Catapult Software DNP3 Driver Improper Input Validation

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on October 24, 2013, and is now being released to the NCCIC/ICS-CERT Web site. Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation in Catapult Software’s DN...

GE Proficy CIMPLICITY CimWebServer Broadcase/Init Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE Proficy CIMPLICITY. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CimWebServer component. This component performs insufficient bounds checking...

GE Proficy CIMPLICITY CimWebServer Password Decode Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE Proficy CIMPLICITY. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CimWebServer component. This component performs insufficient bounds checking...

GE Cimplicity HMI/SCADA Server Detection

Binary data 6749.prm...

GE Proficy HMI/SCADA CIMPLICITY WebView Improper Input Validation

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on June 19, 2013, and is now being released to the ICS-CERT-Web page. Independent researchers ZombiE and amisto0x07 have identified an improper input validation vulnerability in the GE CIMPLICITY WebView application...

Design/Logic Flaw

CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary commands or cause a denial of service daemon crash via a crafted packet...

Directory traversal

Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to read arbitrary files via a crafted packet...

CVE-2013-0653

CVE-2013-0653 is a directory traversal vulnerability in GE Intelligent Platforms Proficy CIMPLICITY’s WebView CimWeb substitute.bcl component (versions 4.01–8.0; also affects Proficy Process Systems with CIMPLICITY). The flaw allows remote attackers to read arbitrary files by sending a crafted pa...

EUVD-2013-0664

Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to read arbitrary files via a crafted packet...

CVE-2013-0654

CVE-2013-0654 affects GE Intelligent Platforms Proficy HMI/SCADA—CIMPLICITY (Proficy CIMPLICITY 4.01–8.0 and related CIMPLICITY Process Systems). The CimWebServer component (WebView CimWeb) mishandles input; an attacker sending a crafted packet to port 80/TCP could trigger directory traversal or ...

Integer overflow

Integer overflow in CimWebServer.exe in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to cause a denial of service daemon crash via a malformed HTTP request...

CVE-2012-4689

Integer overflow in CimWebServer.exe in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to cause a denial of service daemon crash via a malformed HTTP request...

CVE-2012-4689

Ge GE Intelligent Platforms Proficy CIMPLICITY CIMPLICITY CIMPLICITY CIMPLICITY built-in Web server CimWebServer.exe is affected by a remote denial-of-service due to an integer overflow when processing malformed HTTP requests. Affected products include CIMPLICITY versions 4.01 through 8.0 and Pro...

GE Proficy HMI/SCADA Cimplicity Integer Overflow

OVERVIEW This updated advisory is a follow-up to the original ICS-CERT Advisory titled ICSA-12-341-01P—GE PROFICY HMI/SCADA CIMPLICITY INTEGER OVERFLOW that was published December 06, 2012, to the US-CERT secure Portal library. Researcher Kuang-Chun Hung of Information and Communication Security...

GE Intelligent Platforms Proficy Historian Data Archiver Buffer Overflow Vulnerability

Overview ICS-CERT originally released Advisory ICSA-11-243-03P on the US-CERT secure Portal on August 31, 2011. This web page release was delayed to allow users time to download and install the update. ICS-CERT received a report from GE Intelligent Platforms and the Zero Day Initiative concerning...

Heap overflow

Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI SCADA system 7.0 before 7.0 SIM 9, and earlier versions before 6.1 SP6 Hot fix - 0107081625176106, allow remote attackers to execute arbitrary code via unknown vectors...

CVE-2008-0176

Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI SCADA system 7.0 before 7.0 SIM 9, and earlier versions before 6.1 SP6 Hot fix - 0107081625176106, allow remote attackers to execute arbitrary code via unknown vectors...

CVE-2008-0176

GE Fanuc CIMPLICITY HMI contains a heap-based buffer overflow in w32rtr.exe that can be exploited remotely (network port 32000/tcp) to execute arbitrary code. Affected: CIMPLICITY HMI 6.1 (including SP6 hotfix 010708_162517_6106) and CIMPLICITY 7.0 up to SIM 9; older versions may also be vulnerab...

CVE-2008-0176

Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI SCADA system 7.0 before 7.0 SIM 9, and earlier versions before 6.1 SP6 Hot fix - 0107081625176106, allow remote attackers to execute arbitrary code via unknown vectors...

C4 Security Advisory - GE Fanuc Cimplicity 6.1 Heap Overflow

Background ----------------- Vendor product information: CIMPLICITY is a powerful and technically advanced HMI/SCADA product. With its open system design approach, true client/server architecture, and the latest web technologies, CIMPLICITY allows you to realize the benefits of digitization for t...