Vulnerabilities > GE > Intelligent Platforms Proficy Historian

DATE CVE VULNERABILITY TITLE RISK
2012-07-05 CVE-2012-2516 OS Command Injection vulnerability in GE products
An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component), as used in GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; Proficy HMI/SCADA iFIX 5.0 and 5.1; Proficy Pulse 1.0; Proficy Batch Execution 5.6; SI7 I/O Driver 7.20 through 7.42; and other products, allows remote attackers to execute arbitrary commands via crafted input, related to a "command injection vulnerability."
network
ge CWE-78
critical
9.3
2012-07-05 CVE-2012-2515 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXtender Desktop 5.4; EMC Captiva Quickscan Pro 4.6 SP1; GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; GE Intelligent Platforms Proficy HMI/SCADA iFIX 5.0 and 5.1; GE Intelligent Platforms Proficy Pulse 1.0; GE Intelligent Platforms Proficy Batch Execution 5.6; GE Intelligent Platforms SI7 I/O Driver 7.20 through 7.42; and other products, allow remote attackers to execute arbitrary code via a long string in the second argument to the (1) JumpMappedID or (2) JumpURL method.
network
emc ge CWE-119
critical
9.3
2012-03-15 CVE-2012-0229 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GE Intelligent Platforms Proficy Historian
The Data Archiver service in GE Intelligent Platforms Proficy Historian 4.5 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted session on TCP port 14000 to (1) ihDataArchiver.exe or (2) ihDataArchiver_x64.exe.
network
low complexity
ge CWE-119
critical
10.0
2011-11-02 CVE-2011-3320 Cross-Site Scripting vulnerability in GE Intelligent Platforms Proficy Historian
Cross-site scripting (XSS) vulnerability in the Web Administrator component in GE Intelligent Platforms Proficy Historian 4.x and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
network
ge CWE-79
4.3
2011-11-02 CVE-2011-1919 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GE Intelligent Platforms Proficy Historian
Multiple stack-based buffer overflows in GE Intelligent Platforms Proficy Applications before 4.4.1 SIM 101 and 5.x before 5.0 SIM 43 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted TCP message traffic to (1) PRProficyMgr.exe in Proficy Server Manager, (2) PRGateway.exe in Proficy Server Gateway, (3) PRRDS.exe in Proficy Remote Data Service, or (4) PRLicenseMgr.exe in Proficy Server License Manager.
network
low complexity
ge CWE-119
critical
10.0
2011-11-02 CVE-2011-1918 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GE Intelligent Platforms Proficy Historian
Stack-based buffer overflow in the Data Archiver service in GE Intelligent Platforms Proficy Historian before 3.5 SIM 17 and 4.x before 4.0 SIM 12 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted TCP message traffic.
network
low complexity
ge CWE-119
critical
10.0