CVE-2012-3010 : rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy

rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3021 and CVE-2012-3026.

Published 2012-11-01 10:44:45

Updated 2025-04-11 00:51:22

Source ICS-CERT

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute codeDenial of service

Products affected by CVE-2012-3010

GE » Intelligent Platforms Proficy Real-time Information Portal » Version: 2.6
cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:2.6:*:*:*:*:*:*:*
Matching versions
GE » Intelligent Platforms Proficy Real-time Information Portal » Version: 3.0
cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.0:*:*:*:*:*:*:*
Matching versions
GE » Intelligent Platforms Proficy Real-time Information Portal » Version: 3.0 Update SP1
cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.0:sp1:*:*:*:*:*:*
Matching versions
GE » Intelligent Platforms Proficy Real-time Information Portal » Version: 3.5
cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.5:*:*:*:*:*:*:*
Matching versions
GE » Intelligent Platforms Proficy Real-time Information Portal » Version: 3.5 Update SP1
cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.5:sp1:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2012-3010

EPSS FAQ

3.08%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 86 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-3010

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2012-3010

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-3010

http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15050

GE Customer Center
Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/55935

GE Proficy Real-Time Information Portal Multiple Denial of Service Vulnerabilities

CVEs referencing this url
http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/15000/KB15050/en_US/GEIP12-10%20Security%20Advisory%20-%20Proficy%20Portal%20rifsrvd.pdf

GE Customer Center
Vendor Advisory

CVEs referencing this url
http://www.us-cert.gov/control_systems/pdf/ICSA-12-234-01.pdf

404 - File Not Found | CISA
US Government Resource

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2012-3010

Products affected by CVE-2012-3010

Exploit prediction scoring system (EPSS) score for CVE-2012-3010

CVSS scores for CVE-2012-3010

CWE ids for CVE-2012-3010

References for CVE-2012-3010