27 matches found
EUVD-2018-7240
Malware in sbrugna...
EUVD-2014-0782
Malware in sbrugna...
GE Proficy Cimplicity 7.5 Directory Traversal
GE Proficy Cimplicity version 7.5 proof of concept directory traversal vulnerability that takes advantage of a flaw discovered in 2013. ============================================================================================================================================= | Title : GE Profic...
GE Proficy Cimplicity WebView Substitute.bcl Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'uri' class MetasploitModule 'GE Proficy Cimplicity WebView substitute.bcl Directory Traversal', 'Description' = %q This module abuses a directory traversal in G...
CVE-2022-21798 ICSA-22-053-02 GE Proficy CIMPLICITY-Cleartext
The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the system...
CVE-2022-23921 ICSA-22-053-01 GE Proficy CIMPLICITY-IPM
Exploitation of this vulnerability may result in local privilege escalation and code execution. GE maintains exploitation of this vulnerability is only possible if the attacker has login access to a machine actively running CIMPLICITY, the CIMPLICITY server is not already running a project, and t...
CVE-2022-23921 ICSA-22-053-01 GE Proficy CIMPLICITY-IPM
Exploitation of this vulnerability may result in local privilege escalation and code execution. GE maintains exploitation of this vulnerability is only possible if the attacker has login access to a machine actively running CIMPLICITY, the CIMPLICITY server is not already running a project, and t...
GE Proficy CIMPLICITY-IPM
1. EXECUTIVE SUMMARY CVSS v3 7.5 Vendor: GE Equipment: Proficy CIMPLICITY Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve both code execution and local privilege escalation. 3. TECHNICAL DETAILS 3.1...
General Electric Proficy Cimplicity 安全漏洞
General Electric Proficy Cimplicity Ge Proficy Cimplicity is a client/server based Hmi/Scada solution from General Electric, USA. It is used to collect and share real-time and historical data at all business levels and provide actionable visibility to monitor and control plant processes, equipmen...
The vulnerability of the client-server data processing and technical operations control application Proficy HMI/SCADA CIMPLICITY, due to lack of access control mechanisms, allows attackers to execute arbitrary code or escalate their privileges.
The vulnerability of the client-server data processing and technical operations control application Proficy HMI/SCADA CIMPLICITY is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to execute arbitrary code or enhance their privileges...
CVE-2018-15362
XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0...
CVE-2018-15362
An XXE (XML External Entity) vulnerability (CWE-611) affects GE Proficy Cimplicity GDS in versions 9.0 R2, 9.5, 10.0. The root cause is improper restriction of XML external entities, enabling an attacker to initiate an OPC UA session and retrieve an arbitrary file. CVSSv3 base score 9.1 (CRITICAL...
CVE-2018-15362
XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0...
CVE-2018-15362
XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0...
The vulnerability of the GE Proficy HMI/SCADA iFIX monitoring tool for technological operations, the client-server application for data processing and control of technological operations (Proficy HMI/SCADA CIMPLICITY), and the Proficy Historian repository lies in the insufficient security of account protection, allowing attackers to obtain user passwords.
The vulnerability of the GE Proficy HMI/SCADA iFIX control system, the client-server application for data processing and control operations, as well as the Proficy HMI/SCADA CIMPLICITY control system and the Proficy Historian repository, is related to insufficiently secure account protection...
GE Proficy HMISCADA CIMPLICITY 8.2 - Local Privilege Escalation
GE Proficy HMISCADA CIMPLICITY 8.2 - Local Privilege Escalation / Exploit Title: GE Proficy HMI/SCADA CIMPLICITY 8.2 Local Privilege Escalation Exploit0 day Vulnerability Discovery and Exploit Author: Zhou Yu Email: Version: 8.2 Tested on: Windows 7 SP1 X32 CVE : None Vulnerability Description:...
Multiple Local Buffer Overflow Vulnerabilities in GE Proficy HMI/SCADA-CIMPLICITY
GE Intelligent Platforms' Proficy HMI/SCADA-iFIX is the world's leading industrial automation software solution that provides process visualization, data acquisition and data monitoring of manufacturing operations. Multiple local buffer overflow vulnerabilities exist in GE Proficy...
GE Proficy CIMPLICITY gefebt.exe Remote Code Execution
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Auxiliary::Report include Msf::Exploit::E...
GE Proficy CIMPLICITY gefebt.exe Remote Code Execution
This Metasploit module abuses the gefebt.exe component in GE Proficy CIMPLICITY, reachable through the CIMPLICIY CimWebServer. The vulnerable component allows to execute remote BCL files in shared resources. An attacker can abuse this behaviour to execute a malicious BCL and drop an arbitrary EXE...
GE Proficy CIMPLICITY gefebt.exe Remote Code Execution
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'GE Proficy CIMPLICITY gefebt.exe Remote Code Execution', 'Description' = %q This module abuses the gefebt.exe component in GE Proficy...