CVE-2012-3026 : rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through

rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3010 and CVE-2012-3021.

Published 2012-11-01 10:44:45

Updated 2013-04-13 02:55:03

Source ICS-CERT

View at NVD, CVE.org

Vulnerability category: Memory CorruptionInput validationExecute codeDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2012-3026

Probability of exploitation activity in the next 30 days: 3.35%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 90 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-3026

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2012-3026

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-3026

http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15050

GE Customer Center
Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/55935

GE Proficy Real-Time Information Portal Multiple Denial of Service Vulnerabilities

CVEs referencing this url
http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/15000/KB15050/en_US/GEIP12-10%20Security%20Advisory%20-%20Proficy%20Portal%20rifsrvd.pdf

GE Customer Center
Vendor Advisory

CVEs referencing this url
http://www.us-cert.gov/control_systems/pdf/ICSA-12-234-01.pdf

404 - File Not Found | CISA
US Government Resource

CVEs referencing this url

Products affected by CVE-2012-3026

GE » Intelligent Platforms Proficy Real-time Information Portal » Version: 2.6
cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:2.6:*:*:*:*:*:*:*
Matching versions
GE » Intelligent Platforms Proficy Real-time Information Portal » Version: 3.0
cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.0:*:*:*:*:*:*:*
Matching versions
GE » Intelligent Platforms Proficy Real-time Information Portal » Version: 3.0 Update SP1
cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.0:sp1:*:*:*:*:*:*
Matching versions
GE » Intelligent Platforms Proficy Real-time Information Portal » Version: 3.5
cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.5:*:*:*:*:*:*:*
Matching versions
GE » Intelligent Platforms Proficy Real-time Information Portal » Version: 3.5 Update SP1
cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.5:sp1:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2012-3026

Exploit prediction scoring system (EPSS) score for CVE-2012-3026

CVSS scores for CVE-2012-3026

CWE ids for CVE-2012-3026

References for CVE-2012-3026

Products affected by CVE-2012-3026