9.3
CVE-2012-2516
- EPSS 39.71%
- Veröffentlicht 05.07.2012 03:23:18
- Zuletzt bearbeitet 16.06.2026 23:41:37
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component), as used in GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; Proficy HMI/SCADA iFIX 5.0 and 5.1; Proficy Pulse 1.0; Proficy Batch Execution 5.6; SI7 I/O Driver 7.20 through 7.42; and other products, allows remote attackers to execute arbitrary commands via crafted input, related to a "command injection vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ge ≫ Intelligent Platforms Proficy Batch Execution Version5.6
Ge ≫ Intelligent Platforms Proficy Historian Version3.1
Ge ≫ Intelligent Platforms Proficy Historian Version3.5
Ge ≫ Intelligent Platforms Proficy Historian Version4.0
Ge ≫ Intelligent Platforms Proficy Historian Version4.5
Ge ≫ Intelligent Platforms Proficy Pulse Version1.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 39.71% | 0.984 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14863/en_US/GEIP12-04%20Security%20Advisory%20-%20Proficy%20HTML%20Help.pdf
http://www.us-cert.gov/control_systems/pdf/ICSA-12-131-02.pdf