Details of VAR-201207-0056

ID

VAR-201207-0056

CVE

CVE-2012-2515

TITLE

GE Proficy Product Stack Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: b1754968-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-3421

DESCRIPTION

Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXtender Desktop 5.4; EMC Captiva Quickscan Pro 4.6 SP1; GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; GE Intelligent Platforms Proficy HMI/SCADA iFIX 5.0 and 5.1; GE Intelligent Platforms Proficy Pulse 1.0; GE Intelligent Platforms Proficy Batch Execution 5.6; GE Intelligent Platforms SI7 I/O Driver 7.20 through 7.42; and other products, allow remote attackers to execute arbitrary code via a long string in the second argument to the (1) JumpMappedID or (2) JumpURL method. GE Intelligent Platforms is a software and hardware product, service and expertise for users in the field of automation control and embedded. GE Proficy's multiple product KeyHelp.ocx controls fail to properly handle user-committed input, allowing attackers to perform stack-based buffer overflow attacks that can execute arbitrary code in the context of the application. KeyWorks KeyHelp Module is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Successful exploits will compromise the application and the computer. Failed attacks will cause denial-of-service conditions. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: KeyWorks KeyHelp ActiveX Control Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA36905 VERIFY ADVISORY: http://secunia.com/advisories/36905/ DESCRIPTION: pyrokinesis has discovered a vulnerability in the KeyWorks KeyHelp ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the KeyHelp.KeyCtrl.1 ActiveX control (KeyHelp.ocx). This can be exploited to cause a stack-based buffer overflow via an overly long argument passed to the "JumpMappedID()" or "JumpURL()" method. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in KeyHelp.ocx version 1.2.3120.0. Other versions may also be affected. SOLUTION: Set the kill-bit for the affected ActiveX control. PROVIDED AND/OR DISCOVERED BY: Nine:Situations:Group::pyrokinesis ORIGINAL ADVISORY: http://retrogod.altervista.org/9sg_emc_keyhelp.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: GE Intelligent Platforms Multiple Products KeyHelp ActiveX Control Two Vulnerabilities SECUNIA ADVISORY ID: SA49728 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49728/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49728 RELEASE DATE: 2012-06-29 DISCUSS ADVISORY: http://secunia.com/advisories/49728/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/49728/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=49728 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in multiple GE Intelligent Platforms products, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are reported in the following products: * Proficy Historian versions 4.5, 4.0, 3.5, and 3.1 * Proficy HMI/SCADA \x96 iFIX versions 5.1 and 5.0 * Proficy Pulse version 1.0 * Proficy Batch Execution version 5.6 * SI7 I/O Driver versions 7.20 through 7.42 SOLUTION: Apply patch (please see the vendor's advisory for more information). PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Andrea Micalizzi aka rgod via ZDI

Trust: 3.15

sources: NVD: CVE-2012-2515 // JVNDB: JVNDB-2012-003013 // CNVD: CNVD-2012-3421 // BID: 54215 // BID: 36546 // IVD: b1754968-2353-11e6-abef-000c29c66e3d // PACKETSTORM: 81748 // PACKETSTORM: 81740 // PACKETSTORM: 114351

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: b1754968-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-3421

