Details of VAR-201312-0497

ID

VAR-201312-0497

TITLE

General Electric (GE) Proficy HMI/SCADA - CIMPLICITY WebView Unknown remote command execution vulnerability

Trust: 0.8

sources: IVD: 64c2455a-1ef6-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-15504

DESCRIPTION

GE Proficy CIMPLICITY is a monitoring software developed by GE and one of the industry's leading HMI/SCADA software. General Electric (GE) Proficy HMI/SCADA - The CIMPLICITY WebView component (CimWebServer.exe) has an unexplained flaw that allows a remote attacker to exploit a vulnerability to execute arbitrary commands in the context of an application

Trust: 0.72

sources: CNVD: CNVD-2013-15504 // IVD: 64c2455a-1ef6-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 64c2455a-1ef6-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-15504

AFFECTED PRODUCTS

vendor:

general electric

model:

proficy hmi/scada-cimplicity

scope:

version:

4.01

Trust: 0.8

sources: IVD: 64c2455a-1ef6-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-15504

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2013-15504
value:	HIGH
Trust: 0.6
IVD:	64c2455a-1ef6-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2

CNVD:	CNVD-2013-15504
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	64c2455a-1ef6-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 64c2455a-1ef6-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-15504

TYPE

Input validation

Trust: 0.2

sources: IVD: 64c2455a-1ef6-11e6-abef-000c29c66e3d

PATCH

title:

General Electric (GE) Proficy HMI/SCADA - CIMPLICITY WebView Patch with Unknown Remote Command Execution Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/41940

Trust: 0.6

sources: CNVD: CNVD-2013-15504

EXTERNAL IDS

db:	CNVD	id:	CNVD-2013-15504	Trust: 0.8
db:	IVD	id:	64C2455A-1EF6-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 64c2455a-1ef6-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-15504

REFERENCES

url:

http://support.ge-ip.com/support/resources/sites/ge_fanuc_support/content/live/kb/15000/kb15940/en_us/geip13-06%20security%20advisory%20-%20proficy%20cimplicity%20webview%20remote%20code%20exec.pdf

Trust: 0.6

sources: CNVD: CNVD-2013-15504

SOURCES

db:	IVD	id:	64c2455a-1ef6-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2013-15504

LAST UPDATE DATE

2022-05-17T02:09:53.334000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2013-15504

date:

2013-12-23T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	64c2455a-1ef6-11e6-abef-000c29c66e3d	date:	2013-12-23T00:00:00
db:	CNVD	id:	CNVD-2013-15504	date:	2013-12-23T00:00:00