var-201401-0365
Vulnerability from variot
Directory traversal vulnerability in CimWebServer.exe (aka the WebView component) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted message to TCP port 10212, aka ZDI-CAN-1623. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CimWebServer component. This component performs insufficient parameter validation on the szScreen field. Successful exploitation will allow an attacker to upload and execute an arbitrary file on the target server. GE Proficy CIMPLICITY is a monitoring software developed by GE and one of the industry's leading HMI/SCADA software. GE Proficy CIMPLICITY's CimWebServer based on WEB access fails to properly check the location of shell files loaded into the system. By modifying the source location, an attacker can send shell code to CimWebServer and deploy it to any SCADA project and execute it with WEB privileges. The following products are affected: Proficy HMI/SCADA - CIMPLICITY 4.01 through versions 8.2 Proficy Process Systems with CIMPLICITY
Show details on source website{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "intelligent platforms proficy hmi\\/scada cimplicity",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ge",
        "version": "7.5"
      },
      {
        "_id": null,
        "model": "intelligent platforms proficy hmi\\/scada cimplicity",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ge",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": "intelligent platforms proficy process systems with cimplicity",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ge",
        "version": null
      },
      {
        "_id": null,
        "model": "intelligent platforms proficy hmi\\/scada cimplicity",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ge",
        "version": "4.01"
      },
      {
        "_id": null,
        "model": "intelligent platforms proficy hmi\\/scada cimplicity",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ge",
        "version": "8.2"
      },
      {
        "_id": null,
        "model": "intelligent platforms proficy hmi\\/scada cimplicity",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ge",
        "version": "8.1"
      },
      {
        "_id": null,
        "model": "intelligent platforms proficy hmi\\%2fscada cimplicity",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ge",
        "version": "8.2"
      },
      {
        "_id": null,
        "model": "proficy hmi/scada - cimplicity",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "general electric",
        "version": "4.01 to  8.2"
      },
      {
        "_id": null,
        "model": "proficy process systems with cimplicity",
        "scope": null,
        "trust": 0.8,
        "vendor": "general electric",
        "version": null
      },
      {
        "_id": null,
        "model": "proficy cimplicity",
        "scope": null,
        "trust": 0.7,
        "vendor": "ge",
        "version": null
      },
      {
        "_id": null,
        "model": "electric proficy process systems with cimplicity",
        "scope": null,
        "trust": 0.6,
        "vendor": "general",
        "version": null
      },
      {
        "_id": null,
        "model": "electric proficy hmi/scada \\342\\200\\223 cimplicity",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "general",
        "version": "4.01-8.2"
      },
      {
        "_id": null,
        "model": "intelligent platforms proficy hmi\\%2fscada cimplicity",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ge",
        "version": "8.2"
      },
      {
        "_id": null,
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "intelligent platforms proficy hmi 2fscada cimplicity",
        "version": "*"
      },
      {
        "_id": null,
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "intelligent platforms proficy hmi scada cimplicity",
        "version": "4.01"
      },
      {
        "_id": null,
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "intelligent platforms proficy hmi scada cimplicity",
        "version": "7.5"
      },
      {
        "_id": null,
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "intelligent platforms proficy hmi scada cimplicity",
        "version": "8.0"
      },
      {
        "_id": null,
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "intelligent platforms proficy hmi scada cimplicity",
        "version": "8.1"
      },
      {
        "_id": null,
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "intelligent platforms proficy hmi scada cimplicity",
        "version": "8.2"
      },
      {
        "_id": null,
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "intelligent platforms proficy process with cimplicity",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "4369d8b8-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-14-016"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-00675"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001258"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-524"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0751"
      }
    ]
  },
  "configurations": {
    "_id": null,
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:ge:intelligent_platforms_proficy_hmi%2Fscada_cimplicity",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:ge:intelligent_platforms_proficy_process_systems_with_cimplicity",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001258"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "ZombiE and amisto0x07",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-14-016"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2014-0751",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2014-0751",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "ZDI",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2014-0751",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.7,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2014-00675",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "4369d8b8-2352-11e6-abef-000c29c66e3d",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2014-0751",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2014-0751",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "ZDI",
            "id": "CVE-2014-0751",
