Search criteria
47 vulnerabilities found for CIMPLICITY by GE
VAR-202202-0307
Vulnerability from variot - Updated: 2023-12-21 22:02The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the system. GE Digital Provided by the company HMI and SCADA Is a platform Proficy CIMPLICITY There is a vulnerability in plaintext communication of sensitive information ( CWE-319 , CVE-2022-21798 ) Exists. CIMPLICITY Authentication information is communicated in clear text on the network.Authentication information sent in clear text may be stolen and the device may be manipulated illegally. GE CIMPLICITY is a client (server)-based HMI (SCADA) solution from General Electric (GE) in the United States. The solution can collect and share real-time and historical data between all levels of the enterprise, realizing process, equipment, Operational visualization of resource monitoring.
There is an information leakage vulnerability in GEProficy CIMPLICITY. An attacker can use this vulnerability to log in to the system and perform unauthorized operations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0307",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cimplicity",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": "*"
},
{
"model": "proficy cimplicity",
"scope": "eq",
"trust": 0.8,
"vendor": "ge \u30c7\u30b8\u30bf\u30eb",
"version": "all s"
},
{
"model": "proficy cimplicity",
"scope": "eq",
"trust": 0.8,
"vendor": "ge \u30c7\u30b8\u30bf\u30eb",
"version": null
},
{
"model": "proficy cimplicity",
"scope": null,
"trust": 0.6,
"vendor": "ge",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-98795"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001376"
},
{
"db": "NVD",
"id": "CVE-2022-21798"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21798"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Users are advised to refer to the",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1761"
}
],
"trust": 0.6
},
"cve": "CVE-2022-21798",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-98795",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-001376",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-21798",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-21798",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2022-001376",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2023-98795",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-1761",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-98795"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001376"
},
{
"db": "NVD",
"id": "CVE-2022-21798"
},
{
"db": "NVD",
"id": "CVE-2022-21798"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1761"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the system. GE Digital Provided by the company HMI and SCADA Is a platform Proficy CIMPLICITY There is a vulnerability in plaintext communication of sensitive information ( CWE-319 , CVE-2022-21798 ) Exists. CIMPLICITY Authentication information is communicated in clear text on the network.Authentication information sent in clear text may be stolen and the device may be manipulated illegally. GE CIMPLICITY is a client (server)-based HMI (SCADA) solution from General Electric (GE) in the United States. The solution can collect and share real-time and historical data between all levels of the enterprise, realizing process, equipment, Operational visualization of resource monitoring. \n\r\n\r\nThere is an information leakage vulnerability in GEProficy CIMPLICITY. An attacker can use this vulnerability to log in to the system and perform unauthorized operations",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21798"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001376"
},
{
"db": "CNVD",
"id": "CNVD-2023-98795"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-21798",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-22-053-02",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU96846804",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001376",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-98795",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0787",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022305",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1761",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-98795"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001376"
},
{
"db": "NVD",
"id": "CVE-2022-21798"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1761"
}
]
},
"id": "VAR-202202-0307",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-98795"
}
],
"trust": 1.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-98795"
}
]
},
"last_update_date": "2023-12-21T22:02:59.477000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Secure\u00a0Deployment\u00a0Guide (Login required) GE\u00a0Digital",
"trust": 0.8,
"url": "https://digitalsupport.ge.com/communities/cc_login?starturl=%2fen_us%2fdocumentation%2fifix-secure-deployment-guide"
},
{
"title": "Patch for GE Proficy CIMPLICITY information leakage vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/358056"
},
{
"title": "General Electric Proficy Cimplicity Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=185279"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-98795"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001376"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1761"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.0
},
{
"problemtype": "Sending important information in clear text (CWE-319) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001376"
},
{
"db": "NVD",
"id": "CVE-2022-21798"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-053-02"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21798"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96846804/"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-21798/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022305"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0787"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-053-02"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-98795"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001376"
},
{
"db": "NVD",
"id": "CVE-2022-21798"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1761"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-98795"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001376"
},
{
"db": "NVD",
"id": "CVE-2022-21798"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1761"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-98795"
},
{
"date": "2022-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-001376"
},
{
"date": "2022-02-25T19:15:23.723000",
"db": "NVD",
"id": "CVE-2022-21798"
},
{
"date": "2022-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1761"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-98795"
},
{
"date": "2022-02-28T07:33:00",
"db": "JVNDB",
"id": "JVNDB-2022-001376"
},
{
"date": "2022-03-08T15:38:39.317000",
"db": "NVD",
"id": "CVE-2022-21798"
},
{
"date": "2022-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1761"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1761"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE\u00a0Digital\u00a0 Made \u00a0Proficy\u00a0CIMPLICITY\u00a0 Vulnerability of plaintext communication of sensitive information in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001376"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1761"
}
],
"trust": 0.6
}
}
VAR-202004-2037
Vulnerability from variot - Updated: 2023-12-18 13:47A local privilege escalation vulnerability has been identified in the GE Digital CIMPLICITY HMI/SCADA product v10.0 and prior. If exploited, this vulnerability could allow an adversary to modify the system, leading to the arbitrary execution of code. This vulnerability is only exploitable if an attacker has access to an authenticated session. GE Digital CIMPLICITY v11.0, released January 2020, contains mitigation for this local privilege escalation vulnerability. GE Digital recommends all users upgrade to GE CIMPLICITY v11.0 or newer. CIMPLICITY Inappropriate authority management vulnerabilities (CWE-269) Exists. GE CIMPLICITY is a client/server-based HMI/SCADA solution from General Electric (GE) of the United States. The solution can collect and share real-time and historical data between all levels of the enterprise, and realize the operation visualization of process, equipment and resource monitoring
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-2037",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cimplicity",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "10.0"
},
{
