CVE-2014-2355
published 2015-01-17CVE-2014-2355: The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted…
PriorityP423medium6.9CVSS 2.0
AVLACMAuNCCICAC
EPSS
0.65%
46.3th percentile
The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ge | intelligent_platforms_proficy_hmi_scada_cimplicity | <= 8.2 | — |
| ge | proficy_hmi_scada_cimplicity | <= 8.2 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rhgq-mf3j-hc7r: The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8
ghsa_unreviewed·2022-05-17
CVE-2014-2355 [MEDIUM] CWE-119 GHSA-rhgq-mf3j-hc7r: The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8
The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file.
CISA ICS
GE Proficy HMI/SCADA CIMPLICITY CimView Memory Access Violation
cisa_ics·2018-08-29
GE Proficy HMI/SCADA CIMPLICITY CimView Memory Access Violation
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
GE Proficy HMI/SCADA CIMPLICITY CimView Memory Access Violation
Last RevisedAugust 29, 2018
Alert CodeICSA-14-289-02
## OVERVIEW
This advisory was originally posted to the NCCIC/US-CERT secure Portal library on October 16, 2014, and is being released to the NCCIC/ICS-CERT web site.
Independent researcher Said Arfi has identified a memory access violation vulnerability in GE’s CIMPLICITY CimView application. GE has produced an update that mitigates this vulnerability.
## AFFECTED PRODUCTS
The following GE product is affected:
- Proficy HMI/SCADA–CIMPLICITY, Version 8.2 and pr
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2015-01-17
Published