CVE-2012-2516 Information

Description

An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component) as used in GE Intelligent Platforms Proficy Historian 3.1 3.5 4.0 and 4.5; Proficy HMI/SCADA iFIX 5.0 and 5.1; Proficy Pulse 1.0; Proficy Batch Execution 5.6; SI7 I/O Driver 7.20 through 7.42; and other products allows remote attackers to execute arbitrary commands via crafted input related to a \command injection vulnerability.\

Reference

http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14863/en_US/GEIP12-0420Security20Advisory20-20Proficy20HTML20Help.pdf http://www.us-cert.gov/control_systems/pdf/ICSA-12-131-02.pdf