OTPulse
FeedAboutContact

GE iFix

Monitor5.3ICS-CERT ICSA-18-282-01Oct 9, 2018
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

A buffer overflow vulnerability in GE iFIX (versions 2.0–5.8) and Gigasoft components (older than version 8.0) allows an attacker with local access or the ability to deliver a malicious ActiveX control to execute arbitrary code on the HMI workstation. GE released iFIX 5.9 in June 2017 to resolve this issue by incorporating Gigasoft Version 8.0.

What this means
What could happen
A buffer overflow in iFIX could allow an attacker with local or low-privilege access to run arbitrary code on the HMI/SCADA workstation, potentially giving them the ability to modify process data, change alarms, or disrupt operator visibility into plant operations.
Who's at risk
Energy sector operators and oil & gas facilities that use GE iFIX for HMI and process visualization should review their iFIX version. This affects all iFIX versions from 2.0 through 5.8, as well as systems using older Gigasoft components.
How it could be exploited
An attacker with local access to an iFIX workstation—or who can deliver a malicious ActiveX control to a user—can trigger the buffer overflow condition through a crafted input or file. Once the overflow executes, the attacker gains code execution with the privileges of the iFIX process.
Prerequisites
  • Local or adjacent network access to an iFIX workstation
  • User interaction required (opening or loading a malicious file or ActiveX control)
  • Vulnerable version of iFIX (2.0–5.8) or Gigasoft component older than 8.0 in use
Buffer overflow vulnerabilityLow CVSS score but local/low-privilege exploitationUser interaction required (reduces risk)No active public exploits knownVendor patch available (iFIX 5.9+)
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (5)
1 with fix4 pending
ProductAffected VersionsFix Status
iFIX: 2.0 - 5.0≥ 2.0 | ≤ 5.0No fix yet
iFIX: 5.85.8No fix yet
iFIX: 5.55.5No fix yet
iFIX: 5.15.1No fix yet
Gigasoft components: older than< 8.08.0 or later
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDOnly load or use ActiveX controls from trusted, verified sources; disable or restrict ActiveX execution if not required for operations
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade iFIX to version 5.9 or later, which incorporates Gigasoft Version 8.0 and addresses the buffer overflow
Long-term hardening
0/2
HARDENINGIsolate iFIX HMI/SCADA networks behind firewalls and from business networks; restrict remote access and require VPN with current patches if remote engineering access is needed
HARDENINGLimit local access to iFIX workstations through physical security and user access controls
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/7b5d66cc-93fa-40c1-ba64-8e21d80ef504
GE iFix | CVSS 5.3 - OTPulse