Scribd Logo
Upload

Welcome to Scribd!

  • LEIA ME-GEIP13-01 Security Advisory - Proficy HMI SCADA iFIX IO Drivers Default Password PDF

    Uploaded by

    Aderlon Mascarenhas
    277 views3 pages
    During installation, 7.x I / O Drivers for Proficy HMI / SCADA - iFIX create a Windows operating system administrator account with a fixed username and password. An attacker with knowledge of the username / password combination could use this account to login to the server with administrative privileges to the Windows operating system. GE Intelligent Platforms recommends that customers reinstall the following I / O drivers, which have been updated to include an option to delete the account at install time.

    Original Description:

    Original Title

    LEIA ME-GEIP13-01 Security Advisory - Proficy HMI SCADA iFIX IO Drivers Default Password.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    During installation, 7.x I / O Drivers for Proficy HMI / SCADA - iFIX create a Windows operating system administrator account with a fixed username and password. An attacker with knowledge of the username / password combination could use this account to login to the server with administrative privileges to the Windows operating system. GE Intelligent Platforms recommends that customers reinstall the following I / O drivers, which have been updated to include an option to delete the account at install time.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    277 views3 pages

    LEIA ME-GEIP13-01 Security Advisory - Proficy HMI SCADA iFIX IO Drivers Default Password PDF

    Uploaded by

    Aderlon Mascarenhas
    During installation, 7.x I / O Drivers for Proficy HMI / SCADA - iFIX create a Windows operating system administrator account with a fixed username and password. An attacker with knowledge of the username / password combination could use this account to login to the server with administrative privileges to the Windows operating system. GE Intelligent Platforms recommends that customers reinstall the following I / O drivers, which have been updated to include an option to delete the account at install time.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    GE Intelligent Platforms Product Security Advisory

    Title:
    Vulnerability ID:
    Other identifiers:
    Release date:
    Last updated:

    Proficy HMI/SCADA iFIX I/O Drivers Default Password


    GEIP13-01
    KB15348
    February 19, 2013
    February 18, 2013

    Summary
    During installation, 7.x I/O Drivers for Proficy HMI/SCADA iFIX create a Windows operating system
    administrator account with a fixed username and password. An attacker with knowledge of the
    username/password combination and either physical or remote access to the server could use this
    account to login to the server with administrative privileges to the Windows operating system.
    GE Intelligent Platforms recommends that customers reinstall the following I/O drivers, which have been
    updated to include an option to delete the account at install time:
    ABR, DNP, EGD, GE9, MB1, MBE, OPC, S2G, SI7.
    Some vulnerable I/O drivers will NOT be updated. GE Intelligent Platforms recommends that customers
    reconfigure the following I/O drivers by following the recommendations in the Workaround section
    below:
    A30, ABC, EG_, GEF, GES, GFT, I3E, LNS, LWN, M32, MEL, MOA, MX1, SI5, SL4, TNX, WET.

    Affected software

    Proficy HMI/SCADA iFIX: all versions (The vulnerable OPC driver is installed by default)
    Proficy HMI/SCADA iFIX servers with any of the following I/O Driver servers installed:
    A30, ABR, ABC, DNP, EG_, EGD, GE9, GEF, GES, GFT, I3E, LNS, LWN, M32, MB1, MBE, MEL, MOA,
    MX1, OPC, S2G, SI5,SI7, SL4, TNX, WET

    Note: 6.x drivers are NOT affected by this vulnerability


    To check a system for the existence of the FIXIOUSER account, follow these instructions:
    1. From the Windows Start menu, select Run.
    2. Enter the following command and click OK:
    compmgmt.msc
    3. Expand the Local Users and Groups tree and select Users

    Solution
    The latest versions of the following iFIX I/O Drivers installers provide an option to remove the FixIOUser
    account and reconfigure the driver:

    ABR (7.45a or newer)


    DNP (7.20i or newer)
    EGD (7.45a or newer)
    GE9 (7.45a or newer)
    MB1 (7.45a or newer)
    MBE (7.45a or newer)
    OPC (7.45a or newer)
    S2G (7.45a or newer)
    SI7 (7.45a or newer)

    To obtain the latest version of an I/O driver please visit our website at http://support.ge-ip.com. If the
    driver you are using is not listed above, you must follow the instructions in the Workaround section of
    this document to manually remove the FixIOUser account.

    Workaround
    A workaround is available for customers using the vulnerable I/O drivers that will not be updated (A30,
    ABC, EG_, GEF, GES, GFT, I3E, LNS, LWN, M32, MEL, MOA, MX1, SI5, SL4, TNX, WET) or for customers
    who are unable to re-install an updated driver.
    Note: The example below describes the procedure for removing the OPC driver installed with iFIX. To
    remove other drivers, simply replace the OPCDrv command with XYZDrv where XYZ is the threeletter code for the driver youd like to remove.
    1. From the Windows Start menu, select Run.
    2. Enter the following command to de-register the service and click OK:
    OPCDrv REGSERVER
    3. Enter the following command and click OK:
    OPCDrv REGSERVICE
    The Logon Account for Running as a Service dialog box appears, and the registration process now
    allows the user to specify a logon account. Do NOT select the FixIOUser option. Instead, select one of
    the two options below:

    System Account uses the LocalSystem account to log on the I/O Server.
    NOTE: The local system account cannot be used to access remote OPC servers. If this
    OPC Client accesses remote OPCDrv servers, you must define another account using This
    Account.
    This Account uses an account specified by the user to log on the I/O Server. The account used
    here must be an existing account with Logon as a Service privileges to run the server as a
    service. Use the Local Security Policy Setting tool to grant the account Logon as a Service
    privilege.

    Then, to remove the FIXIOUSER account from Windows, follow steps 4 through 8 below. Note that these
    instructions may vary based on the version of Microsoft Windows you are running:
    4. From the Windows Start menu, select Run.
    5. Enter the following command and click OK:
    compmgmt.msc
    6. Expand the Local Users and Groups tree and click Users
    7. Select the FIXIOUSER account
    8. Click Action > Delete in the File menu and click Yes to confirm deletion of the account.

    Vulnerability information
    7.x I/O Drivers for Proficy HMI/SCADA iFIX create a Windows operating system administrator account
    named FixIOUser upon installation. The password for the FixIOUser account is hard-coded and weak.

    Acknowledgements
    This issue was identified by GE Intelligent Platforms during an internal product security review.

    Disclaimer
    Product advisories provided here are subject to terms and conditions contained in customers
    underlying license agreements or other applicable agreements. Due to ongoing product enhancements,
    GE reserves the right to change or update advisories without advance notification.

    Change log
    Date
    February 19, 2013

    Change(s)
    Initial release

    You might also like