Vulnerabilities > GE
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-11-01 | CVE-2012-3010 | Improper Input Validation vulnerability in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6/3.0/3.5 rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3021 and CVE-2012-3026. | 10.0 |
| 2012-07-05 | CVE-2012-2516 | OS Command Injection vulnerability in GE products An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component), as used in GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; Proficy HMI/SCADA iFIX 5.0 and 5.1; Proficy Pulse 1.0; Proficy Batch Execution 5.6; SI7 I/O Driver 7.20 through 7.42; and other products, allows remote attackers to execute arbitrary commands via crafted input, related to a "command injection vulnerability." | 9.3 |
| 2012-07-05 | CVE-2012-2515 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXtender Desktop 5.4; EMC Captiva Quickscan Pro 4.6 SP1; GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; GE Intelligent Platforms Proficy HMI/SCADA iFIX 5.0 and 5.1; GE Intelligent Platforms Proficy Pulse 1.0; GE Intelligent Platforms Proficy Batch Execution 5.6; GE Intelligent Platforms SI7 I/O Driver 7.20 through 7.42; and other products, allow remote attackers to execute arbitrary code via a long string in the second argument to the (1) JumpMappedID or (2) JumpURL method. | 9.3 |
| 2012-03-15 | CVE-2012-0232 | Path Traversal vulnerability in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6/3.0/3.5 Directory traversal vulnerability in rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6, 3.0, 3.0 SP1, and 3.5 allows remote attackers to modify the configuration via crafted strings. | 6.4 |
| 2012-03-15 | CVE-2012-0231 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GE Intelligent Platforms Proficy Plant Applications PRLicenseMgr.exe in the Proficy Server License Manager in GE Intelligent Platforms Proficy Plant Applications 5.0 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TCP session on port 12401. | 10.0 |
| 2012-03-15 | CVE-2012-0230 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GE Intelligent Platforms Proficy Plant Applications PRRDS.exe in the Proficy Remote Data Service in GE Intelligent Platforms Proficy Plant Applications 5.0 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TCP session on port 12299. | 10.0 |
| 2012-03-15 | CVE-2012-0229 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GE Intelligent Platforms Proficy Historian The Data Archiver service in GE Intelligent Platforms Proficy Historian 4.5 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted session on TCP port 14000 to (1) ihDataArchiver.exe or (2) ihDataArchiver_x64.exe. | 10.0 |
| 2011-11-02 | CVE-2011-3320 | Cross-Site Scripting vulnerability in GE Intelligent Platforms Proficy Historian Cross-site scripting (XSS) vulnerability in the Web Administrator component in GE Intelligent Platforms Proficy Historian 4.x and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 4.3 |
| 2011-11-02 | CVE-2011-1919 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GE Intelligent Platforms Proficy Historian Multiple stack-based buffer overflows in GE Intelligent Platforms Proficy Applications before 4.4.1 SIM 101 and 5.x before 5.0 SIM 43 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted TCP message traffic to (1) PRProficyMgr.exe in Proficy Server Manager, (2) PRGateway.exe in Proficy Server Gateway, (3) PRRDS.exe in Proficy Remote Data Service, or (4) PRLicenseMgr.exe in Proficy Server License Manager. | 10.0 |
| 2011-11-02 | CVE-2011-1918 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GE Intelligent Platforms Proficy Historian Stack-based buffer overflow in the Data Archiver service in GE Intelligent Platforms Proficy Historian before 3.5 SIM 17 and 4.x before 4.0 SIM 12 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted TCP message traffic. | 10.0 |