CVE-2013-2785
published 2013-07-31CVE-2013-2785: Multiple buffer overflows in CimWebServer.exe in the WebView component in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.0 SIM 27, 8.1 before…
PriorityP354critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
3.77%
88.6th percentile
Multiple buffer overflows in CimWebServer.exe in the WebView component in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.0 SIM 27, 8.1 before SIM 25, and 8.2 before SIM 19, and Proficy Process Systems with CIMPLICITY, allow remote attackers to execute arbitrary code via crafted data in packets to TCP port 10212, aka ZDI-CAN-1621 and ZDI-CAN-1624.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ge | intelligent_platforms_proficy_hmi_scada_cimplicity | — | — |
| ge | intelligent_platforms_proficy_hmi_scada_cimplicity | — | — |
| ge | intelligent_platforms_proficy_hmi_scada_cimplicity | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rrxc-8qxg-r958: Multiple buffer overflows in CimWebServer
ghsa_unreviewed·2022-05-17
CVE-2013-2785 [HIGH] CWE-119 GHSA-rrxc-8qxg-r958: Multiple buffer overflows in CimWebServer
Multiple buffer overflows in CimWebServer.exe in the WebView component in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.0 SIM 27, 8.1 before SIM 25, and 8.2 before SIM 19, and Proficy Process Systems with CIMPLICITY, allow remote attackers to execute arbitrary code via crafted data in packets to TCP port 10212, aka ZDI-CAN-1621 and ZDI-CAN-1624.
CISA ICS
GE Proficy HMI/SCADA CIMPLICITY WebView Improper Input Validation
cisa_ics·2013-08-01
GE Proficy HMI/SCADA CIMPLICITY WebView Improper Input Validation
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
GE Proficy HMI/SCADA CIMPLICITY WebView Improper Input Validation
Last RevisedAugust 01, 2013
Alert CodeICSA-13-170-01
## OVERVIEW
This advisory was originally posted to the US-CERT secure Portal library on June 19, 2013, and is now being released to the ICS-CERT-Web page.
Independent researchers ZombiE and amisto0x07 have identified an improper input validation vulnerability in the GE CIMPLICITY WebView application. GE has produced an update that mitigates this vulnerability.
GE has released a security advisory (GEIP13-03) available on the GE Intelligent Platforms support Web
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2013-07-31
Published