GE.Proficy.Real-Time.Information.Portal.Directory.Traversal
Description
This indicates an attack attempt to exploit a Directory Traversal vulnerability in GE Proficy Real-Time Information Portal.
The vulnerability is due to insufficient sanitizing of requests messages in the application. A remote attacker can exploit this to gain unauthorized access to sensitive information via a crafted request.
Affected Products
General Electric Proficy Real-Time Information Portal 2.6
General Electric Proficy Real-Time Information Portal 3.0
General Electric Proficy Real-Time Information Portal 3.0 SP1 prior to SIM 42
General Electric Proficy Real-Time Information Portal 3.5 prior to SIM 11
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply patch available from the vendor's website.
http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB14768
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |