CVE-2016-9360

The CVE-2016-9360 issue affects GE Proficy HMI/SCADA iFIX (Version 5.8 SIM 13 and earlier), CIMPLICITY (Version 9.0 and earlier), and Historian (Version 6.0 and earlier). Root cause: Insufficiently protected credentials enabling password retrieval when an attacker has access to an authenticated s...

CVE-2016-9360

An issue was discovered in General Electric GE Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has acces...

Local Information Disclosure Vulnerability in Multiple GE Products

GE Proficy HMI/SCADA-CIMPLICITY is a client/server based HMI/SCADA solution from General Electric GE. The solution is capable of capturing and sharing real-time and historical data across all levels of the enterprise, enabling operational visualization of processes, equipment, and resource...

GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian Vulnerability

OVERVIEW This advisory was originally posted to the NCCIC Portal on December 1, 2016, and is being released to the ICS-CERT web site. GE has reported an insufficiently protected credentials vulnerability in Proficy Human-Machine Interface/Supervisory Control and Data Acquisition HMI/SCADA iFIX,...

GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-16-336-05 GE Proficy HMI/SCADA IFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian Vulnerability that was published January 17, 2017, on the NCCIC/ICS-CERT web site. GE has reported an insufficiently protecte...

CVE-2016-5787

General Electric GE Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors...

CVE-2016-5787

General Electric GE Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors...

Design/Logic Flaw

General Electric GE Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors...

CVE-2016-5787

CVE-2016-5787 affects GE Digital Proficy HMI/SCADA CIMPLICITY, prior to version 8.2 SIM 27. The root cause is improper handling of service DACLs, allowing a local user to modify the CIMPLICITY service configuration via unspecified vectors, enabling privilege elevation by tampering with the servic...

GE Proficy HMI/SCADA CIMPLICITY 8.2 local mention the right vulnerability

No description provided by source...

GE Proficy HMISCADA CIMPLICITY 8.2 - Local Privilege Escalation

GE Proficy HMISCADA CIMPLICITY 8.2 - Local Privilege Escalation / Exploit Title: GE Proficy HMI/SCADA CIMPLICITY 8.2 Local Privilege Escalation Exploit0 day Vulnerability Discovery and Exploit Author: Zhou Yu Email: Version: 8.2 Tested on: Windows 7 SP1 X32 CVE : None Vulnerability Description:...

GE Proficy HMI/SCADA CIMPLICITY 8.2 - Privilege Escalation

Exploit for windows platform in category local exploits / Exploit Title: GE Proficy HMI/SCADA CIMPLICITY 8.2 Local Privilege Escalation Exploit0 day Vulnerability Discovery and Exploit Author: Zhou Yu Email: Version: 8.2 Tested on: Windows 7 SP1 X32 CVE : None Vulnerability Description:...

GE Proficy HMI SCADA CIMPLICITY Privilege Management Vulnerability

OVERVIEW Zhou Yu of Acorn Network Security identified an improper privilege management vulnerability and recently released exploit code for the GE Proficy HMI/SCADA CIMPLICITY application without coordination with ICS-CERT, the vendor, or any other coordinating entity known to ICS-CERT. GE produc...

Multiple Local Buffer Overflow Vulnerabilities in GE Proficy HMI/SCADA-CIMPLICITY

GE Intelligent Platforms' Proficy HMI/SCADA-iFIX is the world's leading industrial automation software solution that provides process visualization, data acquisition and data monitoring of manufacturing operations. Multiple local buffer overflow vulnerabilities exist in GE Proficy...

Code injection

The 1 CimView and 2 CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen aka .CIM file...

CVE-2014-2355

The 1 CimView and 2 CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen aka .CIM file...

CVE-2014-2355 GE Proficy HMI/SCADA CIMPLICITY CimView

The 1 CimView and 2 CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen aka .CIM file...

CVE-2014-2355

The CVE-2014-2355 vulnerability affects GE Proficy HMI/SCADA–CIMPLICITY CimView and CimEdit components (versions 8.2 and earlier). The issue is a memory access violation when processing CIMPLICITY screen files (.CIM), potentially enabling privilege escalation within the application. Publicly disc...

GE Proficy Vulnerabilities

OVERVIEW Researchers amisto0x07 and Z0mb1E of Zero Day Initiative ZDI have identified two vulnerabilities in the General Electric GE Proficy human-machine interface/supervisory control and data acquisition HMI/SCADA - CIMPLICITY application. GE has released security advisories, GEIP13-05 and...

GE Proficy HMI/SCADA CIMPLICITY CimView Memory Access Violation

OVERVIEW This advisory was originally posted to the NCCIC/US-CERT secure Portal library on October 16, 2014, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Said Arfi has identified a memory access violation vulnerability in GE’s CIMPLICITY CimView application. GE has...