CVE-2011-1919

EUVD-2011-1917

02.11.2011, 17:55

Multiple stack-based buffer overflows in GE Intelligent Platforms Proficy Applications before 4.4.1 SIM 101 and 5.x before 5.0 SIM 43 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted TCP message traffic to (1) PRProficyMgr.exe in Proficy Server Manager, (2) PRGateway.exe in Proficy Server Gateway, (3) PRRDS.exe in Proficy Remote Data Service, or (4) PRLicenseMgr.exe in Proficy Server License Manager.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	10 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:C/I:C/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 76%

Affected Products (NVD)

Vendor	Product	Version
ge	intelligent_platforms_proficy_historian	𝑥 ≤ 4.4.1
ge	intelligent_platforms_proficy_historian	4.0
ge	intelligent_platforms_proficy_historian	5.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://www.securityfocus.com/bid/50474

http://www.us-cert.gov/control_systems/pdf/ICSA-11-243-01.pdf

http://www.securityfocus.com/bid/50474

http://www.us-cert.gov/control_systems/pdf/ICSA-11-243-01.pdf