CVE-2012-3026: Input Validation
First published: Thu Nov 01 2012(Updated: )
rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3010 and CVE-2012-3021.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GE Intelligent Platforms Proficy Real-Time Information Portal | =2.6 | |
| GE Intelligent Platforms Proficy Real-Time Information Portal | =3.0 | |
| GE Intelligent Platforms Proficy Real-Time Information Portal | =3.0-sp1 | |
| GE Intelligent Platforms Proficy Real-Time Information Portal | =3.5 | |
| GE Intelligent Platforms Proficy Real-Time Information Portal | =3.5-sp1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15050
- http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/15000/KB15050/en_US/GEIP12-10%20Security%20Advisory%20-%20Proficy%20Portal%20rifsrvd.pdf
- http://www.securityfocus.com/bid/55935
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-234-01.pdf
- agent/author
- agent/description
- agent/event
- agent/references
- agent/type
- agent/weakness
- collector/nvd-index
- vendor/ge
- canonical/ge intelligent platforms proficy real-time information portal
- version/ge intelligent platforms proficy real-time information portal/2.6
- version/ge intelligent platforms proficy real-time information portal/3.0
- version/ge intelligent platforms proficy real-time information portal/3.0-sp1
- version/ge intelligent platforms proficy real-time information portal/3.5
- version/ge intelligent platforms proficy real-time information portal/3.5-sp1