ICS-CERT received a report from GE Intelligent Platforms and the Zero Day Initiative (ZDI) concerning a directory traversal vulnerability in the GE Intelligent Platforms Proficy Real-Time Information Portal.
This vulnerability was reported to ZDI by independent security researcher Luigi Auriemma.
If exploited, this vulnerability could allow an attacker to create or overwrite a file on the system running Real-Time Information Portal. GE Intelligent Platforms has created patches to address this issue.
According to GE Intelligent Platforms the following product and versions are affected.
Proficy Real-Time Information Portal Versions:
• 3.0 SP1
Note: Proficy Real-Time Information Portal Versions 2.5 and prior are not affected by this vulnerability.
Exploitation of this vulnerability could allow an attacker to create or overwrite a file on the system running Proficy Real-Time Information Portal.
Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.
According to GE, Proficy Real-Time Information Portal is a web-based data visualization and reporting tool that is deployed across multiple industries worldwide.
A directory traversal vulnerability exists in the Remote Interface Service (rifsrvd.exe) that runs on Port 5159/TCP by default. The Remote Interface Service creates a file on the system and does not sufficiently validate two input strings that are used to create a configuration file on the server.
The vulnerability may allow a remote attacker to:
• Set the file’s name and extension (to create a new file or to overwrite an existing file)
• Supply text that will be inserted into the file.
According to GE, the vulnerability does not allow the attacker to directly execute the file and does not allow the attacker to define the file’s entire contents. CVE-2012-0232 has been assigned to this vulnerability.
EXPLOITABILITY: This vulnerability is remotely exploitable.
EXISTENCE OF EXPLOIT: No known public exploits specifically target this vulnerability.
DIFFICULTY: An attacker with a moderate skill level may be able to exploit these vulnerabilities.
GE Intelligent Platforms has released a security advisory and free product update Software Improvement Modules (SIMs) to address this vulnerability in Proficy Real-Time Information Portal Versions 3.5 and 3.0 SP1.
Proficy Real-Time Information Portal customers using Versions 3.0 and 2.6 are encouraged to upgrade to one of the versions described above and apply the appropriate product update. GE Intelligent Platforms urges all customers to follow the recommendations in their security advisory, which can be found here:
Note: A valid GE user ID and Customer Service Number are required to access the advisories and updates. Proficy SIMs are cumulative. All future SIMs will include these updates.
The full ICS-CERT advisory can be found here: