CVE-2012-0231 : PRLicenseMgr.exe in the Proficy Server License Manager in GE Intelligent Platforms Proficy Plant Applications 5.0 and ea

PRLicenseMgr.exe in the Proficy Server License Manager in GE Intelligent Platforms Proficy Plant Applications 5.0 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TCP session on port 12401.

Published 2012-03-15 18:55:01

Updated 2018-01-11 02:29:01

Source CERT/CC

View at NVD, CVE.org

Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2012-0231

Probability of exploitation activity in the next 30 days: 11.42%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-0231

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2012-0231

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-0231

http://secunia.com/advisories/48415

Sign in

CVEs referencing this url
http://www.us-cert.gov/control_systems/pdf/ICSA-12-032-02.pdf

404 - File Not Found | CISA
US Government Resource

CVEs referencing this url
http://xforce.iss.net/xforce/xfdb/73957
http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB14766

GE Customer Center
Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/52434

GE Proficy Plant Applications Suite Remote Memory Corruption Vulnerabilities

CVEs referencing this url

Products affected by CVE-2012-0231

GE » Intelligent Platforms Proficy Plant Applications
Versions up to, including, (<=) 5.0
cpe:2.3:a:ge:intelligent_platforms_proficy_plant_applications:*:*:*:*:*:*:*:*
Matching versions
GE » Intelligent Platforms Proficy Plant Applications » Version: 4.2.3
cpe:2.3:a:ge:intelligent_platforms_proficy_plant_applications:4.2.3:*:*:*:*:*:*:*
Matching versions
GE » Intelligent Platforms Proficy Plant Applications » Version: 215.8
cpe:2.3:a:ge:intelligent_platforms_proficy_plant_applications:215.8:*:*:*:*:*:*:*
Matching versions
GE » Intelligent Platforms Proficy Plant Applications » Version: 4.4.1
cpe:2.3:a:ge:intelligent_platforms_proficy_plant_applications:4.4.1:*:*:*:*:*:*:*
Matching versions
GE » Intelligent Platforms Proficy Plant Applications » Version: 4.3.1
cpe:2.3:a:ge:intelligent_platforms_proficy_plant_applications:4.3.1:*:*:*:*:*:*:*
Matching versions
GE » Intelligent Platforms Proficy Plant Applications » Version: 4.2.2
cpe:2.3:a:ge:intelligent_platforms_proficy_plant_applications:4.2.2:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2012-0231

Exploit prediction scoring system (EPSS) score for CVE-2012-0231

CVSS scores for CVE-2012-0231

CWE ids for CVE-2012-0231

References for CVE-2012-0231

Products affected by CVE-2012-0231