Executive Summary
Summary | |
---|---|
Title | GE Fanuc Proficy HMI/SCADA iFIX uses insecure authentication techniques |
Informations | |||
---|---|---|---|
Name | VU#310355 | First vendor Publication | 2009-02-11 |
Vendor | VU-CERT | Last vendor Modification | 2009-02-24 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#310355GE Fanuc Proficy HMI/SCADA iFIX uses insecure authentication techniquesOverviewVulnerabilities in the way GE Fanuc iFIX handles authentication could allow a remote attacker to log on to the system with elevated privileges.I. DescriptionGE Fanuc iFIX is SCADA client/server software that includes a Human Machine Interface (HMI) componant and runs on Microsoft Windows CE, NT, 2000, Server 2003, XP, or Vista. Authentication to iFIX is handled insecurely. Usernames and passwords are stored on the client in a local file. The passwords are obfuscated in this file using a weak encryption algorithm. According to GE Fanuc:Attackers can gain copies of this file in two ways. The first way requires that an attacker have an interactive session with the computer containing the file, such as a direct login, or through a remote terminal session, VNC, or some other remote session providing access to a command shell. Using the shell, the attacker can simply copy the file and extract the passwords at some later point. Another way an attacker can gain access to this file is by intercepting the file over the network. This can occur if the file is shared between two computers using Microsoft Windows® network sharing. In this case, an attacker may be able to recreate the file by using a network sniffer to monitor network traffic between them.
Note that this issue affects versions of GE Fanuc iFIX up to and including version 5.0. II. ImpactAn attacker who can access the credentials file or intercept network traffic can obtain authentication credntials and gain unauthorized access to iFIX systems.III. SolutionUntil a more complete solution is available, consider the workarounds below.Apply Workarounds
Systems Affected
References
This issue was reported by Rayford Vaughn and Robert Wesley McGrew at Mississippi State University. This document was written by Chris Taschner.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/310355 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-255 | Credentials Management |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
54274 | GE Fanuc Proficy HMI/SCADA iFIX External Media Autorun Environment Protection... |
54273 | GE Fanuc Proficy HMI/SCADA iFIX Crafted Software Module Authentication Bypass |
54272 | GE Fanuc Proficy HMI/SCADA iFIX Obfuscated Authentication Credential Weakness |
Alert History
Date | Informations |
---|---|
2013-05-11 00:57:00 |
|