Ge Proficy Hmi Scada Cimplicity vulnerabilities
3 known vulnerabilities affecting ge/proficy_hmi_scada_cimplicity.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2014-0751P2HIGHCVSS 7.5Exploited≥ 4.01, < 8.22014-01-25
CVE-2014-0751 [HIGH] CWE-22 CVE-2014-0751: The CIMPLICITY Web-based access component, CimWebServer, does not check the location of shell files
The CIMPLICITY Web-based access component, CimWebServer, does not check
the location of shell files being loaded into the system. By modifying
the source location, an attacker could send shell code to the
CimWebServer which would deploy the nefarious files as part of any SCADA
project. This could allow the attacker to execute arbitrary code.
nvd
CVE-2014-0750P2HIGHCVSS 7.5PoC≥ 4.01, < 8.22014-01-25
CVE-2014-0750 [HIGH] CWE-22 CVE-2014-0750: Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent P
Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP request, aka ZDI-CAN-1622.
nvd
CVE-2014-2355P4MEDIUMCVSS 6.9≤ 8.22015-01-17
CVE-2014-2355 [MEDIUM] CWE-119 CVE-2014-2355: The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow
The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file.
nvd