45 matches found
CVE-2013-0653
Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to read arbitrary files via a crafted packet...
CVE-2013-2785
Multiple buffer overflows in CimWebServer.exe in the WebView component in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.0 SIM 27, 8.1 before SIM 25, and 8.2 before SIM 19, and Proficy Process Systems with CIMPLICITY, allow remote attackers to execute arbitrary code via crafted...
The vulnerability of the client-server data processing and technical operations control application Proficy HMI/SCADA CIMPLICITY lies in its ability to write malicious code into memory beyond the buffer limits. This allows attackers to execute arbitrary code by loading a malicious file.
The vulnerability of the client-server data processing and technical operations control application Proficy HMI/SCADA CIMPLICITY lies in the ability to write data beyond the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by loading a malicious...
The vulnerability of the client-server data processing and technical operations control application Proficy HMI/SCADA CIMPLICITY, related to the transmission of data in an open format, allows attackers to perform spoofing attacks.
The vulnerability of the client-server data processing and technical operations control application Proficy HMI/SCADA CIMPLICITY lies in the transmission of data in an open manner. Exploiting this vulnerability can allow attackers to carry out spoofing attacks...
Open Proficy HMI-SCADA 5.0.0.25920 - (Password) Denial of Service Exploit
Exploit Title: Open Proficy HMI-SCADA 5.0.0.25920 - 'Password' Denial of Service PoC Discovery by: Luis Martinez Vendor Homepage: https://apps.apple.com/us/app/proficyscada/id525792142 Software Link: App Store for iOS devices GE Intelligent Platforms, Inc. Tested Version: 5.0.0.25920 Vulnerabilit...
Open Proficy HMI-SCADA 5.0.0.25920 - Password Denial of Service (PoC)
Open Proficy HMI-SCADA 5.0.0.25920 - Password Denial of Service PoC Exploit Title: Open Proficy HMI-SCADA 5.0.0.25920 - 'Password' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2019-11-16 Vendor Homepage: https://apps.apple.com/us/app/proficyscada/id525792142 Software Link: Ap...
Open Proficy HMI-SCADA 5.0.0.25920 - 'Password' Denial of Service (PoC)
Exploit Title: Open Proficy HMI-SCADA 5.0.0.25920 - 'Password' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2019-11-16 Vendor Homepage: https://apps.apple.com/us/app/proficyscada/id525792142 Software Link: App Store for iOS devices GE Intelligent Platforms, Inc. Tested Versio...
Open Proficy HMI-SCADA 5.0.0.25920 Denial Of Service
Exploit Title: Open Proficy HMI-SCADA 5.0.0.25920 - 'Password' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2019-11-16 Vendor Homepage: https://apps.apple.com/us/app/proficyscada/id525792142 Software Link: App Store for iOS devices GE Intelligent Platforms, Inc. Tested Versio...
The vulnerability of the GE Proficy HMI/SCADA iFIX monitoring tool for technological operations, the client-server application for data processing and control of technological operations (Proficy HMI/SCADA CIMPLICITY), and the Proficy Historian repository lies in the insufficient security of account protection, allowing attackers to obtain user passwords.
The vulnerability of the GE Proficy HMI/SCADA iFIX control system, the client-server application for data processing and control operations, as well as the Proficy HMI/SCADA CIMPLICITY control system and the Proficy Historian repository, is related to insufficiently secure account protection...
GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian Vulnerability (Update A)
OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-336-05 GE Proficy HMI/SCADA IFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian Vulnerability that was published January 17, 2017, on the NCCIC/ICS-CERT web site. GE has reported an insufficiently protecte...
Design/Logic Flaw
General Electric GE Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors...
GE Proficy HMI/SCADA CIMPLICITY 8.2 - Privilege Escalation
Exploit for windows platform in category local exploits / Exploit Title: GE Proficy HMI/SCADA CIMPLICITY 8.2 Local Privilege Escalation Exploit0 day Vulnerability Discovery and Exploit Author: Zhou Yu Email: Version: 8.2 Tested on: Windows 7 SP1 X32 CVE : None Vulnerability Description:...
GE Proficy HMI SCADA CIMPLICITY Privilege Management Vulnerability
OVERVIEW Zhou Yu of Acorn Network Security identified an improper privilege management vulnerability and recently released exploit code for the GE Proficy HMI/SCADA CIMPLICITY application without coordination with ICS-CERT, the vendor, or any other coordinating entity known to ICS-CERT. GE produc...
CVE-2014-2355
The 1 CimView and 2 CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen aka .CIM file...
GE Proficy HMI/SCADA CIMPLICITY CimView Memory Access Violation
OVERVIEW This advisory was originally posted to the NCCIC/US-CERT secure Portal library on October 16, 2014, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Said Arfi has identified a memory access violation vulnerability in GE’s CIMPLICITY CimView application. GE has...
GE Proficy HMI/SCADA DNP3 Driver Input Validation
OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on October 14, 2014, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Adam Crain of Automatak has identified an improper input validation in the DNP3 driver provided by Catapult Software...
GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY CimWebServer.exe目录遍历漏洞
CVECAN ID: CVE-2014-0751 GE Proficy CIMPLICITY是客户端/服务器业务可视化和控制解决方案。 GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 8.2 SIM 24之前版本中,CimWebServer.exe(即组件WebView)及Proficy Process Systems在实现上存在目录遍历漏洞,远程攻击者通过向TCP端口10212发送特制的消息,利用此漏洞可执行任意代码。 0 ge-ip Proficy CIMPLICITY 8.2 SIM 24 厂商补丁: ge-ip...
CVE-2014-0751
The CIMPLICITY Web-based access component, CimWebServer, does not check the location of shell files being loaded into the system. By modifying the source location, an attacker could send shell code to the CimWebServer which would deploy the nefarious files as part of any SCADA project. This could...
Directory traversal
Directory traversal vulnerability in CimWebServer.exe aka the WebView component in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted message to TCP port 10212, aka...
Directory traversal
Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP request, aka ZDI-CAN-16...