PT-2016-6679 · General Electric (Ge) Digital Proficy Hmi/Scada · Cimplicity

Zhou Yu

·

Published

2016-07-15

·

Updated

2022-02-03

·

CVE-2016-5787

CVSS v3.1

6.3

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Name of the Vulnerable Software and Affected Versions General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY versions prior to 8.2 SIM 27
Description The issue is related to the mishandling of service DACLs, which allows local users to modify a service configuration. This can be achieved via unspecified vectors.
Recommendations For versions prior to 8.2 SIM 27, update to version 8.2 SIM 27 or later to resolve the issue.

Fix

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-668

Related Identifiers

CVE-2016-5787

Affected Products

Cimplicity