"model": "cimplicity",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": "10.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "cimplicity",
"version": "*"
},
{
"model": "cimplicity",
"scope": "lte",
"trust": 0.6,
"vendor": "ge",
"version": "\u003c=v10.0"
}
],
"sources": [
{
"db": "IVD",
"id": "7da42928-7c08-4225-bfdf-8978c341a37a"
},
{
"db": "IVD",
"id": "5bcac29d-8726-4410-b55b-bf233b8aaeaf"
},
{
"db": "IVD",
"id": "6d889fac-0db2-48e3-982e-eac48e690731"
},
{
"db": "CNVD",
"id": "CNVD-2020-22318"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003278"
},
{
"db": "NVD",
"id": "CVE-2020-6992"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6992"
}
]
},
"cve": "CVE-2020-6992",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-22318",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7da42928-7c08-4225-bfdf-8978c341a37a",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "5bcac29d-8726-4410-b55b-bf233b8aaeaf",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "6d889fac-0db2-48e3-982e-eac48e690731",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-6992",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 6.0,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-003278",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-6992",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2020-003278",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-22318",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-378",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7da42928-7c08-4225-bfdf-8978c341a37a",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "5bcac29d-8726-4410-b55b-bf233b8aaeaf",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "6d889fac-0db2-48e3-982e-eac48e690731",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-6992",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7da42928-7c08-4225-bfdf-8978c341a37a"
},
{
"db": "IVD",
"id": "5bcac29d-8726-4410-b55b-bf233b8aaeaf"
},
{
"db": "IVD",
"id": "6d889fac-0db2-48e3-982e-eac48e690731"
},
{
"db": "CNVD",
"id": "CNVD-2020-22318"
},
{
"db": "VULMON",
"id": "CVE-2020-6992"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003278"
},
{
"db": "NVD",
"id": "CVE-2020-6992"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-378"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A local privilege escalation vulnerability has been identified in the GE Digital CIMPLICITY HMI/SCADA product v10.0 and prior. If exploited, this vulnerability could allow an adversary to modify the system, leading to the arbitrary execution of code. This vulnerability is only exploitable if an attacker has access to an authenticated session. GE Digital CIMPLICITY v11.0, released January 2020, contains mitigation for this local privilege escalation vulnerability. GE Digital recommends all users upgrade to GE CIMPLICITY v11.0 or newer. CIMPLICITY Inappropriate authority management vulnerabilities (CWE-269) Exists. GE CIMPLICITY is a client/server-based HMI/SCADA solution from General Electric (GE) of the United States. The solution can collect and share real-time and historical data between all levels of the enterprise, and realize the operation visualization of process, equipment and resource monitoring",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6992"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003278"
},
{
"db": "CNVD",
"id": "CNVD-2020-22318"
},
{
"db": "IVD",
"id": "7da42928-7c08-4225-bfdf-8978c341a37a"
},
{
"db": "IVD",
"id": "5bcac29d-8726-4410-b55b-bf233b8aaeaf"
},
{
"db": "IVD",
"id": "6d889fac-0db2-48e3-982e-eac48e690731"
},
{
"db": "VULMON",
"id": "CVE-2020-6992"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-6992",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSA-20-098-02",
"trust": 3.1
},
{
"db": "CNVD",
"id": "CNVD-2020-22318",
"trust": 1.2
},
{
"db": "CNNVD",
"id": "CNNVD-202004-378",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU95253418",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003278",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.1252",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47765",
"trust": 0.6
},
{
"db": "IVD",
"id": "7DA42928-7C08-4225-BFDF-8978C341A37A",
"trust": 0.2
},
{
"db": "IVD",
"id": "5BCAC29D-8726-4410-B55B-BF233B8AAEAF",
"trust": 0.2
},
{
"db": "IVD",
"id": "6D889FAC-0DB2-48E3-982E-EAC48E690731",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2020-6992",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7da42928-7c08-4225-bfdf-8978c341a37a"
},
{
"db": "IVD",
"id": "5bcac29d-8726-4410-b55b-bf233b8aaeaf"
},
{
"db": "IVD",
"id": "6d889fac-0db2-48e3-982e-eac48e690731"
},
{
"db": "CNVD",
"id": "CNVD-2020-22318"
},
{
"db": "VULMON",
"id": "CVE-2020-6992"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003278"
},
{
"db": "NVD",
"id": "CVE-2020-6992"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-378"
}
]
},
"id": "VAR-202004-2037",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7da42928-7c08-4225-bfdf-8978c341a37a"
},
{
"db": "IVD",
"id": "5bcac29d-8726-4410-b55b-bf233b8aaeaf"
},
{
"db": "IVD",
"id": "6d889fac-0db2-48e3-982e-eac48e690731"
},
{
"db": "CNVD",
"id": "CNVD-2020-22318"
}
],
"trust": 0.12
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "IVD",
"id": "7da42928-7c08-4225-bfdf-8978c341a37a"
},
{
"db": "IVD",
"id": "5bcac29d-8726-4410-b55b-bf233b8aaeaf"
},
{
"db": "IVD",
"id": "6d889fac-0db2-48e3-982e-eac48e690731"
},
{
"db": "CNVD",
"id": "CNVD-2020-22318"
}
]
},
"last_update_date": "2023-12-18T13:47:31.928000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Customer Center",
"trust": 0.8,
"url": "https://digitalsupport.ge.com/communities/cc_contact"
},
{
"title": "Patch for GE CIMPLICITY permission elevation vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/213375"
},
{
"title": "GE CIMPLICITY Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=115598"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/jianmingguo/sicsp_ics "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22318"
},
{
"db": "VULMON",
"id": "CVE-2020-6992"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003278"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-378"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003278"
},
{
"db": "NVD",
"id": "CVE-2020-6992"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-098-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6992"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95253418/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6992"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47765"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1252/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/269.html"
},
{
"trust": 0.1,
"url": "https://github.com/jianmingguo/sicsp_ics"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-22318"
},
{
"db": "VULMON",
"id": "CVE-2020-6992"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003278"
},
{
"db": "NVD",
"id": "CVE-2020-6992"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-378"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7da42928-7c08-4225-bfdf-8978c341a37a"
},
{
"db": "IVD",
"id": "5bcac29d-8726-4410-b55b-bf233b8aaeaf"
},
{
"db": "IVD",
"id": "6d889fac-0db2-48e3-982e-eac48e690731"
},
{
"db": "CNVD",
"id": "CNVD-2020-22318"
},
{
"db": "VULMON",
"id": "CVE-2020-6992"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003278"
},
{
"db": "NVD",
"id": "CVE-2020-6992"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-378"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-07T00:00:00",
"db": "IVD",
"id": "7da42928-7c08-4225-bfdf-8978c341a37a"
},
{
"date": "2020-04-07T00:00:00",
"db": "IVD",
"id": "5bcac29d-8726-4410-b55b-bf233b8aaeaf"
},
{
"date": "2020-04-07T00:00:00",
"db": "IVD",
"id": "6d889fac-0db2-48e3-982e-eac48e690731"
},
{
"date": "2020-04-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22318"
},
{
"date": "2020-04-15T00:00:00",
"db": "VULMON",
"id": "CVE-2020-6992"
},
{
"date": "2020-04-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003278"
},
{
"date": "2020-04-15T17:15:14.953000",
"db": "NVD",
"id": "CVE-2020-6992"
},
{
"date": "2020-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-378"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-22318"
},
{
"date": "2020-04-22T00:00:00",
"db": "VULMON",
"id": "CVE-2020-6992"
},
{
"date": "2020-04-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003278"
},
{
"date": "2020-04-22T17:21:43.147000",
"db": "NVD",
"id": "CVE-2020-6992"
},
{
"date": "2020-08-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-378"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-378"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Digital Made CIMPLICITY Improper authority management vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003278"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "7da42928-7c08-4225-bfdf-8978c341a37a"
},
{
"db": "IVD",
"id": "5bcac29d-8726-4410-b55b-bf233b8aaeaf"
},
{
"db": "IVD",
"id": "6d889fac-0db2-48e3-982e-eac48e690731"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-378"
}
],
"trust": 1.2
}
}
VAR-201702-0859
Vulnerability from variot - Updated: 2023-12-18 13:39An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session. GE Proficy HMI/SCADA-CIMPLICITY is a client/server based HMI/SCADA solution from General Electric (GE). The solution captures and shares real-time and historical data across all levels of the enterprise, enabling visualization of processes, equipment, and resource monitoring operations. Proficy Historian is a factory system that collects, archives and distributes a large amount of real-time data at high speed, which significantly improves operational visibility and profit and loss settlement lines. Local vulnerabilities can exploit this vulnerability to obtain sensitive information. Multiple GE products are prone to a local information-disclosure vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0859",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cimplicity",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "9.0"
},
{
"model": "historian",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "6.0"
},
{
"model": "ifix",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "5.8"
},
{
"model": "cimplicity",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "9.0"
},
{
"model": "historian",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "6.0"
},
{
"model": "ifix",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "5.8 sim 13"
},
{
"model": "electric proficy historian",
"scope": "lte",
"trust": 0.6,
"vendor": "general",
"version": "\u003c=6.0"
},
{
"model": "electric proficy hmi/scada cimplicity",
"scope": "lte",
"trust": 0.6,
"vendor": "general",
"version": "\u003c=9.0"
},
{
"model": "electric proficy hmi/scada ifix sim",
"scope": "lte",
"trust": 0.6,
"vendor": "general",
"version": "\u003c=5.813"
},
{
"model": "historian",
"scope": "eq",
"trust": 0.6,
"vendor": "general electric",
"version": "6.0"
},
{
"model": "ifix",
"scope": "eq",
"trust": 0.6,
"vendor": "general electric",
"version": "5.8"
},
{
"model": "cimplicity",
"scope": "eq",
"trust": 0.6,
"vendor": "general electric",
"version": "9.0"
},
{
"model": "proficy hmi/scada ifix sim",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "5.813"
},
{
"model": "proficy hmi/scada ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "5.5"
},
{
"model": "proficy hmi/scada ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "5.1"
},
{
"model": "proficy hmi/scada ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "5.0"
},
{
"model": "proficy hmi/scada ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "4.0"
},
{
"model": "proficy hmi/scada cimplicity",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "9.0"
},
{
"model": "proficy hmi/scada cimplicity",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "8.0"
},
{
"model": "proficy hmi/scada cimplicity",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "7.0"
},
{
"model": "proficy historian",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "6.0"
},
{
"model": "proficy historian",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "5.5"
},
{
"model": "proficy historian",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "4.5"
},
{
"model": "proficy historian",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "4.0"
},
{
"model": "proficy historian",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "3.5"
},
{
"model": "proficy hmi/scada ifix sim",
"scope": "ne",
"trust": 0.3,
"vendor": "ge",
"version": "5.814"
},
{
"model": "proficy hmi/scada cimplicity",
"scope": "ne",
"trust": 0.3,
"vendor": "ge",
"version": "9.5"
},
{
"model": "proficy historian",
"scope": "ne",
"trust": 0.3,
"vendor": "ge",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cimplicity",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "historian",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ifix",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "8e677a52-d1d3-4559-96bd-040386314b48"
},
{
"db": "CNVD",
"id": "CNVD-2017-00906"
},
{
"db": "BID",
"id": "95630"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007952"
},
{
"db": "NVD",
"id": "CVE-2016-9360"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-692"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:historian:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:ifix:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.8",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9360"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "95630"
}
],
"trust": 0.3
},
"cve": "CVE-2016-9360",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-9360",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "CNVD-2017-00906",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "8e677a52-d1d3-4559-96bd-040386314b48",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"impactScore": 5.3,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 6.7,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-9360",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-9360",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-00906",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201701-692",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "8e677a52-d1d3-4559-96bd-040386314b48",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "8e677a52-d1d3-4559-96bd-040386314b48"
},
{
"db": "CNVD",
"id": "CNVD-2017-00906"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007952"
},
{
"db": "NVD",
"id": "CVE-2016-9360"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-692"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session. GE Proficy HMI/SCADA-CIMPLICITY is a client/server based HMI/SCADA solution from General Electric (GE). The solution captures and shares real-time and historical data across all levels of the enterprise, enabling visualization of processes, equipment, and resource monitoring operations. Proficy Historian is a factory system that collects, archives and distributes a large amount of real-time data at high speed, which significantly improves operational visibility and profit and loss settlement lines. Local vulnerabilities can exploit this vulnerability to obtain sensitive information. Multiple GE products are prone to a local information-disclosure vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9360"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007952"
},
{
"db": "CNVD",
"id": "CNVD-2017-00906"
},
{
"db": "BID",
"id": "95630"
},
{
"db": "IVD",
"id": "8e677a52-d1d3-4559-96bd-040386314b48"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-9360",
"trust": 3.5
},
{
"db": "BID",
"id": "95630",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-336-05",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-16-336-05A",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1037809",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2017-00906",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201701-692",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007952",
"trust": 0.8
},
{
"db": "IVD",
"id": "8E677A52-D1D3-4559-96BD-040386314B48",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "8e677a52-d1d3-4559-96bd-040386314b48"
},
{
"db": "CNVD",
"id": "CNVD-2017-00906"
},
{
"db": "BID",
"id": "95630"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007952"
},
{
"db": "NVD",
"id": "CVE-2016-9360"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-692"
}
]
},
"id": "VAR-201702-0859",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "8e677a52-d1d3-4559-96bd-040386314b48"
},
{
"db": "CNVD",
"id": "CNVD-2017-00906"
}
],
"trust": 1.4808041200000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "8e677a52-d1d3-4559-96bd-040386314b48"
},
{
"db": "CNVD",
"id": "CNVD-2017-00906"
}
]
},
"last_update_date": "2023-12-18T13:39:04.182000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://digitalsupport.ge.com/communities/cc_home"
},
{
"title": "Patches for multiple GE product local information disclosure vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/88599"
},
{
"title": "Multiple GE Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=67287"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-00906"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007952"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-692"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007952"
