GE Digital Proficy Historian

Act Now9.8ICS-CERT ICSA-23-017-01Jan 17, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

GE Digital Proficy Historian v7.0 and higher contain multiple vulnerabilities including improper authentication (CWE-288), unrestricted upload of dangerous file types (CWE-434), and insufficient access controls (CWE-284, CWE-261). These flaws could allow an unauthenticated remote attacker to execute arbitrary code, cause a buffer overflow condition, and crash the device.

What this means

What could happen

An attacker could remotely execute code on your Proficy Historian server without authentication, potentially reading historical process data, modifying records, or disrupting historian operations which many SCADA and process control systems depend on for monitoring and diagnostics.

Who's at risk

Water utilities, electric utilities, and other critical infrastructure operators using Proficy Historian for real-time and historical data storage and analysis of SCADA, process control, and safety monitoring data should review their deployments. Any organization relying on Historian for operational visibility and diagnostics is affected.

How it could be exploited

An attacker on your network (or the internet if the Historian is exposed) can send specially crafted requests to the Proficy Historian service. The lack of authentication and input validation allows the attacker to upload malicious files or trigger a buffer overflow, leading to remote code execution with the privileges of the Historian service.

Prerequisites

Network connectivity to Proficy Historian service port
No authentication required for exploitation
Proficy Historian version 7.0 or higher

Remotely exploitableNo authentication requiredLow complexity attackHigh CVSS score (9.8)Affects critical infrastructure historian data accessDefault or missing access controls

Exploitability

Low exploit probability (EPSS 0.6%)

Affected products (1)

ProductAffected VersionsFix Status

Proficy Historian: Proficy Historian v7.0 and higher versions≥ v7.02023

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGIsolate Proficy Historian servers behind firewalls and restrict network access to authorized engineering and monitoring workstations only

HARDENINGEnsure Proficy Historian is not accessible from the Internet or untrusted business networks; use network segmentation to separate it from standard IT infrastructure

WORKAROUNDIf remote access to Proficy Historian is required, implement a VPN or bastion host solution with strong authentication and keep it updated

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Proficy Historian to version 2023 or apply Security Information Modules (SIMs) released by GE Digital for all affected versions

CVEs (5)

CVE-2022-46732 CVE-2022-46660 CVE-2022-43494 CVE-2022-46331 CVE-2022-38469

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/7065d7de-6cae-4a94-bdc2-59ee60035042