OSVDB ID: 76763

Title: General Electric (GE) Proficy Plant Applications Server Gateway Service (PRGateway.exe) Packet Parsing Remote Overflow

Info

Disclosure

Aug 29, 2011

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Aug 29, 2011

Description

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Private
Disclosure: Vendor Verified, Coordinated Disclosure
OSVDB: SCADA

Solution

Upgrade to version 5.0 SIM 43 or 4.4.1 SIM v101 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Unknown or Incomplete

References

CVE ID: 2011-1919 (see also: NVD)
Secunia Advisory ID: 46700
Bugtraq ID: 50474
Related OSVDB ID: 76762 76764 76765
Vendor Specific Advisory URL: http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14493/en_US/GEIP11-02%20Security%20Advisory%20-%20Proficy%20Plant%20Applications%20services.pdf
Other Advisory URL: http://www.us-cert.gov/control_systems/pdf/ICSA-11-243-01.pdf

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/76763