},
{
"db": "NVD",
"id": "CVE-2016-9360"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/95630"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1037809"
},
{
"trust": 1.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-336-05a"
},
{
"trust": 1.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-336-05"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9360"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9360"
},
{
"trust": 0.3,
"url": "https://www.ge.com/"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-336-05 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-00906"
},
{
"db": "BID",
"id": "95630"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007952"
},
{
"db": "NVD",
"id": "CVE-2016-9360"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-692"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "8e677a52-d1d3-4559-96bd-040386314b48"
},
{
"db": "CNVD",
"id": "CNVD-2017-00906"
},
{
"db": "BID",
"id": "95630"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007952"
},
{
"db": "NVD",
"id": "CVE-2016-9360"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-692"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-05T00:00:00",
"db": "IVD",
"id": "8e677a52-d1d3-4559-96bd-040386314b48"
},
{
"date": "2017-02-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-00906"
},
{
"date": "2017-01-17T00:00:00",
"db": "BID",
"id": "95630"
},
{
"date": "2017-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007952"
},
{
"date": "2017-02-13T21:59:02.050000",
"db": "NVD",
"id": "CVE-2016-9360"
},
{
"date": "2017-01-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-692"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-00906"
},
{
"date": "2017-01-23T03:11:00",
"db": "BID",
"id": "95630"
},
{
"date": "2017-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007952"
},
{
"date": "2022-02-03T19:40:11.877000",
"db": "NVD",
"id": "CVE-2016-9360"
},
{
"date": "2022-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-692"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "95630"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-692"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural General Electric Proficy Vulnerability to obtain user password in product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007952"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-692"
}
],
"trust": 0.6
}
}
VAR-201607-0454
Vulnerability from variot - Updated: 2023-12-18 13:24General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlService settings may be changed by local users. GE Proficy HMI SCADA CIMPLICITY is a client/server based HMI/SCADA solution. GE Proficy HMI SCADA CIMPLICITY has a security vulnerability that allows a local attacker to exploit this vulnerability to increase privileges. This may aid in further attacks. GE Proficy HMI SCADA CIMPLICITY 8.2 SIM 26 and prior are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0454",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cimplicity",
"scope": "lt",
"trust": 1.0,
"vendor": "ge",
"version": "8.2"
},
{
"model": "cimplicity",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": "8.2"
},
{
"model": "proficy hmi/scada - cimplicity",
"scope": "lt",
"trust": 0.8,
"vendor": "general electric",
"version": "8.2 sim 27"
},
{
"model": "cimplicity sim",
"scope": "lt",
"trust": 0.6,
"vendor": "ge",
"version": "8.227"
},
{
"model": "cimplicity",
"scope": "eq",
"trust": 0.6,
"vendor": "general electric",
"version": "8.2"
},
{
"model": "electric proficy hmi/scada cimplicity sim",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "-8.226"
},
{
"model": "electric proficy hmi/scada cimplicity sim",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "-8.219"
},
{
"model": "electric proficy hmi/scada cimplicity",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "-8.2"
},
{
"model": "electric proficy hmi/scada cimplicity sim",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "-8.227"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cimplicity",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e48555af-f166-4a94-bc44-f644c9893996"
},
{
"db": "CNVD",
"id": "CNVD-2016-04901"
},
{
"db": "BID",
"id": "91727"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003795"
},
{
"db": "NVD",
"id": "CVE-2016-5787"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-339"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim10:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim11:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim12:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim13:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim14:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim15:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim16:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim17:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim18:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim19:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim20:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim21:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim22:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim23:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim24:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim25:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim26:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim7:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim8:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim9:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5787"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zhou Yu of Acorn Network Security.",
"sources": [
{
"db": "BID",
"id": "91727"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-339"
}
],
"trust": 0.9
},
"cve": "CVE-2016-5787",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-5787",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2016-04901",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "e48555af-f166-4a94-bc44-f644c9893996",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.0,
"impactScore": 3.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 5.7,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-5787",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-5787",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-04901",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-339",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e48555af-f166-4a94-bc44-f644c9893996",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e48555af-f166-4a94-bc44-f644c9893996"
},
{
"db": "CNVD",
"id": "CNVD-2016-04901"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003795"
},
{
"db": "NVD",
"id": "CVE-2016-5787"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-339"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlService settings may be changed by local users. GE Proficy HMI SCADA CIMPLICITY is a client/server based HMI/SCADA solution. GE Proficy HMI SCADA CIMPLICITY has a security vulnerability that allows a local attacker to exploit this vulnerability to increase privileges. This may aid in further attacks. \nGE Proficy HMI SCADA CIMPLICITY 8.2 SIM 26 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5787"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003795"
},
{
"db": "CNVD",
"id": "CNVD-2016-04901"
},
{
"db": "BID",
"id": "91727"
},
{
"db": "IVD",
"id": "e48555af-f166-4a94-bc44-f644c9893996"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5787",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-194-02",
"trust": 2.7
},
{
"db": "BID",
"id": "91727",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2016-04901",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-339",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003795",
"trust": 0.8
},
{
"db": "IVD",
"id": "E48555AF-F166-4A94-BC44-F644C9893996",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e48555af-f166-4a94-bc44-f644c9893996"
},
{
"db": "CNVD",
"id": "CNVD-2016-04901"
},
{
"db": "BID",
"id": "91727"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003795"
},
{
"db": "NVD",
"id": "CVE-2016-5787"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-339"
}
]
},
"id": "VAR-201607-0454",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e48555af-f166-4a94-bc44-f644c9893996"
},
{
"db": "CNVD",
"id": "CNVD-2016-04901"
}
],
"trust": 1.5849003000000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e48555af-f166-4a94-bc44-f644c9893996"
},
{
"db": "CNVD",
"id": "CNVD-2016-04901"
}
]
},
"last_update_date": "2023-12-18T13:24:37.702000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GED 16-01",
