GE Security Advisory GEIP12-04 ka20h000000UR00AAG | GE Customer Center

GE Security Advisory GEIP12-04

Description

The attached security advisory addresses a vulnerability in Proficy Historian, Proficy HMI/SCADA iFIX, Proficy Pulse, Proficy Batch Execution, and the SI7 I/O Driver.

The attached removal tool unregisters and deletes the vulnerable ActiveX control. The SIMs below ensure that Proficy Historian software functions properly once the control is removed - the SIMs do not remove the vulnerability.

SIMs for Proficy HMI/SCADA iFIX referenced in GEIP12-04
Run attached removal tool as per the instructions in the security advisory - no SIMs are required.

SIMs for Proficy Pulse referenced in GEIP12-04
Run attached removal tool as per the instructions in the security advisory - no SIMs are required.

SIMs for Proficy Batch Execution referenced in GEIP12-04
Run attached removal tool as per the instructions in the security advisory - no SIMs are required.

SIMs for the SI7 I/O Driver referenced in GEIP12-04
Run attached removal tool as per the instructions in the security advisory - no SIMs are required.

SIMs for Proficy Historian referenced in GEIP12-04
First apply the SIMs below, then run the attached removal tool as per the instructions in the security advisory.

Proficy Historian 4.5 SIM-20 (Note this issue was addressed in SIM 12 / SIM 20 is cumulative)

Proficy Historian 4.0 SIM 24

Proficy Historian 3.5 SIM 20

Historian: General (Requires iH31_SP1)