What is CVE-2012-2516?

CVE-2012-2516 is a vulnerability in Ge Intelligent_platforms_proficy_batch_execution, classified under OS Command Injection. Published 2012-07-05.

Is CVE-2012-2516 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Ge Intelligent_platforms_proficy_batch_execution

CVE-2012-2516

An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component), as used in GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; Proficy HMI/SCADA iFIX 5.0 and 5.1; Proficy Pulse 1.0; Proficy Batch…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.694 (98.7th percentile) — read the EPSS interpretation.

Affected products

Ge Intelligent_platforms_proficy_batch_execution — versions 5.6
Ge Intelligent_platforms_proficy_historian — versions 3.1, 3.5, 4.0
Ge Intelligent_platforms_proficy_hmi\/scada_ifix — versions 5.0, 5.1
Ge Intelligent_platforms_proficy_pulse — versions 1.0
Ge Intelligent_platforms_si7_i\/o_driver — versions 7.20, 7.42
N/a — versions n/a

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

ics-cert@hq.dhs.gov (x_refsource_CONFIRM, Vendor Advisory)
ics-cert@hq.dhs.gov (US Government Resource, x_refsource_MISC)

Frequently asked questions

What is CVE-2012-2516?: CVE-2012-2516 is a vulnerability in Ge Intelligent_platforms_proficy_batch_execution, classified under OS Command Injection. Published 2012-07-05.
Is CVE-2012-2516 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.