"trust": 0.8,
"url": "https://ge-ip.force.com/communities/en_us/article/ge-digital-security-advisory-ged-16-01"
},
{
"title": "Patch for GE Proficy HMI SCADA CIMPLICITY Local Elevation of Privilege Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/79099"
},
{
"title": "GE Proficy HMI SCADA CIMPLICITY Remedial measures for local privilege escalation",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62916"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04901"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003795"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-339"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-668",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003795"
},
{
"db": "NVD",
"id": "CVE-2016-5787"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-194-02"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/91727"
},
{
"trust": 1.6,
"url": "https://ge-ip.force.com/communities/en_us/article/ge-digital-security-advisory-ged-16-01"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5787"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5787"
},
{
"trust": 0.3,
"url": "http://www.ge-ip.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04901"
},
{
"db": "BID",
"id": "91727"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003795"
},
{
"db": "NVD",
"id": "CVE-2016-5787"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-339"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e48555af-f166-4a94-bc44-f644c9893996"
},
{
"db": "CNVD",
"id": "CNVD-2016-04901"
},
{
"db": "BID",
"id": "91727"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003795"
},
{
"db": "NVD",
"id": "CVE-2016-5787"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-339"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-18T00:00:00",
"db": "IVD",
"id": "e48555af-f166-4a94-bc44-f644c9893996"
},
{
"date": "2016-07-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04901"
},
{
"date": "2016-07-12T00:00:00",
"db": "BID",
"id": "91727"
},
{
"date": "2016-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003795"
},
{
"date": "2016-07-15T16:59:11.423000",
"db": "NVD",
"id": "CVE-2016-5787"
},
{
"date": "2016-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-339"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04901"
},
{
"date": "2016-07-12T00:00:00",
"db": "BID",
"id": "91727"
},
{
"date": "2016-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003795"
},
{
"date": "2022-02-03T19:46:10.973000",
"db": "NVD",
"id": "CVE-2016-5787"
},
{
"date": "2022-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-339"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "91727"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-339"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "General Electric Digital Proficy HMI/SCADA - CIMPLICITY Vulnerability in changing service settings",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003795"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-339"
}
],
"trust": 0.6
}
}
VAR-201710-1117
Vulnerability from variot - Updated: 2023-12-18 13:19A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution. GE CIMPLICITY Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GE CIMPLICITY is an HMI software. GE CIMPLICITY has a stack buffer overflow vulnerability that allows remote attackers to exploit a vulnerability to submit a special request to crash an application or execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-1117",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "9.0"
},
{
"model": "cimplicity",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "9.0"
},
{
"model": "electric cimplicity",
"scope": "lte",
"trust": 0.6,
"vendor": "general",
"version": "\u003c=9.0"
},
{
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "9.0"
},
{
"model": "cimplicity",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "9.0"
},
{
"model": "cimplicity",
"scope": "ne",
"trust": 0.3,
"vendor": "ge",
"version": "9.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi scada cimplicity",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "0e1531b5-5828-444b-a091-2b4ac221507d"
},
{
"db": "CNVD",
"id": "CNVD-2017-29156"
},
{
"db": "BID",
"id": "101174"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008868"
},
{
"db": "NVD",
"id": "CVE-2017-12732"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-365"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12732"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Atch of CyberX",
"sources": [
{
"db": "BID",
"id": "101174"
}
],
"trust": 0.3
},
"cve": "CVE-2017-12732",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.4,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.9,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-12732",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-29156",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "0e1531b5-5828-444b-a091-2b4ac221507d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-12732",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12732",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-29156",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201710-365",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "0e1531b5-5828-444b-a091-2b4ac221507d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0e1531b5-5828-444b-a091-2b4ac221507d"
},
{
"db": "CNVD",
"id": "CNVD-2017-29156"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008868"
},
{
"db": "NVD",
"id": "CVE-2017-12732"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-365"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution. GE CIMPLICITY Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GE CIMPLICITY is an HMI software. GE CIMPLICITY has a stack buffer overflow vulnerability that allows remote attackers to exploit a vulnerability to submit a special request to crash an application or execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12732"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008868"
},
{
"db": "CNVD",
"id": "CNVD-2017-29156"
},
{
"db": "BID",
"id": "101174"
},
{
"db": "IVD",
"id": "0e1531b5-5828-444b-a091-2b4ac221507d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12732",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-278-01",
"trust": 2.5
},
{
"db": "BID",
"id": "101174",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-29156",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201710-365",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-278-01A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008868",
"trust": 0.8
},
{
"db": "IVD",
"id": "0E1531B5-5828-444B-A091-2B4AC221507D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "0e1531b5-5828-444b-a091-2b4ac221507d"
},
{
"db": "CNVD",
"id": "CNVD-2017-29156"
},
{
"db": "BID",
"id": "101174"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008868"
},
{
"db": "NVD",
"id": "CVE-2017-12732"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-365"
}
]
},
"id": "VAR-201710-1117",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0e1531b5-5828-444b-a091-2b4ac221507d"
},
{
"db": "CNVD",
"id": "CNVD-2017-29156"
}
],
"trust": 1.5777778
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "0e1531b5-5828-444b-a091-2b4ac221507d"
},
{
"db": "CNVD",
"id": "CNVD-2017-29156"
}
]
},
"last_update_date": "2023-12-18T13:19:19.925000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CIMPLICITY",
"trust": 0.8,
"url": "https://www.ge.com/digital/products/cimplicity"
},
{
"title": "Patch for GE CIMPLICITY Stack Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/103267"
},
{
"title": "GE CIMPLICITY Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=75479"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-29156"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008868"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-365"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008868"
},
{
"db": "NVD",
"id": "CVE-2017-12732"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-278-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/101174"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12732"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-278-01a"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12732"
},
{
"trust": 0.3,
"url": "https://www.ge.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-29156"
},
{
"db": "BID",
"id": "101174"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008868"
},
{
"db": "NVD",
"id": "CVE-2017-12732"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-365"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0e1531b5-5828-444b-a091-2b4ac221507d"
