cbcvebase.
CVE-2014-0751
published 2014-01-25

CVE-2014-0751: The CIMPLICITY Web-based access component, CimWebServer, does not check the location of shell files being loaded into the system. By modifying the source…

PriorityP274high7.5CVSS 2.0
AVNACLAuNCPIPAP
ITWVulnCheck KEV
Exploited in the wild
EPSS
3.06%
86.0th percentile
The CIMPLICITY Web-based access component, CimWebServer, does not check the location of shell files being loaded into the system. By modifying the source location, an attacker could send shell code to the CimWebServer which would deploy the nefarious files as part of any SCADA project. This could allow the attacker to execute arbitrary code.

Affected

8 ranges
VendorProductVersion rangeFixed in
geintelligent_platforms_proficy_hmi_2fscada_cimplicity<= 8.2
geintelligent_platforms_proficy_hmi_scada_cimplicity
geintelligent_platforms_proficy_hmi_scada_cimplicity
geintelligent_platforms_proficy_hmi_scada_cimplicity
geintelligent_platforms_proficy_hmi_scada_cimplicity
geintelligent_platforms_proficy_hmi_scada_cimplicity
geproficy_hmi_scada_cimplicity>= 4.01 < 8.28.2
geproficy_process_systems_with_cimplicity

Detection & IOCsextracted from sources · hover to see the quote

processgefebt.exe
processCimWebServer
  • Monitor for gefebt.exe being accessed or executed from non-standard or remote locations, as exploitation involves loading shell files from attacker-controlled source locations rather than the default local directory.
  • Detect path traversal attempts in HTTP requests directed at CimWebServer, particularly requests that reference shell file locations outside the default local directory.
  • Alert on presence or execution of gefebt.exe accessible from a web client context; GE's own mitigation requires deleting or moving all copies of gefebt.exe accessible from a web client.
  • ·Affected versions span a wide range: Proficy HMI/SCADA - CIMPLICITY versions 4.01 through 8.2. Detection rules should account for all versions in this range.

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.