CVE-2013-2785

Name of the Vulnerable Software and Affected Versions GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY versions prior to 8.0 SIM 27 GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY versions 8.1 prior to SIM 25 GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY versions 8.2 prior to SIM 19 Proficy Process Systems with CIMPLICITY (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary code via crafted data in packets to TCP port 10212. This is due to multiple buffer overflows in CimWebServer.exe in the WebView component.

Recommendations For GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY versions prior to 8.0 SIM 27, update to version 8.0 SIM 27 or later. For GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY versions 8.1 prior to SIM 25, update to version 8.1 SIM 25 or later. For GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY versions 8.2 prior to SIM 19, update to version 8.2 SIM 19 or later. For Proficy Process Systems with CIMPLICITY, at the moment, there is no information about a newer version that contains a fix for this vulnerability.