Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2016-5787
HistoryJul 15, 2016 - 4:59 p.m.

CVE-2016-5787

2016-07-1516:59:11
CWE-668
[email protected]
web.nvd.nist.gov
22
ge
digital proficy
hmi
scada
cimplicity
dacls
service configuration
vulnerability
cve-2016-5787

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.3%

JSON

General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors.

Affected configurations

NVD
Node
gecimplicityRange<8.2
OR
gecimplicityMatch8.2sim1
OR
gecimplicityMatch8.2sim10
OR
gecimplicityMatch8.2sim11
OR
gecimplicityMatch8.2sim12
OR
gecimplicityMatch8.2sim13
OR
gecimplicityMatch8.2sim14
OR
gecimplicityMatch8.2sim15
OR
gecimplicityMatch8.2sim16
OR
gecimplicityMatch8.2sim17
OR
gecimplicityMatch8.2sim18
OR
gecimplicityMatch8.2sim19
OR
gecimplicityMatch8.2sim2
OR
gecimplicityMatch8.2sim20
OR
gecimplicityMatch8.2sim21
OR
gecimplicityMatch8.2sim22
OR
gecimplicityMatch8.2sim23
OR
gecimplicityMatch8.2sim24
OR
gecimplicityMatch8.2sim25
OR
gecimplicityMatch8.2sim26
OR
gecimplicityMatch8.2sim3
OR
gecimplicityMatch8.2sim4
OR
gecimplicityMatch8.2sim5
OR
gecimplicityMatch8.2sim6
OR
gecimplicityMatch8.2sim7
OR
gecimplicityMatch8.2sim8
OR
gecimplicityMatch8.2sim9
CPENameOperatorVersion
ge:cimplicityge cimplicitylt8.2

Related

prion 1
nvd 1
ics 1
cvelist 1
prion
prion
Design/Logic Flaw
2016-07-15 16:59:00
nvd
nvd
CVE-2016-5787
2016-07-15 16:59:11
ics
ics
GE Proficy HMI SCADA CIMPLICITY Privilege Management Vulnerability
2018-08-23 12:00:00
cvelist
cvelist
CVE-2016-5787
2016-07-15 16:00:00

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.3%

JSON
Related for CVE-2016-5787
prion1nvd1ics1cvelist1