|
|
|
Credit:
The information has been provided by Eyal Udassin.
|
|
Vulnerable Systems:
* GE-Fanuc's Proficy Information Portal version 2.6
Immune Systems:
*
Authentication Vulnerability
The login process of Proficy involves sending the username in cleartext and the password in Base64 encoded format. This transmition can potentially be intercepted and decoded by an attacker with access to the data traffic.
Impact
An attacker can harvest user credentials by intercepting the traffic between the browser and the Proficy server.
Workaround/Fix
The vendor issued a KB article on how to resolve this vulnerability at the GE-Fanuc website.
CVE Information:
CVE-2008-0174
Arbitrary File Upload and Execution
Any authenticated user can use the "Add WebSource" option to upload any file (including asp) to the server, to the main virtual directory where it can be launched by simply requesting it with a web browser. This vulnerability exists due to a faulty Java RMI call which is associated with the "Add WebSource" which allows the user to set the name and path of where the file should be placed, and another parameter is a base64 encoded content for the file itself.
Impact
An authenticated attacker can compromise the server running Proficy Information Portal, enabling him to progress to the control/process network.
Workaround/Fix
Vendor fix will be available by Feb 15th. A possible workaround is to remove the write permission of the IIS user from the Proficy directory.
CVE Information:
CVE-2008-0175
|
|
|
|