},
{
"db": "CNVD",
"id": "CNVD-2017-29156"
},
{
"db": "BID",
"id": "101174"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008868"
},
{
"db": "NVD",
"id": "CVE-2017-12732"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-365"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-09T00:00:00",
"db": "IVD",
"id": "0e1531b5-5828-444b-a091-2b4ac221507d"
},
{
"date": "2017-10-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-29156"
},
{
"date": "2017-10-05T00:00:00",
"db": "BID",
"id": "101174"
},
{
"date": "2017-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008868"
},
{
"date": "2017-10-05T21:29:00.193000",
"db": "NVD",
"id": "CVE-2017-12732"
},
{
"date": "2017-10-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-365"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-29156"
},
{
"date": "2017-10-05T00:00:00",
"db": "BID",
"id": "101174"
},
{
"date": "2017-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008868"
},
{
"date": "2019-10-09T23:23:13.263000",
"db": "NVD",
"id": "CVE-2017-12732"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-365"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-365"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE CIMPLICITY Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008868"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-365"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "0e1531b5-5828-444b-a091-2b4ac221507d"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-365"
}
],
"trust": 0.8
}
}
VAR-202211-1447
Vulnerability from variot - Updated: 2023-12-18 11:55GE CIMPICITY versions 2022 and prior is
vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. General Electric Company of CIMPLICITY Exists in an uninitialized pointer access vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. GE CIMPLICITY HMI/SCADA Software is an automated industrial platform of General Electric (GE) in the United States. Provides true client-server visualization and control from a single machine to plant locations around the world, helping to manage operations and improve decision making.
There are security vulnerabilities in GE CIMPLICITY HMI/SCADA Software 2022 and earlier versions, which may be exploited by attackers to affect the confidentiality, availability, or integrity of the system. There are currently no vulnerability details. GE CIMPLICITY
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202211-1447",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cimplicity",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "2022"
},
{
"model": "cimplicity",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "2022 and earlier"
},
{
"model": "cimplicity",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "cimplicity",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "cimplicity hmi/scada software",
"scope": "lte",
"trust": 0.6,
"vendor": "ge",
"version": "\u003c=2022"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85524"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022588"
},
{
"db": "NVD",
"id": "CVE-2022-2952"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2022",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2952"
}
]
},
"cve": "CVE-2022-2952",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2022-85524",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-2952",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-2952",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-2952",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-85524",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202211-3423",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85524"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022588"
},
{
"db": "NVD",
"id": "CVE-2022-2952"
},
{
"db": "NVD",
"id": "CVE-2022-2952"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3423"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE CIMPICITY versions 2022 and prior is \n\nvulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. General Electric Company of CIMPLICITY Exists in an uninitialized pointer access vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. GE CIMPLICITY HMI/SCADA Software is an automated industrial platform of General Electric (GE) in the United States. Provides true client-server visualization and control from a single machine to plant locations around the world, helping to manage operations and improve decision making. \n\r\n\r\nThere are security vulnerabilities in GE CIMPLICITY HMI/SCADA Software 2022 and earlier versions, which may be exploited by attackers to affect the confidentiality, availability, or integrity of the system. There are currently no vulnerability details. GE CIMPLICITY",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2952"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022588"
},
{
"db": "CNVD",
"id": "CNVD-2022-85524"
},
{
"db": "VULMON",
"id": "CVE-2022-2952"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2952",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-22-326-04",
"trust": 2.5
},
{
"db": "AUSCERT",
"id": "ESB-2022.6117",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU95378145",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022588",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-85524",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3423",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-2952",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85524"
},
{
"db": "VULMON",
"id": "CVE-2022-2952"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022588"
},
{
"db": "NVD",
"id": "CVE-2022-2952"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3423"
}
]
},
"id": "VAR-202211-1447",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85524"
}
],
"trust": 1.1769231
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85524"
}
]
},
"last_update_date": "2023-12-18T11:55:56.849000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for GE CIMPLICITY HMI/SCADA Software has an unknown vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/364081"
},
{
"title": "GE CIMPLICITY HMI/SCADA Software Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=216703"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85524"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3423"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-824",
"trust": 1.0
},
{
"problemtype": "Accessing uninitialized pointers (CWE-824) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022588"
},
{
"db": "NVD",
"id": "CVE-2022-2952"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2952"
},
{
"trust": 1.2,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6117"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95378145/index.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2952/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85524"
},
{
"db": "VULMON",
"id": "CVE-2022-2952"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022588"
},
{
"db": "NVD",
"id": "CVE-2022-2952"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3423"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-85524"
},
{
"db": "VULMON",
"id": "CVE-2022-2952"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022588"
},
{
"db": "NVD",
"id": "CVE-2022-2952"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3423"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-85524"
},
{
"date": "2023-11-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-022588"
},
{
"date": "2022-12-07T23:15:10.003000",
"db": "NVD",
"id": "CVE-2022-2952"
},
{
"date": "2022-11-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3423"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-85524"
},
{
"date": "2023-11-17T08:22:00",
"db": "JVNDB",
"id": "JVNDB-2022-022588"
},
{
"date": "2023-11-07T03:47:08.217000",
"db": "NVD",
"id": "CVE-2022-2952"
},
{
"date": "2022-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3423"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3423"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "General\u00a0Electric\u00a0Company\u00a0 of \u00a0CIMPLICITY\u00a0 Vulnerability in accessing uninitialized pointers in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022588"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3423"
}
],
"trust": 0.6
}
}
VAR-202211-1446
Vulnerability from variot - Updated: 2023-12-18 11:55GE CIMPICITY versions 2022 and prior is
vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code. General Electric Company of CIMPLICITY Exists in a heap-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. GE CIMPLICITY HMI/SCADA Software is an automated industrial platform of General Electric (GE). Provides true client-server visualization and control from a single machine to plant locations around the world, helping to manage operations and improve decision making. An attacker could exploit the vulnerability to potentially affect the confidentiality, availability, or integrity of the system. There are currently no vulnerability details. GE CIMPLICITY
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202211-1446",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cimplicity",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "2022"
},
{
"model": "cimplicity",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "2022 and earlier"
},
{
"model": "cimplicity",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "cimplicity",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "cimplicity hmi/scada software",
"scope": "lte",
"trust": 0.6,
"vendor": "ge",
"version": "\u003c=2022"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85525"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022589"
},
{
"db": "NVD",
"id": "CVE-2022-2948"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2022",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2948"
}
]
},
"cve": "CVE-2022-2948",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2022-85525",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-2948",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-2948",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-2948",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-85525",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202211-3422",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85525"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022589"
},
{
"db": "NVD",
"id": "CVE-2022-2948"
},
{
"db": "NVD",
"id": "CVE-2022-2948"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3422"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE CIMPICITY versions 2022 and prior is \n\nvulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code. General Electric Company of CIMPLICITY Exists in a heap-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. GE CIMPLICITY HMI/SCADA Software is an automated industrial platform of General Electric (GE). Provides true client-server visualization and control from a single machine to plant locations around the world, helping to manage operations and improve decision making. An attacker could exploit the vulnerability to potentially affect the confidentiality, availability, or integrity of the system. There are currently no vulnerability details. GE CIMPLICITY",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2948"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022589"
},
{
"db": "CNVD",
"id": "CNVD-2022-85525"
},
{
"db": "VULMON",
"id": "CVE-2022-2948"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2948",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-22-326-04",
"trust": 2.5
},
{
"db": "AUSCERT",
"id": "ESB-2022.6117",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU95378145",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022589",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-85525",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3422",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-2948",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85525"
},
{
"db": "VULMON",
"id": "CVE-2022-2948"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022589"
},
{
"db": "NVD",
"id": "CVE-2022-2948"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3422"
}
]
},
"id": "VAR-202211-1446",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85525"
}
],
"trust": 1.1769231
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85525"
}
]
},
"last_update_date": "2023-12-18T11:55:56.903000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for GE CIMPLICITY HMI/SCADA Software Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/364096"
},
{
"title": "GE CIMPLICITY HMI/SCADA Software Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=216960"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85525"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3422"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-122",
"trust": 1.0
},
{
"problemtype": "Heap-based buffer overflow (CWE-122) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022589"
},
{
"db": "NVD",
"id": "CVE-2022-2948"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
},
{
"trust": 1.2,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6117"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95378145/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2948"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2948/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85525"
},
{
"db": "VULMON",
"id": "CVE-2022-2948"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022589"
},
{
"db": "NVD",
"id": "CVE-2022-2948"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3422"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-85525"
},
{
"db": "VULMON",
"id": "CVE-2022-2948"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022589"
},
{
"db": "NVD",
"id": "CVE-2022-2948"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3422"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-85525"
},
{
"date": "2023-11-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-022589"
},
{
"date": "2022-12-07T23:15:09.930000",
"db": "NVD",
"id": "CVE-2022-2948"
},
{
"date": "2022-11-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3422"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-85525"
},
{
"date": "2023-11-17T08:22:00",
"db": "JVNDB",
"id": "JVNDB-2022-022589"
},
{
"date": "2023-11-07T03:47:07.493000",
"db": "NVD",
"id": "CVE-2022-2948"
},
{
"date": "2022-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3422"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3422"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "General\u00a0Electric\u00a0Company\u00a0 of \u00a0CIMPLICITY\u00a0 Heap-based buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022589"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3422"
}
],
"trust": 0.6
}
}
VAR-202211-1445
Vulnerability from variot - Updated: 2022-12-13 00:38GE CIMPICITY versions 2022 and prior is vulnerable to an out-of-bounds write, which could allow an attacker to execute arbitrary code. GE CIMPLICITY
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202211-1445",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cimplicity",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "2022"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3092"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2022",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3092"
}
]
},
"cve": "CVE-2022-3092",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-3092",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-3092",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202211-3432",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3432"
},
{
"db": "NVD",
"id": "CVE-2022-3092"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE CIMPICITY versions 2022 and prior is vulnerable to an out-of-bounds write, which could allow an attacker to execute arbitrary code. GE CIMPLICITY",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3092"
},
{
"db": "VULMON",
"id": "CVE-2022-3092"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-22-326-04",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2022-3092",
"trust": 1.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.6117",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3432",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-3092",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-3092"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3432"
},
{
"db": "NVD",
"id": "CVE-2022-3092"
}
]
},
"id": "VAR-202211-1445",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.47142857
},
"last_update_date": "2022-12-13T00:38:58.505000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GE CIMPLICITY HMI/SCADA Software Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=216962"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3432"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3092"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6117"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-3092/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-3092"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3432"
},
{
"db": "NVD",
"id": "CVE-2022-3092"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-3092"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3432"
},
{
"db": "NVD",
