Details of VAR-E-201607-0413

ID

VAR-E-201607-0413

CVE

cve_id:

CVE-2016-5787

Trust: 0.3

sources: BID: 91727

TITLE

GE Proficy HMI SCADA CIMPLICITY CVE-2016-5787 Local Privilege Escalation Vulnerability

Trust: 0.3

sources: BID: 91727

DESCRIPTION

GE Proficy HMI SCADA CIMPLICITY is prone to a local privilege escalation vulnerability.
An attacker can exploit this vulnerability to gain elevated privileges. This may aid in further attacks.
GE Proficy HMI SCADA CIMPLICITY 8.2 SIM 26 and prior are vulnerable.

Trust: 0.3

sources: BID: 91727

AFFECTED PRODUCTS

vendor:	general	model:	electric proficy hmi/scada cimplicity sim	scope:	eq	version:	-8.226	Trust: 0.3
vendor:	general	model:	electric proficy hmi/scada cimplicity sim	scope:	eq	version:	-8.219	Trust: 0.3
vendor:	general	model:	electric proficy hmi/scada cimplicity	scope:	eq	version:	-8.2	Trust: 0.3
vendor:	general	model:	electric proficy hmi/scada cimplicity sim	scope:	ne	version:	-8.227	Trust: 0.3

sources: BID: 91727

EXPLOIT

An attacker can exploit this issue by gaining local interactive access.

Trust: 0.3

sources: BID: 91727

PRICE

Free

Trust: 0.3

sources: BID: 91727

TYPE

Design Error

Trust: 0.3

sources: BID: 91727

CREDITS

Zhou Yu of Acorn Network Security.

Trust: 0.3

sources: BID: 91727

EXTERNAL IDS

db:	ICS CERT	id:	ICSA-16-194-02	Trust: 0.3
db:	NVD	id:	CVE-2016-5787	Trust: 0.3
db:	BID	id:	91727	Trust: 0.3

sources: BID: 91727

REFERENCES

url:	http://www.ge-ip.com/	Trust: 0.3
url:	https://ics-cert.us-cert.gov/advisories/icsa-16-194-02	Trust: 0.3

sources: BID: 91727

SOURCES

db:

BID

id:

91727

LAST UPDATE DATE

2022-07-27T09:42:31.444000+00:00

SOURCES UPDATE DATE

db:

BID

id:

91727

date:

2016-07-12T00:00:00

SOURCES RELEASE DATE

db:

BID

id:

91727

date:

2016-07-12T00:00:00