Ge Intelligent Platforms Proficy Hmi Scada Cimplicity vulnerabilities
10 known vulnerabilities affecting ge/intelligent_platforms_proficy_hmi_scada_cimplicity.
Total CVEs
10
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL2HIGH3MEDIUM5
Vulnerabilities
Page 1 of 1
CVE-2014-0751P2HIGHCVSS 7.5Exploitedv4.01v7.5+3 more2014-01-25
CVE-2014-0751 [HIGH] CWE-22 CVE-2014-0751: The CIMPLICITY Web-based access component, CimWebServer, does not check the location of shell files
The CIMPLICITY Web-based access component, CimWebServer, does not check
the location of shell files being loaded into the system. By modifying
the source location, an attacker could send shell code to the
CimWebServer which would deploy the nefarious files as part of any SCADA
project. This could allow the attacker to execute arbitrary code.
nvd
CVE-2014-0750P2HIGHCVSS 7.5PoCv4.01v7.5+3 more2014-01-25
CVE-2014-0750 [HIGH] CWE-22 CVE-2014-0750: Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent P
Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP request, aka ZDI-CAN-1622.
nvd
CVE-2013-0653P3MEDIUMCVSS 4.3PoCv4.01v7.5+1 more2013-01-27
CVE-2013-0653 [MEDIUM] CWE-22 CVE-2013-0653: Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligen
Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to read arbitrary files via a crafted packet.
nvd
CVE-2013-2785P3CRITICALCVSS 9.3v8.0v8.1+1 more2013-07-31
CVE-2013-2785 [CRITICAL] CWE-119 CVE-2013-2785: Multiple buffer overflows in CimWebServer.exe in the WebView component in GE Intelligent Platforms P
Multiple buffer overflows in CimWebServer.exe in the WebView component in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.0 SIM 27, 8.1 before SIM 25, and 8.2 before SIM 19, and Proficy Process Systems with CIMPLICITY, allow remote attackers to execute arbitrary code via crafted data in packets to TCP port 10212, aka ZDI-CAN-1621 an
nvd
CVE-2013-0654P3CRITICALCVSS 9.3v4.01v7.5+1 more2013-01-27
CVE-2013-0654 [CRITICAL] CWE-20 CVE-2013-0654: CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Profic
CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary commands or cause a denial of service (daemon crash) via a crafted packet.
nvd
CVE-2017-12732P4MEDIUMCVSS 6.8≤ 9.02017-10-05
CVE-2017-12732 [MEDIUM] CWE-121 CVE-2017-12732: A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A functi
A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution.
nvd
CVE-2013-2811P4HIGHCVSS 7.1v4.01v7.5+3 more2013-11-22
CVE-2013-2811 [HIGH] CWE-20 CVE-2013-2811: The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I
The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet.
nvd
CVE-2014-2355P4MEDIUMCVSS 6.9≤ 8.22015-01-17
CVE-2014-2355 [MEDIUM] CWE-119 CVE-2014-2355: The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow
The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file.
nvd
CVE-2012-4689P4MEDIUMCVSS 4.3v4.01v7.5+1 more2013-01-17
CVE-2012-4689 [MEDIUM] CWE-189 CVE-2012-4689: Integer overflow in CimWebServer.exe in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01
Integer overflow in CimWebServer.exe in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to cause a denial of service (daemon crash) via a malformed HTTP request.
nvd
CVE-2013-2823P4MEDIUMCVSS 4.7v4.01v7.5+3 more2013-11-22
CVE-2013-2823 [MEDIUM] CWE-20 CVE-2013-2823: The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I
The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input ove
nvd