AFFECTED PRODUCTS

vendor:	ge	model:	intelligent platforms si7 i\/o driver	scope:	eq	version:	7.42	Trust: 1.6
vendor:	ge	model:	intelligent platforms proficy historian	scope:	eq	version:	4.0	Trust: 1.6
vendor:	ge	model:	intelligent platforms si7 i\/o driver	scope:	eq	version:	7.20	Trust: 1.6
vendor:	ge	model:	intelligent platforms proficy historian	scope:	eq	version:	3.5	Trust: 1.6
vendor:	ge	model:	intelligent platforms proficy hmi\/scada ifix	scope:	eq	version:	5.1	Trust: 1.6
vendor:	ge	model:	intelligent platforms proficy historian	scope:	eq	version:	3.1	Trust: 1.6
vendor:	ge	model:	intelligent platforms proficy hmi\/scada ifix	scope:	eq	version:	5.0	Trust: 1.6
vendor:	ge	model:	intelligent platforms proficy pulse	scope:	eq	version:	1.0	Trust: 1.6
vendor:	ge	model:	intelligent platforms proficy historian	scope:	eq	version:	4.5	Trust: 1.6
vendor:	ge	model:	intelligent platforms proficy batch execution	scope:	eq	version:	5.6	Trust: 1.6
vendor:	general electric	model:	proficy historian	scope:	eq	version:	4.5	Trust: 1.4
vendor:	general electric	model:	proficy historian	scope:	eq	version:	3.1	Trust: 1.4
vendor:	general electric	model:	proficy historian	scope:	eq	version:	3.5	Trust: 1.4
vendor:	general electric	model:	proficy historian	scope:	eq	version:	4.0	Trust: 1.4
vendor:	emc	model:	documentum applicationxtender desktop	scope:	eq	version:	5.4	Trust: 1.3
vendor:	emc	model:	captiva quickscan pro	scope:	eq	version:	4.6	Trust: 1.0
vendor:	dell emc old emc	model:	captiva quickscan pro	scope:	eq	version:	4.6 sp1	Trust: 0.8
vendor:	dell emc old emc	model:	documentum applicationxtender desktop	scope:	eq	version:	5.4	Trust: 0.8
vendor:	general electric	model:	proficy batch execution	scope:	eq	version:	5.6	Trust: 0.8
vendor:	general electric	model:	proficy hmi/scada - ifix	scope:	eq	version:	5.0	Trust: 0.8
vendor:	general electric	model:	proficy hmi/scada - ifix	scope:	eq	version:	5.1	Trust: 0.8
vendor:	general electric	model:	proficy pulse	scope:	eq	version:	1.0	Trust: 0.8
vendor:	general electric	model:	si7 i/o driver	scope:	eq	version:	7.20 to 7.42	Trust: 0.8
vendor:	general electric	model:	proficy hmi/scada-ifix	scope:	eq	version:	5.0	Trust: 0.6
vendor:	general electric	model:	proficy hmi/scada-ifix	scope:	eq	version:	5.1	Trust: 0.6
vendor:	general	model:	electric proficy hmi/scada-ifix	scope:	eq	version:	5.1	Trust: 0.3
vendor:	general	model:	electric proficy hmi/scada-ifix	scope:	eq	version:	5.0	Trust: 0.3
vendor:	general	model:	electric proficy historian	scope:	eq	version:	4.5	Trust: 0.3
vendor:	general	model:	electric proficy historian	scope:	eq	version:	4.0	Trust: 0.3
vendor:	general	model:	electric proficy historian	scope:	eq	version:	3.5	Trust: 0.3
vendor:	general	model:	electric proficy historian	scope:	eq	version:	3.1	Trust: 0.3
vendor:	keyworks	model:	keyhelp module	scope:	eq	version:	1.2.312	Trust: 0.3
vendor:	emc	model:	captiva quickscan pro sp1	scope:	eq	version:	4.6	Trust: 0.3
vendor:	captiva quickscan pro	model:	-	scope:	eq	version:	4.6	Trust: 0.2
vendor:	documentum applicationxtender desktop	model:	-	scope:	eq	version:	5.4	Trust: 0.2
vendor:	intelligent platforms proficy batch execution	model:	-	scope:	eq	version:	5.6	Trust: 0.2
vendor:	intelligent platforms proficy historian	model:	-	scope:	eq	version:	3.1	Trust: 0.2
vendor:	intelligent platforms proficy historian	model:	-	scope:	eq	version:	3.5	Trust: 0.2
vendor:	intelligent platforms proficy historian	model:	-	scope:	eq	version:	4.0	Trust: 0.2
vendor:	intelligent platforms proficy historian	model:	-	scope:	eq	version:	4.5	Trust: 0.2
vendor:	intelligent platforms proficy hmi scada ifix	model:	-	scope:	eq	version:	5.0	Trust: 0.2
vendor:	intelligent platforms proficy hmi scada ifix	model:	-	scope:	eq	version:	5.1	Trust: 0.2
vendor:	intelligent platforms proficy pulse	model:	-	scope:	eq	version:	1.0	Trust: 0.2
vendor:	intelligent platforms si7 i o driver	model:	-	scope:	eq	version:	7.20	Trust: 0.2
vendor:	intelligent platforms si7 i o driver	model:	-	scope:	eq	version:	7.42	Trust: 0.2

sources: IVD: b1754968-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-3421 // BID: 54215 // BID: 36546 // JVNDB: JVNDB-2012-003013 // CNNVD: CNNVD-201206-522 // NVD: CVE-2012-2515

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-2515
value:	HIGH
Trust: 1.0
NVD:	CVE-2012-2515
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201206-522
value:	CRITICAL
Trust: 0.6
IVD:	b1754968-2353-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2

nvd@nist.gov:	CVE-2012-2515
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	b1754968-2353-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: b1754968-2353-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2012-003013 // CNNVD: CNNVD-201206-522 // NVD: CVE-2012-2515

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2012-003013 // NVD: CVE-2012-2515

THREAT TYPE

network

Trust: 0.6

sources: BID: 54215 // BID: 36546

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: b1754968-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201206-522

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-003013

PATCH

title:	Captiva	url:	http://japan.emc.com/enterprise-content-management/captiva/captiva.htm	Trust: 0.8
title:	Top Page	url:	http://www.ge-ip.com/	Trust: 0.8
title:	GEIP12-04	url:	http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14863/en_US/GEIP12-04%20Security%20Advisory%20-%20Proficy%20HTML%20Help.pdf	Trust: 0.8
title:	partner	url:	http://www.ge-ip.co.jp/partner.html	Trust: 0.8
title:	Top Page	url:	http://www.ge-ip.co.jp/	Trust: 0.8
title:	Patch for GE Proficy Product Stack Buffer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/18408	Trust: 0.6

sources: CNVD: CNVD-2012-3421 // JVNDB: JVNDB-2012-003013

EXTERNAL IDS

db:	NVD	id:	CVE-2012-2515	Trust: 3.8
db:	ICS CERT	id:	ICSA-12-131-02	Trust: 3.0
db:	BID	id:	36546	Trust: 2.5
db:	SECUNIA	id:	36905	Trust: 1.7
db:	SECUNIA	id:	36914	Trust: 1.7
db:	VUPEN	id:	ADV-2009-2793	Trust: 1.0
db:	VUPEN	id:	ADV-2009-2795	Trust: 1.0
db:	BID	id:	54215	Trust: 0.9
db:	CNVD	id:	CNVD-2012-3421	Trust: 0.8
db:	CNNVD	id:	CNNVD-201206-522	Trust: 0.8
db:	JVNDB	id:	JVNDB-2012-003013	Trust: 0.8
db:	SECUNIA	id:	49728	Trust: 0.7
db:	NSFOCUS	id:	19918	Trust: 0.6
db:	IVD	id:	B1754968-2353-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	PACKETSTORM	id:	81748	Trust: 0.1
db:	PACKETSTORM	id:	81740	Trust: 0.1
db:	PACKETSTORM	id:	114351	Trust: 0.1

sources: IVD: b1754968-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-3421 // BID: 54215 // BID: 36546 // JVNDB: JVNDB-2012-003013 // PACKETSTORM: 81748 // PACKETSTORM: 81740 // PACKETSTORM: 114351 // CNNVD: CNNVD-201206-522 // NVD: CVE-2012-2515

