PT-2014-3814 · Ge Intelligent Platforms · Proficy Process Systems+1

Publicado

2014-01-25

Atualizado

2014-02-21

CVE-2014-0751

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY versions prior to 8.2 SIM 24 Proficy Process Systems with CIMPLICITY versions prior to 8.2 SIM 24

Description The issue allows remote attackers to execute arbitrary code via a crafted message to TCP port 10212. This is related to a directory traversal vulnerability in the CimWebServer.exe component, also known as the WebView component.

Recommendations For GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY versions prior to 8.2 SIM 24, update to version 8.2 SIM 24 or later. For Proficy Process Systems with CIMPLICITY versions prior to 8.2 SIM 24, update to version 8.2 SIM 24 or later.

Correção

RCE

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2014-0751

ZDI-14-016

Produtos afetados

Proficy Hmi/Scada - Cimplicity

Proficy Process Systems

PT-2014-3814 · Ge Intelligent Platforms · Proficy Process Systems+1

CVE-2014-0751

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9