GE Proficy Historian Web Administrator XSS
Low RiskICS-CERT ICSA-11-243-02Jun 3, 2011
Summary
GE Proficy Historian Web Administrator contains a reflected cross-site scripting (XSS) vulnerability in all versions. An attacker can inject malicious JavaScript into the web interface, which executes in the browser of any user who visits a crafted link or form input. This can compromise user sessions and allow unauthorized access to historian configuration and historical process data. The vulnerability affects all versions of Proficy Historian and any Proficy HMI/SCADA systems (CIMPLICITY 8.1/8.2, iFIX 5.0/5.1) with Historian installed.
What this means
What could happen
An attacker with network access to the Historian Web Administrator interface could inject malicious JavaScript that executes in the browser of any authorized user who visits the application, potentially allowing credential theft or unauthorized configuration changes to the historian and connected HMI/SCADA systems.
Who's at risk
Energy and manufacturing utilities operating GE Proficy Historian systems for data logging and HMI/SCADA integration should care about this vulnerability. It affects all versions of Proficy Historian, and any installations of Proficy CIMPLICITY (versions 8.1, 8.2) or iFIX (versions 5.0, 5.1) that have Historian integrated are at risk.
How it could be exploited
An attacker with network access to the Historian Web interface crafts a malicious URL or form input containing JavaScript code. When an authorized user clicks the link or the input is processed and reflected in the page, the script executes in their browser context, allowing the attacker to steal session cookies, capture credentials, or modify system settings.
Prerequisites
- Network access to the Proficy Historian Web Administrator interface (port 80 or 443)
- Target user must click a malicious link or visit the application while logged in
- No authentication required from the attacker to inject the payload
remotely exploitableno authentication required from attackeraffects critical data logging and HMI/SCADA systemsno patch available
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (5)
5 EOL
ProductAffected VersionsFix Status
Proficy Historian: vers:all/*All versionsNo fix (EOL)
Proficy HMI/SCADA - CIMPLICITY If Historian is installed: 8.18.1No fix (EOL)
Proficy HMI/SCADA - CIMPLICITY If Historian is installed: 8.28.2No fix (EOL)
Proficy HMI/SCADA - iFIX If Historian is installed: 5.05.0No fix (EOL)
Proficy HMI/SCADA - iFIX If Historian is installed: 5.15.1No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2HARDENINGRestrict network access to the Historian Web Administrator interface to authorized engineering and administrative workstations only using firewall rules or access control lists
HARDENINGDisable or block the Historian Web Administrator interface if it is not actively used; manage the historian through engineering workstations on a protected network segment instead
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGImplement a Web Application Firewall (WAF) in front of the Historian Web interface to filter malicious input and detect XSS attempts
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: Proficy Historian: vers:all/*, Proficy HMI/SCADA - CIMPLICITY If Historian is installed: 8.1, Proficy HMI/SCADA - CIMPLICITY If Historian is installed: 8.2, Proficy HMI/SCADA - iFIX If Historian is installed: 5.0, Proficy HMI/SCADA - iFIX If Historian is installed: 5.1. Apply the following compensating controls:
HARDENINGEducate users not to click suspicious links or access the Historian Web interface from untrusted sources
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/c6c32877-ee9b-4f0d-b495-87b7b22b2956