CVE-2013-0651

Published: Jan 27, 2013Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to read configuration files, and discover data-source credentials, via a direct request.

Affected (6)

Products: Ge: Intelligent Platforms Proficy Real Time Information Portal

1 product

Intelligent Platforms Proficy Real Time Information Portal

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Ge Intelligent Platforms Proficy Real Time Information Portal	All versions
Ge Intelligent Platforms Proficy Real Time Information Portal	Version 2.6
Ge Intelligent Platforms Proficy Real Time Information Portal	Version 3.0
Ge Intelligent Platforms Proficy Real Time Information Portal	Version 3.0 sp1
Ge Intelligent Platforms Proficy Real Time Information Portal	Version 3.5
Ge Intelligent Platforms Proficy Real Time Information Portal	Version 3.5 sp1

Related CWEs

CWE-264

References (2)

http://www.us-cert.gov/control_systems/pdf/ICSA-13-022-01.pdf

Source: ics-cert@hq.dhs.gov

US Government Resource

http://www.us-cert.gov/control_systems/pdf/ICSA-13-022-01.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

Timeline

No history available yet.