GE Digital CIMPLICITY

1. EXECUTIVE SUMMARY CVSS v3 6.0 ATTENTION: Low skill level to exploit Vendor: GE Digital Equipment: CIMPLICITY Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an adversary to modify the systemwide CIMPLICITY configuration,...

CVE-2018-15362

XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0...

CVE-2018-15362

An XXE (XML External Entity) vulnerability (CWE-611) affects GE Proficy Cimplicity GDS in versions 9.0 R2, 9.5, 10.0. The root cause is improper restriction of XML external entities, enabling an attacker to initiate an OPC UA session and retrieve an arbitrary file. CVSSv3 base score 9.1 (CRITICAL...

CVE-2018-15362

XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0...

CVE-2018-15362

XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0...

Design/Logic Flaw

XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0...

GE Proficy GDS

1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: General Electric GE Equipment: Proficy GDS Vulnerability: XXE 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to initiate an OPC UA session and retrieve an...

GE CIMPLICITY Stack Buffer Overflow Vulnerability

GE CIMPLICITY is an HMI software. GE CIMPLICITY suffers from a stack buffer overflow vulnerability that could be exploited by a remote attacker to submit a special request to crash the application or execute arbitrary code...

Stack overflow

A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution...

CVE-2017-12732

A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution...

CVE-2017-12732

A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution...

CVE-2017-12732

A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution...

CVE-2017-12732

GE CIMPLICITY (HMI/SCADA) is affected by a Stack-based Buffer Overflow in CIMPLICITY versions 9.0 and prior. A function that reads the next packet length does not verify the length, allowing a buffer overwrite and potential arbitrary remote code execution (and device crash). Impact is described a...

The vulnerability of the GE Proficy HMI/SCADA iFIX monitoring tool for technological operations, the client-server application for data processing and control of technological operations (Proficy HMI/SCADA CIMPLICITY), and the Proficy Historian repository lies in the insufficient security of account protection, allowing attackers to obtain user passwords.

The vulnerability of the GE Proficy HMI/SCADA iFIX control system, the client-server application for data processing and control operations, as well as the Proficy HMI/SCADA CIMPLICITY control system and the Proficy Historian repository, is related to insufficiently secure account protection...

GE CIMPLICITY (Update A)

CVSS v3 6.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: GE Equipment: CIMPLICITY Vulnerability: Stack-based Buffer Overflow UPDATED INFORMATION This updated advisory is a follow-up to the original advisory titled ICSA-17-278-01 GE CIMPLICITY that was published October 5,...

GE CIMPLICITY

CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: GE Equipment: CIMPLICITY Vulnerability: Stack-based Buffer Overflow AFFECTED PRODUCTS The following versions of CIMPLICITY, an HMI/SCADA management platform, are affected: CIMPLICITY Versions 9.0 and prior. IMPACT...

GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian Vulnerability (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-16-336-05A GE Proficy HMI/SCADA IFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian Vulnerability that was published January 24, 2017, on the NCCIC/ICS-CERT web site. GE has reported an insufficiently protecte...

CVE-2016-9360

An issue was discovered in General Electric GE Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has acces...

CVE-2016-9360

An issue was discovered in General Electric GE Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has acces...

Session fixation

An issue was discovered in General Electric GE Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has acces...