Vulnerabilities > CVE-2008-0175 - Remote Script Code Execution vulnerability in GE Fanuc Proficy Portal
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the main virtual directory.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | GE Fanuc Real Time Information Portal 2.6 writeFile() API Exploit (meta). CVE-2008-0175. Remote exploit for windows platform |
id | EDB-ID:6921 |
last seen | 2016-02-01 |
modified | 2008-11-01 |
published | 2008-11-01 |
reporter | Kevin Finisterre |
source | https://www.exploit-db.com/download/6921/ |
title | GE Fanuc Real Time Information Portal 2.6 writeFile API Exploit meta |
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 27446 CVE(CAN) ID: CVE-2008-0175 Proficy Real-Time Information Portal是一个基于Web的解决方案,将基于在线和过程的系统与厂级连接性、分析和人机界面器件集成起来。 Proficy Real-Time Information Portal在处理用户请求时存在漏洞,远程攻击者可能利用此漏洞控制服务器。 Proficy Real-Time Information Portal没有对Add WebSource执行正确的Java RMI调用,允许用户设置放置文件位置的名称和路径,而文件本身的另一个参数是base64编码的内容。通过认证的攻击者可以通过在Web浏览器中请求文件使用Add WebSource选项向服务器的主虚拟目录上传任意文件,包括ASP文件,这样就可以完全入侵服务器。 GE Fanuc Proficy Real-Time Information Portal 2.6 临时解决方法: 如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁: * 从Proficy目录删除IIS用户的写权限。 厂商补丁: GE Fanuc -------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: <a href=http://www.gefanuc.com/as_en/products_solutions/production_management/products/proficy_portal.html target=_blank>http://www.gefanuc.com/as_en/products_solutions/production_management/products/proficy_portal.html</a> |
id | SSV:2872 |
last seen | 2017-11-19 |
modified | 2008-01-30 |
published | 2008-01-30 |
reporter | Root |
title | GE-Fanuc Proficy Real-Time Information Portal远程脚本上传及执行漏洞 |
References
- http://secunia.com/advisories/28678
- http://securityreason.com/securityalert/3591
- http://support.gefanuc.com/support/index?page=kbchannel&id=KB12460
- http://www.kb.cert.org/vuls/id/339345
- http://www.securityfocus.com/archive/1/487079/100/0/threaded
- http://www.securityfocus.com/archive/1/487242/100/0/threaded
- http://www.securityfocus.com/bid/27446
- http://www.securitytracker.com/id?1019274
- http://www.vupen.com/english/advisories/2008/0307/references