            "trust": 0.7,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2014-00675",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201401-524",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "4369d8b8-2352-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "4369d8b8-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-14-016"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-00675"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001258"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-524"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0751"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "Directory traversal vulnerability in CimWebServer.exe (aka the WebView component) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted message to TCP port 10212, aka ZDI-CAN-1623. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CimWebServer component. This component performs insufficient parameter validation on the szScreen field. Successful exploitation will allow an attacker to upload and execute an arbitrary file on the target server. GE Proficy CIMPLICITY is a monitoring software developed by GE and one of the industry\u0027s leading HMI/SCADA software. GE Proficy CIMPLICITY\u0027s CimWebServer based on WEB access fails to properly check the location of shell files loaded into the system. By modifying the source location, an attacker can send shell code to CimWebServer and deploy it to any SCADA project and execute it with WEB privileges. \nThe following products are affected:\nProficy HMI/SCADA - CIMPLICITY 4.01 through versions 8.2\nProficy Process Systems with CIMPLICITY",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0751"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001258"
      },
      {
        "db": "ZDI",
        "id": "ZDI-14-016"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-00675"
      },
      {
        "db": "BID",
        "id": "65117"
      },
      {
        "db": "IVD",
        "id": "4369d8b8-2352-11e6-abef-000c29c66e3d"
      }
    ],
    "trust": 3.24
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-0751",
        "trust": 4.2
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-14-023-01",
        "trust": 3.0
      },
      {
        "db": "BID",
        "id": "65117",
        "trust": 1.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-00675",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-524",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001258",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-1623",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-14-016",
        "trust": 0.7
      },
      {
        "db": "IVD",
        "id": "4369D8B8-2352-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "4369d8b8-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "ZDI",
        "id": "ZDI-14-016"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-00675"
      },
      {
        "db": "BID",
        "id": "65117"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001258"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-524"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0751"
      }
    ]
  },
  "id": "VAR-201401-0365",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "4369d8b8-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-00675"
      }
    ],
    "trust": 1.5099878000000002
  },
  "iot_taxonomy": {
    "_id": null,
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "4369d8b8-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-00675"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:46:08.386000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "KB15940",
        "trust": 0.8,
        "url": "http://support.ge-ip.com/support/index?page=kbchannel\u0026id=KB15940"
      },
      {
        "title": "GE has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01"
      },
      {
        "title": "Multiple General Electric product shell upload vulnerability patches",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/43199"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-14-016"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-00675"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001258"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-22",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001258"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0751"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 3.7,
        "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-023-01"
      },
      {
        "trust": 1.6,
        "url": "http://support.ge-ip.com/support/index?page=kbchannel\u0026id=kb15940"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/65117"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0751"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0751"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-14-016"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-00675"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001258"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-524"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0751"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "IVD",
        "id": "4369d8b8-2352-11e6-abef-000c29c66e3d",
        "ident": null
      },
      {
        "db": "ZDI",
        "id": "ZDI-14-016",
        "ident": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-00675",
        "ident": null
      },
      {
        "db": "BID",
        "id": "65117",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001258",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-524",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0751",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2014-01-28T00:00:00",
        "db": "IVD",
        "id": "4369d8b8-2352-11e6-abef-000c29c66e3d",
        "ident": null
      },
      {
        "date": "2014-02-13T00:00:00",
        "db": "ZDI",
        "id": "ZDI-14-016",
        "ident": null
      },
      {
        "date": "2014-01-28T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2014-00675",
        "ident": null
      },
      {
        "date": "2014-01-23T00:00:00",
        "db": "BID",
        "id": "65117",
        "ident": null
      },
      {
        "date": "2014-01-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-001258",
        "ident": null
      },
      {
        "date": "2014-01-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201401-524",
        "ident": null
      },
      {
        "date": "2014-01-25T22:55:04.583000",
        "db": "NVD",
        "id": "CVE-2014-0751",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2014-02-13T00:00:00",
        "db": "ZDI",
        "id": "ZDI-14-016",
        "ident": null
      },
      {
        "date": "2014-01-28T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2014-00675",
        "ident": null
      },
      {
        "date": "2014-02-17T03:56:00",
        "db": "BID",
        "id": "65117",
        "ident": null
      },
      {
        "date": "2014-01-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-001258",
        "ident": null
      },
      {
        "date": "2014-01-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201401-524",
        "ident": null
      },
      {
        "date": "2024-11-21T02:02:44.600000",
        "db": "NVD",
        "id": "CVE-2014-0751",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-524"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and  Proficy Process Systems with CIMPLICITY Vulnerable to directory traversal",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001258"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "Path traversal",
    "sources": [
      {
        "db": "IVD",
        "id": "4369d8b8-2352-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-524"
      }
    ],
    "trust": 0.8
  }
}
  Sightings
| Author | Source | Type | Date | 
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.