var-201607-0454
Vulnerability from variot
General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlService settings may be changed by local users. GE Proficy HMI SCADA CIMPLICITY is a client/server based HMI/SCADA solution. GE Proficy HMI SCADA CIMPLICITY has a security vulnerability that allows a local attacker to exploit this vulnerability to increase privileges. This may aid in further attacks. GE Proficy HMI SCADA CIMPLICITY 8.2 SIM 26 and prior are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0454",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cimplicity",
"scope": "lt",
"trust": 1.0,
"vendor": "ge",
"version": "8.2"
},
{
"model": "cimplicity",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": "8.2"
},
{
"model": "proficy hmi/scada - cimplicity",
"scope": "lt",
"trust": 0.8,
"vendor": "general electric",
"version": "8.2 sim 27"
},
{
"model": "cimplicity sim",
"scope": "lt",
"trust": 0.6,
"vendor": "ge",
"version": "8.227"
},
{
"model": "cimplicity",
"scope": "eq",
"trust": 0.6,
"vendor": "general electric",
"version": "8.2"
},
{
"model": "electric proficy hmi/scada cimplicity sim",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "-8.226"
},
{
"model": "electric proficy hmi/scada cimplicity sim",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "-8.219"
},
{
"model": "electric proficy hmi/scada cimplicity",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "-8.2"
},
{
"model": "electric proficy hmi/scada cimplicity sim",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "-8.227"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cimplicity",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e48555af-f166-4a94-bc44-f644c9893996"
},
{
"db": "CNVD",
"id": "CNVD-2016-04901"
},
{
"db": "BID",
"id": "91727"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003795"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-339"
},
{
"db": "NVD",
"id": "CVE-2016-5787"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ge:intelligent_platforms_proficy_hmi%2Fscada_cimplicity",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003795"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zhou Yu of Acorn Network Security.",
"sources": [
{
"db": "BID",
"id": "91727"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-339"
}
],
"trust": 0.9
},
"cve": "CVE-2016-5787",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5787",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2016-04901",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "e48555af-f166-4a94-bc44-f644c9893996",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.0,
"id": "CVE-2016-5787",
"impactScore": 3.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 5.7,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-5787",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5787",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-5787",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-04901",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-339",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e48555af-f166-4a94-bc44-f644c9893996",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e48555af-f166-4a94-bc44-f644c9893996"
},
{
"db": "CNVD",
"id": "CNVD-2016-04901"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003795"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-339"
},
{
"db": "NVD",
"id": "CVE-2016-5787"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlService settings may be changed by local users. GE Proficy HMI SCADA CIMPLICITY is a client/server based HMI/SCADA solution. GE Proficy HMI SCADA CIMPLICITY has a security vulnerability that allows a local attacker to exploit this vulnerability to increase privileges. This may aid in further attacks. \nGE Proficy HMI SCADA CIMPLICITY 8.2 SIM 26 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5787"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003795"
},
{
"db": "CNVD",
"id": "CNVD-2016-04901"
},
{
"db": "BID",
"id": "91727"
},
{
"db": "IVD",
"id": "e48555af-f166-4a94-bc44-f644c9893996"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5787",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-194-02",
"trust": 2.7
},
{
"db": "BID",
"id": "91727",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2016-04901",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-339",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003795",
"trust": 0.8
},
{
"db": "IVD",
"id": "E48555AF-F166-4A94-BC44-F644C9893996",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e48555af-f166-4a94-bc44-f644c9893996"
},
{
"db": "CNVD",
"id": "CNVD-2016-04901"
},
{
"db": "BID",
"id": "91727"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003795"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-339"
},
{
"db": "NVD",
"id": "CVE-2016-5787"
}
]
},
"id": "VAR-201607-0454",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e48555af-f166-4a94-bc44-f644c9893996"
},
{
"db": "CNVD",
"id": "CNVD-2016-04901"
}
],
"trust": 1.5849003000000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e48555af-f166-4a94-bc44-f644c9893996"
},
{
"db": "CNVD",
"id": "CNVD-2016-04901"
}
]
},
"last_update_date": "2024-11-23T22:22:44.660000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GED 16-01",
"trust": 0.8,
"url": "https://ge-ip.force.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-16-01"
},
{
"title": "Patch for GE Proficy HMI SCADA CIMPLICITY Local Elevation of Privilege Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/79099"
},
{
"title": "GE Proficy HMI SCADA CIMPLICITY Remedial measures for local privilege escalation",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62916"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04901"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003795"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-339"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-668",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003795"
},
{
"db": "NVD",
"id": "CVE-2016-5787"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-194-02"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/91727"
},
{
"trust": 1.6,
"url": "https://ge-ip.force.com/communities/en_us/article/ge-digital-security-advisory-ged-16-01"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5787"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5787"
},
{
"trust": 0.3,
"url": "http://www.ge-ip.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04901"
},
{
"db": "BID",
"id": "91727"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003795"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-339"
},
{
"db": "NVD",
"id": "CVE-2016-5787"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e48555af-f166-4a94-bc44-f644c9893996"
},
{
"db": "CNVD",
"id": "CNVD-2016-04901"
},
{
"db": "BID",
"id": "91727"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003795"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-339"
},
{
"db": "NVD",
"id": "CVE-2016-5787"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-18T00:00:00",
"db": "IVD",
"id": "e48555af-f166-4a94-bc44-f644c9893996"
},
{
"date": "2016-07-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04901"
},
{
"date": "2016-07-12T00:00:00",
"db": "BID",
"id": "91727"
},
{
"date": "2016-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003795"
},
{
"date": "2016-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-339"
},
{
"date": "2016-07-15T16:59:11.423000",
"db": "NVD",
"id": "CVE-2016-5787"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04901"
},
{
"date": "2016-07-12T00:00:00",
"db": "BID",
"id": "91727"
},
{
"date": "2016-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003795"
},
{
"date": "2022-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-339"
},
{
"date": "2024-11-21T02:55:00.607000",
"db": "NVD",
"id": "CVE-2016-5787"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "91727"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-339"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "General Electric Digital Proficy HMI/SCADA - CIMPLICITY Vulnerability in changing service settings",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003795"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-339"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…