---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: Proficy HMI/SCADA iFIX Information Disclosure and Security Bypass SECUNIA ADVISORY ID: SA33909 VERIFY ADVISORY: http://secunia.com/advisories/33909/ DESCRIPTION: Some security issues have been reported in iFIX, which can be exploited by malicious users to disclose sensitive information and bypass certain security restrictions, and by malicious people to disclose sensitive information. 1) The application stores user credentials in a local file on the client using an insecure encryption algorithm. This can be exploited to gain knowledge of user names and passwords by obtaining (e.g. via eavesdropping network communication) and decrypting the file. 2) The user authentication is executed within the context of the currently logged-in user, which can be exploited to bypass the authentication e.g. by modifying certain used modules. 3) It is possible to bypass the run-time Environment Protection via the Autoplay feature by attaching an external storage device containing an automatically launched script. Successful exploitation of this security issue requires physical access to an affected system. SOLUTION: Grant only trusted users access to an affected system. Use in a trusted network environment only. PROVIDED AND/OR DISCOVERED BY: * Robert Wesley McGrew * US-CERT also credits Rayford Vaughn. ORIGINAL ADVISORY: iFIX: http://support.gefanuc.com/support/index?page=kbchannel&id=S:KB13253&actp=search US-CERT VU#310355: http://www.kb.cert.org/vuls/id/310355 Robert Wesley McGrew: http://www.mcgrewsecurity.com/2009/02/10/ge-fanuc-releases-info-on-ifix-vulnerabilities-vu-310355/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------