GE Proficy Real-Time Information Portal Information Disclosure Vulnerabilities

Low RiskICS-CERT ICSA-13-022-01Oct 26, 2013

Summary

GE Proficy Real-Time Information Portal contains information disclosure vulnerabilities that allow unauthenticated remote access to sensitive operational and system information. The portal fails to enforce proper access controls (CWE-306) and improperly restricts access to sensitive data (CWE-200), allowing attackers on the network to view process data and configuration details without valid credentials.

What this means

What could happen

An attacker with network access to the Proficy Real-Time Information Portal could view sensitive process data and system information without authentication, potentially exposing operational parameters, setpoints, or system configuration details critical to plant operations.

Who's at risk

This vulnerability affects organizations running GE Proficy Real-Time Information Portal in process manufacturing, utilities (water, electric, gas), and other critical infrastructure facilities that rely on the portal for real-time visibility into operational data and system status.

How it could be exploited

An attacker sends an unauthenticated request to the Proficy Real-Time Information Portal over the network. The portal does not properly enforce access controls, allowing the attacker to retrieve sensitive operational and system information that should require authentication to access.

Prerequisites

Network reachability to the Proficy Real-Time Information Portal web interface
No valid credentials required

remotely exploitableno authentication requiredinformation disclosureno patch availableaffects OT visibility systems

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

Proficy Real-Time Information Portal: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGRestrict network access to the Proficy Real-Time Information Portal using firewall rules. Only permit access from authorized engineering workstations and control network subnets.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor access logs to the portal for suspicious unauthenticated connection attempts.

Mitigations - no patch available

0/1

Proficy Real-Time Information Portal: vers:all/* has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGImplement network segmentation to isolate the Proficy Real-Time Information Portal from untrusted networks and the internet.

CVEs (2)

CVE-2013-0651 CVE-2013-0652

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e1659d19-2ce3-4006-8b08-bb05dc74cb19