Vulnerabilities > CVE-2008-0175 - Unspecified vulnerability in GE Fanuc Proficy Real-Time Information Portal
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN ge-fanuc
exploit available
Summary
Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the main virtual directory.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | GE Fanuc Real Time Information Portal 2.6 writeFile() API Exploit (meta). CVE-2008-0175. Remote exploit for windows platform |
| id | EDB-ID:6921 |
| last seen | 2016-02-01 |
| modified | 2008-11-01 |
| published | 2008-11-01 |
| reporter | Kevin Finisterre |
| source | https://www.exploit-db.com/download/6921/ |
| title | GE Fanuc Real Time Information Portal 2.6 writeFile API Exploit meta |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 27446 CVE(CAN) ID: CVE-2008-0175 Proficy Real-Time Information Portal是一个基于Web的解决方案,将基于在线和过程的系统与厂级连接性、分析和人机界面器件集成起来。 Proficy Real-Time Information Portal在处理用户请求时存在漏洞,远程攻击者可能利用此漏洞控制服务器。 Proficy Real-Time Information Portal没有对Add WebSource执行正确的Java RMI调用,允许用户设置放置文件位置的名称和路径,而文件本身的另一个参数是base64编码的内容。通过认证的攻击者可以通过在Web浏览器中请求文件使用Add WebSource选项向服务器的主虚拟目录上传任意文件,包括ASP文件,这样就可以完全入侵服务器。 GE Fanuc Proficy Real-Time Information Portal 2.6 临时解决方法: 如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁: * 从Proficy目录删除IIS用户的写权限。 厂商补丁: GE Fanuc -------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: <a href=http://www.gefanuc.com/as_en/products_solutions/production_management/products/proficy_portal.html target=_blank>http://www.gefanuc.com/as_en/products_solutions/production_management/products/proficy_portal.html</a> |
| id | SSV:2872 |
| last seen | 2017-11-19 |
| modified | 2008-01-30 |
| published | 2008-01-30 |
| reporter | Root |
| title | GE-Fanuc Proficy Real-Time Information Portal远程脚本上传及执行漏洞 |
References
- http://secunia.com/advisories/28678
- http://secunia.com/advisories/28678
- http://securityreason.com/securityalert/3591
- http://securityreason.com/securityalert/3591
- http://support.gefanuc.com/support/index?page=kbchannel&id=KB12460
- http://support.gefanuc.com/support/index?page=kbchannel&id=KB12460
- http://www.kb.cert.org/vuls/id/339345
- http://www.kb.cert.org/vuls/id/339345
- http://www.securityfocus.com/archive/1/487079/100/0/threaded
- http://www.securityfocus.com/archive/1/487079/100/0/threaded
- http://www.securityfocus.com/archive/1/487242/100/0/threaded
- http://www.securityfocus.com/archive/1/487242/100/0/threaded
- http://www.securityfocus.com/bid/27446
- http://www.securityfocus.com/bid/27446
- http://www.securitytracker.com/id?1019274
- http://www.securitytracker.com/id?1019274
- http://www.vupen.com/english/advisories/2008/0307/references
- http://www.vupen.com/english/advisories/2008/0307/references