PT-2014-3814 · Ge Intelligent Platforms · Proficy Process Systems+1

Published

2014-01-25

Updated

2014-02-21

CVE-2014-0751

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY versions prior to 8.2 SIM 24 Proficy Process Systems with CIMPLICITY versions prior to 8.2 SIM 24

Description The issue allows remote attackers to execute arbitrary code via a crafted message to TCP port 10212. This is related to a directory traversal vulnerability in the CimWebServer.exe component, also known as the WebView component.

Recommendations For GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY versions prior to 8.2 SIM 24, update to version 8.2 SIM 24 or later. For Proficy Process Systems with CIMPLICITY versions prior to 8.2 SIM 24, update to version 8.2 SIM 24 or later.

Fix

RCE

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2014-0751

ZDI-14-016

Affected Products

Proficy Hmi/Scada - Cimplicity

Proficy Process Systems

PT-2014-3814 · Ge Intelligent Platforms · Proficy Process Systems+1

CVE-2014-0751

Weakness Enumeration

Related Identifiers

Affected Products

References · 9