ICS-CERT: GE Intelligent Platforms Proficy Historian Data Advisory

Thursday, March 15, 2012

Infosec Island Admin

7fef78c47060974e0b8392e305f0daf0

ICS-CERT originally released Advisory ICSA-12-032-01P on the US-CERT secure portal on March 02, 2012. This web page release was delayed to allow users time to download and install the update.

ICS-CERT received a report from GE Intelligent Platforms and the Zero Day Initiative (ZDI) concerning a memory corruption vulnerability in the GE Intelligent Platforms Proficy Historian Data Archiver. This vulnerability was reported to ZDI by independent security researcher Luigi Auriemma.

If exploited, this vulnerability could allow an attacker to cause the Historian Data Archiver service to crash, which may lead to arbitrary code execution. This vulnerability was reported to ZDI by independent security researcher Luigi Auriemma.  GE Intelligent Platforms has created a patch to address the issue.

This vulnerability affects the following GE Intelligent Platforms products:

• Proficy Historian: Versions 4.5 and prior

• Proficy HMI/SCADA–CIMPLICITY: Version 8.2 (with Proficy Historian 4.5 or prior installed)

• Proficy HMI/SCADA–iFIX: Versions 5.5, 5.0, and 5.1 (with Proficy Historian 4.5 or prior installed).

Note: Proficy Pulse is not affected by the vulnerability described in this advisory.

IMPACT

Exploitation of this vulnerability could cause the Historian Data Archiver service to crash and potentially allow an attacker to take control of a system running the affected software. Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.

BACKGROUND

Proficy Historian is a data historian that collects, archives, and distributes production information. According to GE, the Proficy Historian product is deployed across multiple industries worldwide.

VULNERABILITY OVERVIEW

A memory corruption vulnerability exists because of the way the Historian Data Archiver service (ihDataArchiver.exe or ihDataArchiver_x64.exe) processes incoming traffic on Port 14000/TCP. A specially crafted packet may cause the Historian Data Archiver service to crash and may allow arbitrary code execution. CVE-2012-0229 has been assigned to this vulnerability.

EXPLOITABILITY: This vulnerability is remotely exploitable.

EXISTENCE OF EXPLOIT: No known exploits specifically target this vulnerability.

DIFFICULTY: An attacker with a moderate skill level would be able to exploit these vulnerabilities.

MITIGATION

GE Intelligent Platforms has released a security advisory and free product update Software Improvement Modules (SIMs) to address this vulnerability in Proficy software. GE Intelligent Platforms urges all customers to follow the recommendations in their security advisory, which can be found here:

Note: A valid GE user ID and Customer Service Number are required to access the advisory and update.

GE Intelligent Platforms recommends that customers apply product updates to Proficy Historian Versions 3.1, 3.5, 4.0, and 4.5. Proficy Historian customers using versions older than 3.1 are encouraged to upgrade to 3.1 or greater and then apply the appropriate product update.

GE Intelligent Platforms also recommends that Proficy HMI/SCADAiFIX and Proficy HMI/SCADA – CIMPLICITY customers who have installed Proficy Historian apply these product updates as well. Alternatively, Proficy HMI/SCADA customers may uninstall the Proficy Historian software if it is not in use.

Note: Proficy SIMs are cumulative. All future SIMs will include these updates.
GE has provided the following installation instructions for iFIX and CIMPLICITY SIMs.
Option 1: Apply a product update to the Proficy Historian software.

Refer to the information above for “Historian Installations” and apply the appropriate product update to Proficy Historian.

Option 2: Uninstall Proficy Historian if not in use.

1. Double-click the Add/Remove Programs icon in the Control Panel. The Add/Remove Programs dialog box opens.

2. Select Proficy Historian, and click the Remove button.

a. To uninstall Historian and save the current Historian configuration and data select Do Not Delete Archives and click Next.

b. To uninstall Historian and delete the current Historian configuration and data, select Delete Archives, and click Next.

3. The uninstall proceeds and all Historian components are removed.

The full ICS-CERT advisory can be found here:

Source:  http://www.us-cert.gov/control_systems/pdf/ICSA-12-032-01.pdf

Possibly Related Articles:
13912
SCADA
Denial of Service SCADA Vulnerabilities Advisory ICS ICS-CERT Industrial Control Systems GE Intelligent Platforms Memory Corruption
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked