Vulnerabilities > CVE-2009-0216 - Credentials Management vulnerability in GE Fanuc Ifix
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
GE Fanuc iFIX 5.0 and earlier relies on client-side authentication involving a weakly encrypted local password file, which allows remote attackers to bypass intended access restrictions and start privileged server login sessions by recovering a password or by using a modified program module.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 10 |
Common Weakness Enumeration (CWE)
References
- http://support.gefanuc.com/support/index?page=kbchannel&id=S:KB13253&actp=search
- http://www.kb.cert.org/vuls/id/310355
- http://www.mcgrewsecurity.com/2009/02/10/ge-fanuc-releases-info-on-ifix-vulnerabilities-vu-310355/
- http://www.securityfocus.com/bid/33739
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48691