GE Fanuc iFIX 5.0 and earlier relies on client-side authentication involving a weakly encrypted local password file, which allows remote attackers to bypass intended access restrictions and start privileged server login sessions by recovering a password or by using a modified program module.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ifix | Ge_fanuc | 2.0 | 2.0 |
Ifix | Ge_fanuc | 2.2 | 2.2 |
Ifix | Ge_fanuc | 2.5 | 2.5 |
Ifix | Ge_fanuc | 2.6 | 2.6 |
Ifix | Ge_fanuc | 2.21 | 2.21 |
Ifix | Ge_fanuc | 3.0 | 3.0 |
Ifix | Ge_fanuc | 3.5 | 3.5 |
Ifix | Ge_fanuc | 4.0 | 4.0 |
Ifix | Ge_fanuc | 4.5 | 4.5 |
Ifix | Ge_fanuc | * | 5.0 |