Vulnerability Name: CVE-2012-2516 (CCN-76624) Assigned: 2012-06-27 Published: 2012-06-27 Updated: 2012-07-17 Summary: An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component), as used in GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; Proficy HMI/SCADA iFIX 5.0 and 5.1; Proficy Pulse 1.0; Proficy Batch Execution 5.6; SI7 I/O Driver 7.20 through 7.42; and other products, allows remote attackers to execute arbitrary commands via crafted input, related to a "command injection vulnerability." CVSS v3 Severity: 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C 7.7 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C 7.7 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-78 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2012-2516 KeyHelp ActiveX LaunchTriPane Remote Code Execution GE Intelligent Platforms Multiple Products KeyHelp ActiveX Control Two Vulnerabilities vulnerability in Proficy Historian, Proficy HMI/SCADA iFIX, Proficy Pulse, Proficy Batch Execution, and the SI7 I/O Driver http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14863/en_US/GEIP12-04%20Security%20Advisory%20-%20Proficy%20HTML%20Help.pdf General Electric (GE) Intelligent Platforms Multiple Product KeyHelp.ocx ActiveX Remote Command Execution Multiple GE Proficy Products Stack Buffer Overflow and Command Injection Vulnerabilities GE Proficy Historian 'KeyHelp.ocx' ActiveX Control Remote Code Execution Vulnerability GE INTELLIGENT PLATFORMS PROFICY HTML HELP VULNERABILITIES http://www.us-cert.gov/control_systems/pdf/ICSA-12-131-02.pdf proficy-activex-control-command-exec(76624) Offensive Security Exploit Database [10-11-2012] KeyHelp ActiveX LaunchTriPane Remote Code Execution Vulnerability GE Proficy Historian KeyHelp ActiveX LaunchTriPane Remote Code Execution Vulnerability Vulnerable Configuration: Configuration 1 :cpe:/a:ge:intelligent_platforms_proficy_batch_execution:5.6:*:*:*:*:*:*:* OR cpe:/a:ge:intelligent_platforms_proficy_historian:3.1:*:*:*:*:*:*:* OR cpe:/a:ge:intelligent_platforms_proficy_historian:3.5:*:*:*:*:*:*:* OR cpe:/a:ge:intelligent_platforms_proficy_historian:4.0:*:*:*:*:*:*:* OR cpe:/a:ge:intelligent_platforms_proficy_historian:4.5:*:*:*:*:*:*:* OR cpe:/a:ge:intelligent_platforms_proficy_hmi/scada_ifix:5.0:*:*:*:*:*:*:* OR cpe:/a:ge:intelligent_platforms_proficy_hmi/scada_ifix:5.1:*:*:*:*:*:*:* OR cpe:/a:ge:intelligent_platforms_proficy_pulse:1.0:*:*:*:*:*:*:* OR cpe:/a:ge:intelligent_platforms_si7_i/o_driver:7.20:*:*:*:*:*:*:* OR cpe:/a:ge:intelligent_platforms_si7_i/o_driver:7.42:*:*:*:*:*:*:* BACK
ge intelligent platforms proficy batch execution 5.6
ge intelligent platforms proficy historian 3.1
ge intelligent platforms proficy historian 3.5
ge intelligent platforms proficy historian 4.0
ge intelligent platforms proficy historian 4.5
ge intelligent platforms proficy hmi/scada ifix 5.0
ge intelligent platforms proficy hmi/scada ifix 5.1
ge intelligent platforms proficy pulse 1.0
ge intelligent platforms si7 i/o driver 7.20
ge intelligent platforms si7 i/o driver 7.42
Denotes that component is vulnerable