Vulnerabilities in GE Fanuc CIMPLICITY and Proficy Real-Time Information Portal could allow an attacker to execute arbitrary code, obtain user credentials, upload and execute arbitrary files, or cause a denial-of-service condition.

US-CERT encourages users to review the following GE Fanuc Knowledgebase Articles for further information:

• GE Fanuc Proficy Real-Time Information Portal allows arbitrary file upload and execution (KB12460)
• GE Fanuc Proficy Real-Time Information Portal transmits authentication credentials in plain text (KB12459)
• Buffer Overflow Allows Remote Code Execution (KB12458)