Vulnerability Name: CVE-2012-2516 (CCN-76624) Assigned: 2012-06-27 Published: 2012-06-27 Updated: 2012-07-17 Summary: An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component), as used in GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; Proficy HMI/SCADA iFIX 5.0 and 5.1; Proficy Pulse 1.0; Proficy Batch Execution 5.6; SI7 I/O Driver 7.20 through 7.42; and other products, allows remote attackers to execute arbitrary commands via crafted input, related to a "command injection vulnerability." CVSS v3 Severity: 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C )7.7 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C )7.7 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-78 Vulnerability Consequences: Gain Access References: Source: MITRE Type: CNACVE-2012-2516 Source: CCN Type: Packetstorm Security WebsiteKeyHelp ActiveX LaunchTriPane Remote Code Execution Source: CCN Type: SA49728GE Intelligent Platforms Multiple Products KeyHelp ActiveX Control Two Vulnerabilities Source: CCN Type: GEIP12-04vulnerability in Proficy Historian, Proficy HMI/SCADA iFIX, Proficy Pulse, Proficy Batch Execution, and the SI7 I/O Driver Source: CONFIRM Type: Vendor Advisoryhttp://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14863/en_US/GEIP12-04%20Security%20Advisory%20-%20Proficy%20HTML%20Help.pdf Source: CCN Type: OSVDB ID: 83311General Electric (GE) Intelligent Platforms Multiple Product KeyHelp.ocx ActiveX Remote Command Execution Source: CCN Type: BID-54215Multiple GE Proficy Products Stack Buffer Overflow and Command Injection Vulnerabilities Source: CCN Type: BID-55265GE Proficy Historian 'KeyHelp.ocx' ActiveX Control Remote Code Execution Vulnerability Source: CCN Type: ICSA-12-131-02GE INTELLIGENT PLATFORMS PROFICY HTML HELP VULNERABILITIES Source: MISC Type: US Government Resourcehttp://www.us-cert.gov/control_systems/pdf/ICSA-12-131-02.pdf Source: XF Type: UNKNOWNproficy-activex-control-command-exec(76624) Source: EXPLOIT-DB Type: EXPLOITOffensive Security Exploit Database [10-11-2012] Source: CCN Type: Rapid7 Vulnerability and Exploit Database [05-30-2018]KeyHelp ActiveX LaunchTriPane Remote Code Execution Vulnerability Source: CCN Type: ZDI-12-169GE Proficy Historian KeyHelp ActiveX LaunchTriPane Remote Code Execution Vulnerability Vulnerable Configuration: Configuration 1 :cpe:/a:ge:intelligent_platforms_proficy_batch_execution:5.6:*:*:*:*:*:*:* OR cpe:/a:ge:intelligent_platforms_proficy_historian:3.1:*:*:*:*:*:*:* OR cpe:/a:ge:intelligent_platforms_proficy_historian:3.5:*:*:*:*:*:*:* OR cpe:/a:ge:intelligent_platforms_proficy_historian:4.0:*:*:*:*:*:*:* OR cpe:/a:ge:intelligent_platforms_proficy_historian:4.5:*:*:*:*:*:*:* OR cpe:/a:ge:intelligent_platforms_proficy_hmi/scada_ifix:5.0:*:*:*:*:*:*:* OR cpe:/a:ge:intelligent_platforms_proficy_hmi/scada_ifix:5.1:*:*:*:*:*:*:* OR cpe:/a:ge:intelligent_platforms_proficy_pulse:1.0:*:*:*:*:*:*:* OR cpe:/a:ge:intelligent_platforms_si7_i/o_driver:7.20:*:*:*:*:*:*:* OR cpe:/a:ge:intelligent_platforms_si7_i/o_driver:7.42:*:*:*:*:*:*:* Denotes that component is vulnerable BACK
ge intelligent platforms proficy batch execution 5.6
ge intelligent platforms proficy historian 3.1
ge intelligent platforms proficy historian 3.5
ge intelligent platforms proficy historian 4.0
ge intelligent platforms proficy historian 4.5
ge intelligent platforms proficy hmi/scada ifix 5.0
ge intelligent platforms proficy hmi/scada ifix 5.1
ge intelligent platforms proficy pulse 1.0
ge intelligent platforms si7 i/o driver 7.20
ge intelligent platforms si7 i/o driver 7.42