Home -> Resources -> SCADA/ICS Vulnerability Reference -> GE Proficy Plant Applications

General Electric Intelligent Platforms (GE-IP) Proficy Historian Data Archiver Buffer Overflow Vulnerability

November 1, 2011 (updated November 29, 2011, December 6, 2011)

Luigi Auriemma has discovered a vulnerability within the General Electric Intelligent Platforms (GE-IP) Proficy Historian and coordinated this disclosure via Tipping Point (part of Hewlett-Packard) ZDI-11-320.

This vulnerability in the Proficy Historian can be exploited by malicious people to compromise a vulnerable system.

An error in the Data Archiver service (ihDataArchiver.exe or ihDataArchiver_x64.exe) when processing certain network messages can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to 14000/tcp.

Successful exploitation of this vulnerability may allow execution of arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions.

ICS-CERT Advisories / Alerts

ICSA-11-243-03A
ICSA-11-243-03

Additional related Advisories:
ICSA-11-243-01
ICSA-11-243-02

Vendor Website (include Patches / Hotfixes)

Proficy Security Advisory Information (GEIP11-01, GEIP11-02, GEIP11-03)
GEIP11-01: Security Advisory - Proficy Historian ihDataArchiver 
Patch: Proficy Historian 4.0 SIM 12 (signon required)
Patch: Proficy Historian 3.5 SIM 17 (signon required)
Patch: Proficy Historian 3.1 SIM IH31_11092015699 (signon required)
Vendor Homepage
GE-IP Automation and HMI/SCADA Product Information (includes trial DVD links)
Proficy Historian Product Information (includes free download)

Related links:
GEIP11-02: Security Advisory - Proficy Plant Applications services 
GEIP11-03: Security Advisory - Proficy Historian Web Administrator 
Patch: Proficy Plant Applications 5.0 SIM 43 (signon required)
Patch: Proficy Plant Applications 4.4.1 SIM v101 (signon required)

Exploit Proof-of-Concept

No public exploit is available at this time.

Common Vulnerability & Exposure (CVE) References

CVE-2011-1918
NVD CVE-2011-1918

Related references:
CVE-2011-1919
NVD CVE-2011-1919
CVE-2011-3320
NVD CVE-2011-3320

Additional Information

Open-Source Vulnerability Database #76766
Secunia Advisory #46699
Secunia Vulnerability Report and Statistics on Proficy Historian 3.x
Secunia Vulnerability Report and Statistics on Proficy Historian 4.x
Security Focus Vulnerability Info and Exploit Bugtraq ID 50475
Packet Storm Advisory #106515
Zero Day Initiative - ZDI-11-320

GE Works to Fix Vulnerabilities (ISSSource)

Related information:
SCADAhacker Reference - GE-IP Proficy Plant Applications Buffer Overflow Vulnerabilities
SCADAhacker Reference - GE-IP Proficy Historian Web Administrator XSS Vulnerabilities
Open-Source Vulnerability Database #76762
Open-Source Vulnerability Database #76763
Open-Source Vulnerability Database #76764
Open-Source Vulnerability Database #76765
Open-Source Vulnerability Database #76767
Secunia Advisory #46700
Secunia Vulnerability Report and Statistics on Proficy Plant Applications 4.x
Secunia Vulnerability Report and Statistics on Proficy Plant Applications 5.x
Security Focus Vulnerability Info and Exploit Bugtraq ID 50473
Security Focus Vulnerability Info and Exploit Bugtraq ID 50474
Packet Storm Advisory #106517