Vulnerability Details : CVE-2011-1918
Stack-based buffer overflow in the Data Archiver service in GE Intelligent Platforms Proficy Historian before 3.5 SIM 17 and 4.x before 4.0 SIM 12 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted TCP message traffic.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2011-1918
- cpe:2.3:a:ge:intelligent_platforms_proficy_historian:*:*:*:*:*:*:*:*
- cpe:2.3:a:ge:intelligent_platforms_proficy_historian:4.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-1918
17.93%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-1918
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2011-1918
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1918
-
http://ics-cert.us-cert.gov/advisories/ICSA-11-243-03A
GE Intelligent Platforms Proficy Historian Data Archiver Buffer Overflow Vulnerability (Update A) | CISA
-
http://www.securityfocus.com/bid/50475
GE Proficy Historian Data Archiver Service Remote Buffer Overflow Vulnerability
-
http://www.us-cert.gov/control_systems/pdf/ICSA-11-243-03.pdf
404 - File Not Found | CISAUS Government Resource
Jump to