Vulnerability Note VU#180876
GE Fanuc Proficy Information Portal transmits authentication credentials in plain text
GE Fanuc Proficy Information Portal can transmit authentication credentials in plain text. An attacker could monitor traffic, obtain valid credentials, and gain access to the portal.
GE Fanuc Proficy Information Portal is a web-based systems reporting tool often used to consolidate and integrate online and process-based systems data between Supervisory Control And Data Acquisition (SCADA) systems and the corporate network. Authentication credentials for the portal may be sent in an insecure manner. During the login proceedure usernames are sent to the portal in plaintext and passwords are sent in Base64 encoded format. An attacker may be able to monitor network traffic and obtain credentaials to gain unauthorized access to the portal.
This vulnerability affects GE Fanuc Proficy Information Portal up to and including version 2.6.
An attacker who can intercept network traffic can obtain authentication credentials.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|GE Fanuc||Affected||20 Dec 2007||24 Jan 2008|
CVSS Metrics (Learn More)
This vulnerability was reported by Eyal Udassin of C4 Security.
This document was written by Chris Taschner.
- CVE IDs: CVE-2008-0174
- Date Public: 24 Jan 2008
- Date First Published: 25 Jan 2008
- Date Last Updated: 13 Nov 2008
- Severity Metric: 0.17
- Document Revision: 49
If you have feedback, comments, or additional information about this vulnerability, please send us email.