CVE-2016-9360

Name of the Vulnerable Software and Affected Versions General Electric (GE) Proficy HMI/SCADA iFIX versions 5.8 SIM 13 and prior General Electric (GE) Proficy HMI/SCADA CIMPLICITY versions 9.0 and prior General Electric (GE) Proficy Historian versions 6.0 and prior

Description The issue allows an attacker to retrieve user passwords if they have access to an authenticated session. This is due to insufficient protection of user accounts. An attacker with local access may exploit this to learn user passwords.

Recommendations For General Electric (GE) Proficy HMI/SCADA iFIX versions 5.8 SIM 13 and prior, update to a version later than 5.8 SIM 13 to resolve the issue. For General Electric (GE) Proficy HMI/SCADA CIMPLICITY versions 9.0 and prior, update to a version later than 9.0 to resolve the issue. For General Electric (GE) Proficy Historian versions 6.0 and prior, update to a version later than 6.0 to resolve the issue. As a temporary workaround, consider restricting access to authenticated sessions to minimize the risk of exploitation.