Vulnerability Description
GE Fanuc iFIX 5.0 and earlier relies on client-side authentication involving a weakly encrypted local password file, which allows remote attackers to bypass intended access restrictions and start privileged server login sessions by recovering a password or by using a modified program module.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ge Fanuc | Ifix | <= 5.0 |
Related Weaknesses (CWE)
References
- http://support.gefanuc.com/support/index?page=kbchannel&id=S:KB13253&actp=searchVendor Advisory
- http://www.kb.cert.org/vuls/id/310355US Government Resource
- http://www.mcgrewsecurity.com/2009/02/10/ge-fanuc-releases-info-on-ifix-vulnerab
- http://www.securityfocus.com/bid/33739
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48691
- http://support.gefanuc.com/support/index?page=kbchannel&id=S:KB13253&actp=searchVendor Advisory
- http://www.kb.cert.org/vuls/id/310355US Government Resource
- http://www.mcgrewsecurity.com/2009/02/10/ge-fanuc-releases-info-on-ifix-vulnerab
- http://www.securityfocus.com/bid/33739
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48691
FAQ
What is CVE-2009-0216?
CVE-2009-0216 is a vulnerability with a CVSS score of 10.0 (HIGH). GE Fanuc iFIX 5.0 and earlier relies on client-side authentication involving a weakly encrypted local password file, which allows remote attackers to bypass intended access restrictions and start priv...
How severe is CVE-2009-0216?
CVE-2009-0216 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0216?
Check the references section above for vendor advisories and patch information. Affected products include: Ge Fanuc Ifix.