Summary
GE Intelligent Platforms Proficy Cimplicity is prone to multiple Vulnerabilities
Impact
If the vulnerabilities are exploited, they could allow an unauthenticated remote attacker to cause the CIMPLICITY built-in Web server to crash or to run arbitrary commands on a server running the affected software, or could potentially allow an attacker to take control of the CIMPLICITY server.
Solution
Updates are available.
Insight
General Electric (GE) has addressed two vulnerabilities in GE Intelligent Platforms Proficy HMI/SCADA-CIMPLICITY: a directory transversal vulnerability and improper input validation vulnerability.
GE has released two security advisories (GEIP12-13 and GEIP12-19) available on the GE Intelligent Platforms support Web site to inform customers about these vulnerabilities.
Affected
GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY
Detection
Send a maliciously crafted HTTP request to read a local file.
References
Severity
Classification
-
CVE CVE-2013-0653, CVE-2013-0654 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities