CVE-2013-0653

Name of the Vulnerable Software and Affected Versions GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY versions 4.01 through 8.0 Proficy Process Systems with CIMPLICITY (affected versions not specified)

Description The issue allows remote attackers to read arbitrary files via a crafted packet, due to a directory traversal vulnerability in the substitute.bcl component of the WebView CimWeb subsystem.

Recommendations For GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY versions 4.01 through 8.0, update to a version that fixes the directory traversal vulnerability in the substitute.bcl component. For Proficy Process Systems with CIMPLICITY, at the moment, there is no information about a newer version that contains a fix for this vulnerability.