|Check Point Reference:||CPAI-2012-601|
|Date Published:||14 Oct 2012|
|Protection Provided by:||
|Who is Vulnerable?|| General Electric Proficy Real-Time Information Portal 2.6 |
General Electric Proficy Real-Time Information Portal 3.0
General Electric Proficy Real-Time Information Portal 3.0 SP1 prior to SIM 42
General Electric Proficy Real-Time Information Portal 3.5 prior to SIM 11
|Vulnerability Description||A directory traversal vulnerability has been reported in GE Proficy Real-Time Information Portal.|
|Vulnerability Details||The vulnerability is due to insufficient validation of two strings contained inside certain requests. A remote attacker could exploit this vulnerability by sending a malicious request to the affected application. Successful exploitation of this vulnerability could allow an attacker to delete arbitrary files on the target's file system.|
This protection will detect and block the transferring of a specially crafted message to the affected application.
In order for the protection to be activated, update your product to the latest update. For information on how to update , go to SBP-2006-05, Protection tab and select the version of your choice.
- In the IPS tab, click Protections and find the GE Proficy Real-Time Information Portal Directory Traversal protection using the Search tool and Edit the protection's settings.
- Install policy on all modules.
SmartView Tracker will log the following entries:
Attack Name: Content Protection Violation
Attack Information: GE Proficy Real-Time Information Portal Directory Traversal