Details of VAR-201312-0498

ID

VAR-201312-0498

TITLE

General Electric (GE) Proficy HMI/SCADA - CIMPLICITY gefebt.exe Remote Command Execution Vulnerability

Trust: 0.8

sources: IVD: 672e4e42-1ef6-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-15501

DESCRIPTION

GE Proficy CIMPLICITY is a monitoring software developed by GE and one of the industry's leading HMI/SCADA software. General Electric (GE) Proficy HMI/SCADA - CIMPLICITY WebView The CimWeb component (gefebt.exe) incorrectly verifies user-submitted HTTP traffic, allowing remote attackers to exploit vulnerabilities to execute arbitrary commands in the application context

Trust: 0.72

sources: CNVD: CNVD-2013-15501 // IVD: 672e4e42-1ef6-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 672e4e42-1ef6-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-15501

AFFECTED PRODUCTS

vendor:

general electric

model:

proficy hmi/scada-cimplicity

scope:

version:

4.01

Trust: 0.8

sources: IVD: 672e4e42-1ef6-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-15501

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2013-15501
value:	HIGH
Trust: 0.6
IVD:	672e4e42-1ef6-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2

CNVD:	CNVD-2013-15501
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	672e4e42-1ef6-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 672e4e42-1ef6-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-15501

TYPE

Input validation

Trust: 0.2

sources: IVD: 672e4e42-1ef6-11e6-abef-000c29c66e3d

PATCH

title:

General Electric (GE) Proficy HMI/SCADA - CIMPLICITY gefebt.exe patch for remote command execution vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/41928

Trust: 0.6

sources: CNVD: CNVD-2013-15501

EXTERNAL IDS

db:	CNVD	id:	CNVD-2013-15501	Trust: 0.8
db:	IVD	id:	672E4E42-1EF6-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 672e4e42-1ef6-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-15501

REFERENCES

url:

http://support.ge-ip.com/support/resources/sites/ge_fanuc_support/content/live/kb/15000/kb15939/en_us/geip13-05%20security%20advisory%20-%20proficy%20cimplicity%20gefebt%20remote%20code%20exec.pdf

Trust: 0.6

sources: CNVD: CNVD-2013-15501

SOURCES

db:	IVD	id:	672e4e42-1ef6-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2013-15501

LAST UPDATE DATE

2022-05-17T01:51:11.410000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2013-15501

date:

2013-12-23T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	672e4e42-1ef6-11e6-abef-000c29c66e3d	date:	2013-12-23T00:00:00
db:	CNVD	id:	CNVD-2013-15501	date:	2013-12-23T00:00:00