Published: 25/01/2014 Updated: 21/02/2014

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Directory traversal vulnerability in CimWebServer.exe (aka the WebView component) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY prior to 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote malicious users to execute arbitrary code via a crafted message to TCP port 10212, aka ZDI-CAN-1623.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ge intelligent platforms proficy hmi\\/scada cimplicity 8.0
ge intelligent platforms proficy hmi\\/scada cimplicity 7.5
ge intelligent platforms proficy hmi\\/scada cimplicity 4.01
ge intelligent platforms proficy hmi\\%2fscada cimplicity
ge intelligent platforms proficy hmi\\/scada cimplicity 8.2
ge intelligent platforms proficy hmi\\/scada cimplicity 8.1
ge intelligent platforms proficy process systems with cimplicity -

BlackEnergy crimeware coursing through US control systems

The Register • Darren Pauli • 29 Oct 2014

US CERT says three flavours of control kit are under attack

Industrial control systems in the United States have been compromised by the BlackEnergy malware toolkit for at least three years in a campaign the US Computer Emergency Response Team has dubbed "ongoing" and sophisticated. Attackers had compromised unnamed industrial control system operators and implanted BlackEnergy on internet-facing human-machine interfaces including those from GE Cimplicity, Advantech/Broadwin WebAccess, and Siemens WinCC. The latter system was often used by large plant ope...

CVE-2014-0751

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect