GE Proficy KeyHelp ActiveX Control Vulnerability

The industrial software in GE Intelligent Platforms provides various functionalities including SCADA engine, distributed networking model, real-time information collection/analysis, graphical application development environment, batch automation and so forth.

Upon installation of the following software:

GE Proficy Historian
GE Proficy HMI/SCADA iFIX
GE Proficy Pulse
GE Proficy Batch Execution
GE Proficy I/O Drivers

an ActiveX control named KeyHelp.ocx is also deployed. This control adds HTML Help functionality from a third party.

A remote code execution vulnerability exists in GE Proficy products. The vulnerability is due to exposure of an unsafe method in the KeyHelp.ocx ActiveX control. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted webpage using Internet Explorer. Successful exploitation could lead to arbitrary code execution in the security context of the logged-in user. Failed attacks could lead to termination of the browser.

The vulnerability has been assigned as CVE-2012-2516.

SonicWALL has released an IPS signature to detect and block specific exploitation attempts targeting this vulnerability. The signature is listed below:

• 8582 GE Proficy KeyHelp ActiveX Instantiation