An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component), as used in GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; Proficy HMI/SCADA iFIX 5.0 and 5.1; Proficy Pulse 1.0; Proficy Batch Execution 5.6; SI7 I/O Driver 7.20 through 7.42; and other products, allows remote attackers to execute arbitrary commands via crafted input, related to a "command injection vulnerability."
2012-07-05T03:23:18.527
2025-04-11T00:51:21.963
Deferred
CVSSv2: 9.3 (HIGH)
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.6
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | ge | intelligent_platforms_proficy_batch_execution | 5.6 | Yes |
| Application | ge | intelligent_platforms_proficy_historian | 3.1 | Yes |
| Application | ge | intelligent_platforms_proficy_historian | 3.5 | Yes |
| Application | ge | intelligent_platforms_proficy_historian | 4.0 | Yes |
| Application | ge | intelligent_platforms_proficy_historian | 4.5 | Yes |
| Application | ge | intelligent_platforms_proficy_hmi\/scada_ifix | 5.0 | Yes |
| Application | ge | intelligent_platforms_proficy_hmi\/scada_ifix | 5.1 | Yes |
| Application | ge | intelligent_platforms_proficy_pulse | 1.0 | Yes |
| Application | ge | intelligent_platforms_si7_i\/o_driver | 7.20 | Yes |
| Application | ge | intelligent_platforms_si7_i\/o_driver | 7.42 | Yes |