CVE Vulnerabilities

CVE-2009-0216

Published: Feb 13, 2009 | Modified: Aug 08, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

GE Fanuc iFIX 5.0 and earlier relies on client-side authentication involving a weakly encrypted local password file, which allows remote attackers to bypass intended access restrictions and start privileged server login sessions by recovering a password or by using a modified program module.

Affected Software

Name Vendor Start Version End Version
Ifix Ge_fanuc 2.0 2.0
Ifix Ge_fanuc 2.2 2.2
Ifix Ge_fanuc 2.5 2.5
Ifix Ge_fanuc 2.6 2.6
Ifix Ge_fanuc 2.21 2.21
Ifix Ge_fanuc 3.0 3.0
Ifix Ge_fanuc 3.5 3.5
Ifix Ge_fanuc 4.0 4.0
Ifix Ge_fanuc 4.5 4.5
Ifix Ge_fanuc * 5.0

References