric Proficy Historian 4.5 General Electric Proficy Historian 4.0 General Electric Proficy Historian 3.5 General Electric Proficy Historian 3.1 General Electric Proficy Historian 0
Not Vulnerable:

GE Proficy Historian Data Archiver Service Remote Memory Corruption Vulnerability

GE Proficy Historian is prone to a remote memory-corruption vulnerability that affects the Data Archiver service.

An attacker could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

GE Proficy Historian Data Archiver Service Remote Memory Corruption Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

GE Proficy Historian Data Archiver Service Remote Memory Corruption Vulnerability

Solution:
Updates are available. Please see the references for more information.