According to GE, these products are deployed across multiple sectors worldwide. Proficy Historian is a data historian that collects, archives, and distributes production information. Proficy HMI/SCADA-CIMPLICITY is a client/server-based HMI/SCADA application.
The affected product, Proficy HMI/SCADA iFIX, is a HMI/SCADA application. GE is a US-based company that maintains offices in several countries around the world. NCCIC/ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation. Impact to individual organizations depends on many factors that are unique to each organization. Successful exploitation of this vulnerability may allow an attacker to retrieve user passwords.
GE has reported an insufficiently protected credentials vulnerability in Proficy Human-Machine Interface/Supervisory Control and Data Acquisition (HMI/SCADA) iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian software. This updated advisory is a follow-up to the updated advisory titled ICSA-16-336-05A GE Proficy HMI/SCADA IFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian Vulnerability that was published January 24, 2017, on the NCCIC/ICS-CERT web site.
0 kommentar(er)
