CVE-2013-0654

2022-10-0316:15:03

CWE-20

[email protected]

web.nvd.nist.gov

cve-2013-0654

proficy

hmi

scada

cimplicity

remote code execution

vulnerability

nvd

7.8 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.002 Low

EPSS

Percentile

64.8%

JSON

CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary commands or cause a denial of service (daemon crash) via a crafted packet.

Affected configurations

NVD

Node

geintelligent_platforms_proficy_hmi\/scada_cimplicityMatch4.01

geintelligent_platforms_proficy_hmi\/scada_cimplicityMatch7.5

geintelligent_platforms_proficy_hmi\/scada_cimplicityMatch8.0

Node

geintelligent_platforms_proficy_process_systems_with_cimplicityMatch-

AND

geintelligent_platforms_proficy_process_systemsMatch-

CPENameOperatorVersion
ge:intelligent_platforms_proficy_hmi\/scada_cimplicityge intelligent platforms proficy hmi/scada cimplicityeq4.01
ge:intelligent_platforms_proficy_hmi\/scada_cimplicityge intelligent platforms proficy hmi/scada cimplicityeq7.5
ge:intelligent_platforms_proficy_hmi\/scada_cimplicityge intelligent platforms proficy hmi/scada cimplicityeq8.0

CPE	Name	Operator	Version
ge:intelligent_platforms_proficy_hmi\/scada_cimplicity	ge intelligent platforms proficy hmi/scada cimplicity	eq	4.01
ge:intelligent_platforms_proficy_hmi\/scada_cimplicity	ge intelligent platforms proficy hmi/scada cimplicity	eq	7.5
ge:intelligent_platforms_proficy_hmi\/scada_cimplicity	ge intelligent platforms proficy hmi/scada cimplicity	eq	8.0