PT-2013-1694 · Ge Intelligent Platforms · Proficy Process Systems+1
Published
2013-01-17
·
Updated
2013-01-29
·
CVE-2012-4689
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY versions 4.01 through 8.0
Proficy Process Systems with CIMPLICITY versions 4.01 through 8.0
Description
The issue is related to an integer overflow in CimWebServer.exe, which can be exploited by remote attackers through a malformed HTTP request, leading to a denial of service (daemon crash).
Recommendations
For GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY versions 4.01 through 8.0, consider restricting access to the CimWebServer.exe until a fix is available.
For Proficy Process Systems with CIMPLICITY versions 4.01 through 8.0, avoid using the vulnerable CimWebServer.exe functionality until the issue is resolved.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Proficy Hmi/Scada - Cimplicity
Proficy Process Systems