Published: 13/02/2017 Updated: 03/02/2022

CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4

CVSS v3 Base Score: 6.7 | Impact Score: 5.3 | Exploitability Score: 0.8

VMScore: 392

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

An issue exists in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ge cimplicity
ge historian
ge ifix

General Electric plays down industrial control plant vulnerabilities

The Register • John Leyden • 20 Jan 2017

Only a local hacker in a facility would be able to run an attack

General Electric (GE) has pushed out an update to its industrial control systems following the discovery of vulnerabilities that create a way for hackers to steal SCADA system passwords. Potential exploits based on the vulnerabilities could be abused to cause process flow disruptions in power stations, utility providers and factories, according to Positive Technologies, the security firm that discovered the flaws. A spokeswoman for GE Digital played down the vulnerabilities, which she said can't...

CVE-2016-9360

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect