fkie_cve-2014-0751
Vulnerability from fkie_nvd
Published
2014-01-25 22:55
Modified
2025-08-22 23:15
Severity ?
Summary
The CIMPLICITY Web-based access component, CimWebServer, does not check the location of shell files being loaded into the system. By modifying the source location, an attacker could send shell code to the CimWebServer which would deploy the nefarious files as part of any SCADA project. This could allow the attacker to execute arbitrary code.
References
ics-cert@hq.dhs.govhttp://support.ge-ip.com/support/index?page=kbchannel&id=KB15939
ics-cert@hq.dhs.govhttp://www.securityfocus.com/bid/65124
ics-cert@hq.dhs.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-14-023-01
af854a3a-2127-422b-91ae-364da2661108http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01
af854a3a-2127-422b-91ae-364da2661108http://support.ge-ip.com/support/index?page=kbchannel&id=KB15940Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/65117
Impacted products
Vendor Product Version
ge intelligent_platforms_proficy_hmi\%2fscada_cimplicity *
ge intelligent_platforms_proficy_hmi\/scada_cimplicity 4.01
ge intelligent_platforms_proficy_hmi\/scada_cimplicity 7.5
ge intelligent_platforms_proficy_hmi\/scada_cimplicity 8.0
ge intelligent_platforms_proficy_hmi\/scada_cimplicity 8.1
ge intelligent_platforms_proficy_hmi\/scada_cimplicity 8.2
ge intelligent_platforms_proficy_process_systems_with_cimplicity -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\%2fscada_cimplicity:*:sim24:*:*:*:*:*:*",
              "matchCriteriaId": "4C5EDB9D-01CD-4843-86CD-C834B726ACF1",
              "versionEndIncluding": "8.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:4.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C0B8CA7-2161-4603-B844-DE6C079DF36F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3BACB11-5CD3-4CA6-9C56-D71628CADF0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "90538C50-38BD-4EE5-BD30-96E2E2951FE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB261867-B9B1-4D3D-B2DE-3CC3164EFD06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "559DCD7A-0745-4D4C-A77A-83240EF6C510",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_process_systems_with_cimplicity:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD9711EA-2C95-41FA-8827-01FCB0ED4B06",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The CIMPLICITY Web-based access component, CimWebServer, does not check \nthe location of shell files being loaded into the system. By modifying \nthe source location, an attacker could send shell code to the \nCimWebServer which would deploy the nefarious files as part of any SCADA\n project. This could allow the attacker to execute arbitrary code."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en CimWebServer.exe (tambi\u00e9n conocido como el componente WebView) en GE Intelligent Platforms Proficy HMI / SCADA - CIMPLICITY anterior a  8.2 SIM  24 y Proficy Process con CIMPLICITY, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un mensaje manipulado a puerto TCP 10212  , tambi\u00e9n conocido como ZDI-CAN-1623."
    }
  ],
  "id": "CVE-2014-0751",
  "lastModified": "2025-08-22T23:15:30.233",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary",
        "userInteractionRequired": false
      },
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-01-25T22:55:04.583",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "http://support.ge-ip.com/support/index?page=kbchannel\u0026id=KB15939"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "http://www.securityfocus.com/bid/65124"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-023-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.ge-ip.com/support/index?page=kbchannel\u0026id=KB15940"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/65117"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.