REFERENCES

url:	http://www.us-cert.gov/control_systems/pdf/icsa-12-131-02.pdf	Trust: 2.4
url:	http://retrogod.altervista.org/9sg_emc_keyhelp.html	Trust: 1.8
url:	http://support.ge-ip.com/support/resources/sites/ge_fanuc_support/content/live/kb/14000/kb14863/en_us/geip12-04%20security%20advisory%20-%20proficy%20html%20help.pdf	Trust: 1.7
url:	http://www.securityfocus.com/bid/36546	Trust: 1.6
url:	http://secunia.com/advisories/36914	Trust: 1.6
url:	http://secunia.com/advisories/36905	Trust: 1.6
url:	http://www.vupen.com/english/advisories/2009/2795	Trust: 1.0
url:	http://www.vupen.com/english/advisories/2009/2793	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2515	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2515	Trust: 0.8
url:	http://www.www.us-cert.gov/control_systems/pdf/icsa-12-131-02.pdfhttp	Trust: 0.6
url:	http://secunia.com/advisories/49728	Trust: 0.6
url:	http://www.securityfocus.com/bid/54215	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/19918	Trust: 0.6
url:	http://www.keyworks.net/keyhelp.htm	Trust: 0.3
url:	http://support.microsoft.com/kb/240797	Trust: 0.3
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.3
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.3
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.3
url:	http://secunia.com/advisories/business_solutions/	Trust: 0.2
url:	http://secunia.com/advisories/36905/	Trust: 0.2
url:	http://secunia.com/advisories/36914/	Trust: 0.1
url:	http://secunia.com/psi_30_beta_launch	Trust: 0.1
url:	http://secunia.com/advisories/49728/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/advisories/49728/#comments	Trust: 0.1
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://support.ge-ip.com/support/index?page=kbchannel&id=s:kb14863	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=49728	Trust: 0.1

sources: CNVD: CNVD-2012-3421 // BID: 36546 // JVNDB: JVNDB-2012-003013 // PACKETSTORM: 81748 // PACKETSTORM: 81740 // PACKETSTORM: 114351 // CNNVD: CNNVD-201206-522 // NVD: CVE-2012-2515

CREDITS

Andrea Micalizzi

Trust: 0.9

sources: BID: 54215 // CNNVD: CNNVD-201206-522

SOURCES

db:	IVD	id:	b1754968-2353-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2012-3421
db:	BID	id:	54215
db:	BID	id:	36546
db:	JVNDB	id:	JVNDB-2012-003013
db:	PACKETSTORM	id:	81748
db:	PACKETSTORM	id:	81740
db:	PACKETSTORM	id:	114351
db:	CNNVD	id:	CNNVD-201206-522
db:	NVD	id:	CVE-2012-2515

LAST UPDATE DATE

2024-11-23T21:46:18.991000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-3421	date:	2012-06-29T00:00:00
db:	BID	id:	54215	date:	2015-03-19T09:26:00
db:	BID	id:	36546	date:	2015-04-13T20:02:00
db:	JVNDB	id:	JVNDB-2012-003013	date:	2012-07-06T00:00:00
db:	CNNVD	id:	CNNVD-201206-522	date:	2012-06-29T00:00:00
db:	NVD	id:	CVE-2012-2515	date:	2024-11-21T01:39:10.217

SOURCES RELEASE DATE

db:	IVD	id:	b1754968-2353-11e6-abef-000c29c66e3d	date:	2012-06-29T00:00:00
db:	CNVD	id:	CNVD-2012-3421	date:	2012-06-29T00:00:00
db:	BID	id:	54215	date:	2012-06-27T00:00:00
db:	BID	id:	36546	date:	2009-09-29T00:00:00
db:	JVNDB	id:	JVNDB-2012-003013	date:	2012-07-06T00:00:00
db:	PACKETSTORM	id:	81748	date:	2009-10-01T13:53:12
db:	PACKETSTORM	id:	81740	date:	2009-09-30T15:12:07
db:	PACKETSTORM	id:	114351	date:	2012-06-29T03:34:47
db:	CNNVD	id:	CNNVD-201206-522	date:	2012-06-29T00:00:00
db:	NVD	id:	CVE-2012-2515	date:	2012-07-05T03:23:18.480