Home -> Resources -> SCADA/ICS Vulnerability Reference -> GE Proficy Plant Applications

General Electric Intelligent Platforms (GE-IP) Proficy Plant Applications Buffer Overflow Vulnerabilities

November 1, 2011 (updated December 6, 2011)

Luigi Auriemma has discovered a vulnerability within the General Electric Intelligent Platforms (GE-IP) Proficy Plant Applications Suite and coordinated this disclosure via Tipping Point.

Multiple vulnerabilities have been reported in Proficy Plant Applications, which can be exploited by malicious people to compromise a vulnerable system.

1) An error in the Server Manager service (PRProficyMgr.exe) can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to 12293/tcp.

2) An error in the Server Gateway (PRGateway.exe) can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to 12294/tcp.

3) An error in the Remote Data Service (PRRDS.exe) can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to 12299/tcp.

4) An error in the Server License Manager (PRLicenseMgr.exe) can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to 12401/tcp.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

ICS-CERT Advisories / Alerts

ICSA-11-243-01

Additional related advisories:
ICSA-11-243-02
ICSA-11-243-03

Vendor Website (include Patches / Hotfixes)

Proficy Security Advisory Information (GEIP11-01, GEIP11-02, GEIP11-03)
GEIP11-02: Security Advisory - Proficy Plant Applications services 
Patch: Proficy Plant Applications 5.0 SIM 43 (signon required)
Patch: Proficy Plant Applications 4.4.1 SIM v101 (signon required)
Vendor Homepage
GE-IP Automation and HMI/SCADA Product Information (includes trial DVD links)

Related links:
GEIP11-01: Security Advisory - Proficy Historian ihDataArchiver 
GEIP11-03: Security Advisory - Proficy Historian Web Administrator 
Patch: Proficy Historian 4.0 SIM 12 (signon required)
Patch: Proficy Historian 3.5 SIM 17 (signon required)
Patch: Proficy Historian 3.1 SIM IH31_11092015699 (signon required)

Exploit Proof-of-Concept

Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URL.

Common Vulnerability & Exposure (CVE) References

CVE-2011-1919
NVD CVE-2011-1919

Related references:
CVE-2011-1918
NVD CVE-2011-1918
CVE-2011-3320
NVD CVE-2011-3320

Additional Information

Open-Source Vulnerability Database #76762
Open-Source Vulnerability Database #76763
Open-Source Vulnerability Database #76764
Open-Source Vulnerability Database #76765
Secunia Advisory #46700
Secunia Vulnerability Report and Statistics on Proficy Plant Applications 4.x
Secunia Vulnerability Report and Statistics on Proficy Plant Applications 5.x
Security Focus Vulnerability Info and Exploit Bugtraq ID 50474
Packet Storm Advisory #106517

GE Works to Fix Vulnerabilities (ISSSource)

Related information:
SCADAhacker Reference - GE-IP Proficy Historian Web Administrator XSS Vulnerabilities
SCADAhacker Reference - GE-IP Proficy Historian Data Archiver Buffer Overflow Vulnerability
Open-Source Vulnerability Database #76766
Open-Source Vulnerability Database #76767
Secunia Advisory #46699
Secunia Vulnerability Report and Statistics on Proficy Historian 3.x
Secunia Vulnerability Report and Statistics on Proficy Historian 4.x
Security Focus Vulnerability Info and Exploit Bugtraq ID 50473
Security Focus Vulnerability Info and Exploit Bugtraq ID 50475
Packet Storm Advisory #106515
Zero Day Initiative - ZDI-11-320