ID

VAR-E-201607-0413


CVE

cve_id:CVE-2016-5787

Trust: 0.3

sources: BID: 91727

TITLE

GE Proficy HMI SCADA CIMPLICITY CVE-2016-5787 Local Privilege Escalation Vulnerability

Trust: 0.3

sources: BID: 91727

DESCRIPTION

GE Proficy HMI SCADA CIMPLICITY is prone to a local privilege escalation vulnerability.
An attacker can exploit this vulnerability to gain elevated privileges. This may aid in further attacks.
GE Proficy HMI SCADA CIMPLICITY 8.2 SIM 26 and prior are vulnerable.

Trust: 0.3

sources: BID: 91727

AFFECTED PRODUCTS

vendor:generalmodel:electric proficy hmi/scada cimplicity simscope:eqversion:-8.226

Trust: 0.3

vendor:generalmodel:electric proficy hmi/scada cimplicity simscope:eqversion:-8.219

Trust: 0.3

vendor:generalmodel:electric proficy hmi/scada cimplicityscope:eqversion:-8.2

Trust: 0.3

vendor:generalmodel:electric proficy hmi/scada cimplicity simscope:neversion:-8.227

Trust: 0.3

sources: BID: 91727

EXPLOIT

An attacker can exploit this issue by gaining local interactive access.

Trust: 0.3

sources: BID: 91727

PRICE

Free

Trust: 0.3

sources: BID: 91727

TYPE

Design Error

Trust: 0.3

sources: BID: 91727

CREDITS

Zhou Yu of Acorn Network Security.

Trust: 0.3

sources: BID: 91727

EXTERNAL IDS

db:ICS CERTid:ICSA-16-194-02

Trust: 0.3

db:NVDid:CVE-2016-5787

Trust: 0.3

db:BIDid:91727

Trust: 0.3

sources: BID: 91727

REFERENCES

url:http://www.ge-ip.com/

Trust: 0.3

url:https://ics-cert.us-cert.gov/advisories/icsa-16-194-02

Trust: 0.3

sources: BID: 91727

SOURCES

db:BIDid:91727

LAST UPDATE DATE

2022-07-27T09:42:31.444000+00:00


SOURCES UPDATE DATE

db:BIDid:91727date:2016-07-12T00:00:00

SOURCES RELEASE DATE

db:BIDid:91727date:2016-07-12T00:00:00