CVE-2022-21798

CVE-2022-21798 affects GE Proficy CIMPLICITY (CIMPLICITY HMI/SCADA). The vulnerability is “cleartext transmission of credentials” inside the CIMPLICITY network, which can be spoofed to log in and make operational changes. CVSSv3.1 base score 9.8 (CRITICAL) with network access, low attack complexi...

CVE-2023-4487

CVE-2023-4487 affects GE Digital CIMPLICITY 2023. A process-control vulnerability could allow a local attacker to insert malicious configuration files into the web server execution path, escalating privileges and gaining full control of the HMI software. Affected product: CIMPLICITY 2023. Impact:...

CVE-2016-9360

The CVE-2016-9360 issue affects GE Proficy HMI/SCADA iFIX (Version 5.8 SIM 13 and earlier), CIMPLICITY (Version 9.0 and earlier), and Historian (Version 6.0 and earlier). Root cause: Insufficiently protected credentials enabling password retrieval when an attacker has access to an authenticated s...

CVE-2022-3084

GE CIMPLICITY is affected (versions 2022 and prior) by CVE-2022-3084 due to an uninitialized pointer condition where data from a faulting address can control code flow, starting at gmmiObj!CGmmiRootOptionTable, enabling arbitrary code execution. The issue is documented across multiple sources (NV...

CVE-2023-3463

Ge Digital CIMPLICITY is affected by a heap-based buffer overflow due to memory corruption from insufficient input validation. All CIMPLICITY versions are implicated when documents from untrusted sources are accepted, allowing issues such as out-of-bounds reads/writes, use-after-free, and buffer ...

CVE-2022-2002

CVE-2022-2002 affects GE CIMPLICITY (versions 2022 and prior). The issue is an untrusted pointer dereference in gmmiObj!CGmmiOptionContainer that could allow arbitrary code execution. The CVSS v3.1 base score is 7.8 (HIGH), with LOCAL attack vector and user interaction required. Public exploitati...

CVE-2022-3092

GE CIMPLICITY HMI/SCADA software (CIMPLICITY) versions 2022 and prior are affected by CVE-2022-3092 due to an out-of-bounds write (CWE-787) that could allow arbitrary code execution. The vulnerability is local (AV:L, UI:R) with high impact to confidentiality, integrity and availability (CVSS v3 b...

CVE-2022-2952

CVE-2022-2952 affects GE CIMPLICITY (versions 2022 and prior). The vulnerability occurs when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, potentially allowing arbitrary code execution. Impact is high (C/H/I/H/A/H) with CVSS v3.1 base score 7.8, attack ...

CVE-2022-2948

CVE-2022-2948 affects GE CIMPLICITY HMI/SCADA software versions 2022 and earlier. The vulnerability is a heap-based buffer overflow in CIMPLICITY (CVE-2022-2948) that could allow an attacker to execute arbitrary code. Reported impact aligns with a HIGH severity (CVSS v3.1: 7.8) with local attack ...

CVE-2016-5787

CVE-2016-5787 affects GE Digital Proficy HMI/SCADA CIMPLICITY, prior to version 8.2 SIM 27. The root cause is improper handling of service DACLs, allowing a local user to modify the CIMPLICITY service configuration via unspecified vectors, enabling privilege elevation by tampering with the servic...

CVE-2020-6992

GE Digital CIMPLICITY HMI/SCADA vulnerability CVE-2020-6992 affects CIMPLICITY v10.0 and earlier. It is a local privilege escalation (CWE-269) that requires an authenticated session to modify the system and arbitrarily execute code. Affected component: CIMPLICITY HMI/SCADA software; root cause is...

CVE-2018-15362

An XXE (XML External Entity) vulnerability (CWE-611) affects GE Proficy Cimplicity GDS in versions 9.0 R2, 9.5, 10.0. The root cause is improper restriction of XML external entities, enabling an attacker to initiate an OPC UA session and retrieve an arbitrary file. CVSSv3 base score 9.1 (CRITICAL...