GE Intelligent Platforms Proficy Historian Data Archiver Buffer Overflow Vulnerability
Low RiskICS-CERT ICSA-11-243-03AJun 3, 2011
Summary
A buffer overflow vulnerability (CWE-119) exists in the GE Proficy Historian Data Archiver service in version 4.0 and earlier. The vulnerability allows remote code execution through a specially crafted message sent to the Data Archiver service. Affected variants include Proficy HMI/SCADA—CIMPLICITY version 8.1 and Proficy HMI/SCADA—iFix versions 5.0 and 5.1 when the Historian component is installed. No patch is available from the vendor.
What this means
What could happen
A buffer overflow in the Proficy Historian Data Archiver service could allow an attacker to run arbitrary code on the server with the service's privileges, potentially disrupting historical data collection or gaining access to process control systems that depend on historian data.
Who's at risk
Energy utilities and manufacturing plants using GE Proficy Historian (version 4.0 or earlier) or Proficy HMI/SCADA platforms (CIMPLICITY 8.1, iFix 5.0–5.1) with integrated historian functionality. The historian server stores and archives process data—disruption or compromise could affect visibility into operations and potentially enable control system tampering.
How it could be exploited
An attacker who can reach the Proficy Historian Data Archiver service (typically via the network) sends a specially crafted message or data input to trigger the buffer overflow, causing memory corruption and allowing arbitrary code execution with the privileges of the historian service account.
Prerequisites
- Network access to the Proficy Historian Data Archiver service port
- Affected product version (Historian ≤4.0 or HMI/SCADA variants with integrated Historian)
- No special credentials required to trigger the buffer overflow
Remotely exploitableNo authentication requiredBuffer overflow (low code complexity)No patch available—end-of-life productAffects SCADA historian and control system visibility
Exploitability
Moderate exploit probability (EPSS 4.6%)
Affected products (4)
4 EOL
ProductAffected VersionsFix Status
Proficy Historian: <=4.0≤ 4.0No fix (EOL)
Proficy HMI/SCADA—CIMPLICITY If Historian is installed: 8.18.1No fix (EOL)
Proficy HMI/SCADA—iFix If Historian is installed: 5.05.0No fix (EOL)
Proficy HMI/SCADA—iFix If Historian is installed: 5.15.1No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2HARDENINGRestrict network access to the Proficy Historian service using firewall rules—allow only trusted engineering workstations and process control servers to communicate with the historian on its service port
HARDENINGIsolate the historian server on a separate network segment or DMZ to limit lateral movement if compromise occurs
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HARDENINGMonitor the historian service for unexpected restarts or error messages that may indicate exploitation attempts
HARDENINGReview network logs for unusual connections to the historian service port
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/ddaed68a-df33-49ba-aa9e-5e3eca80b678