"id": "CVE-2022-3092"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3432"
},
{
"date": "2022-12-08T00:15:00",
"db": "NVD",
"id": "CVE-2022-3092"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3432"
},
{
"date": "2022-12-09T20:22:00",
"db": "NVD",
"id": "CVE-2022-3092"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3432"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE CIMPLICITY HMI/SCADA Software Buffer error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3432"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3432"
}
],
"trust": 0.6
}
}
VAR-202211-1448
Vulnerability from variot - Updated: 2022-12-13 00:38GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary code. GE CIMPLICITY
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202211-1448",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cimplicity",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "2022"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3084"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2022",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3084"
}
]
},
"cve": "CVE-2022-3084",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-3084",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-3084",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202211-3427",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3427"
},
{
"db": "NVD",
"id": "CVE-2022-3084"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary code. GE CIMPLICITY",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3084"
},
{
"db": "VULMON",
"id": "CVE-2022-3084"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-22-326-04",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2022-3084",
"trust": 1.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.6117",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3427",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-3084",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-3084"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3427"
},
{
"db": "NVD",
"id": "CVE-2022-3084"
}
]
},
"id": "VAR-202211-1448",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.47142857
},
"last_update_date": "2022-12-13T00:38:58.578000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GE CIMPLICITY HMI/SCADA Software Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=216961"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3427"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-824",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-3084"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-3084/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6117"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-3084"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3427"
},
{
"db": "NVD",
"id": "CVE-2022-3084"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-3084"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3427"
},
{
"db": "NVD",
"id": "CVE-2022-3084"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3427"
},
{
"date": "2022-12-08T00:15:00",
"db": "NVD",
"id": "CVE-2022-3084"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3427"
},
{
"date": "2022-12-09T20:52:00",
"db": "NVD",
"id": "CVE-2022-3084"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3427"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE CIMPLICITY HMI/SCADA Software Buffer error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3427"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3427"
}
],
"trust": 0.6
}
}
VAR-202206-1431
Vulnerability from variot - Updated: 2022-12-13 00:38GE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. AutomationDirect DirectLOGIC with Ethernet
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-1431",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cimplicity",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "2022"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2002"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2022",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2002"
}
]
},
"cve": "CVE-2022-2002",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-2002",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-2002",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-1733",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1733"
},
{
"db": "NVD",
"id": "CVE-2022-2002"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. AutomationDirect DirectLOGIC with Ethernet",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2002"
},
{
"db": "VULMON",
"id": "CVE-2022-2002"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2002",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-22-326-04",
"trust": 1.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6117",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2993",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1733",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-167-03",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-2002",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-2002"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1733"
},
{
"db": "NVD",
"id": "CVE-2022-2002"
}
]
},
"id": "VAR-202206-1431",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.47142857
},
"last_update_date": "2022-12-13T00:38:58.542000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AutomationDirect DirectLOGIC Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=216691"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1733"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-822",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2002"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2002/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2002"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2993"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6117"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-03"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-2002"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1733"
},
{
"db": "NVD",
"id": "CVE-2022-2002"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-2002"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-1733"
},
{
"db": "NVD",
"id": "CVE-2022-2002"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-1733"
},
{
"date": "2022-12-07T23:15:00",
"db": "NVD",
"id": "CVE-2022-2002"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-1733"
},
{
"date": "2022-12-09T20:52:00",
"db": "NVD",
"id": "CVE-2022-2002"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1733"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AutomationDirect DirectLOGIC Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1733"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-1733"
}
],
"trust": 0.6
}
}
FKIE_CVE-2023-4487
Vulnerability from fkie_nvd - Published: 2023-09-05 23:15 - Updated: 2024-11-21 08:35
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Privilege-Escalation-Vulnerability | Permissions Required | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Privilege-Escalation-Vulnerability | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-02 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ge | cimplicity | 2023 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ge:cimplicity:2023:-:*:*:*:*:*:*",
"matchCriteriaId": "37C6BB3C-2412-484D-9B4B-7E10E53EC092",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nGE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software.\n\n"
},
{
"lang": "es",
"value": "GE CIMPLICITY 2023 contiene una vulnerabilidad de control de procesos, que podr\u00eda permitir a un atacante local insertar archivos de configuraci\u00f3n maliciosos en la ruta de ejecuci\u00f3n esperada del servidor web para escalar privilegios y obtener el control total del software HMI. "
}
],
"id": "CVE-2023-4487",
"lastModified": "2024-11-21T08:35:16.153",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-05T23:15:08.177",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Permissions Required"
],
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Privilege-Escalation-Vulnerability"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Privilege-Escalation-Vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-114"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-3463
Vulnerability from fkie_nvd - Published: 2023-07-19 14:15 - Updated: 2024-11-21 08:17
Severity ?
6.6 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer overflows, uninitialized pointers, and a heap-based buffer overflow. Successful exploitation could allow an attacker to execute arbitrary code.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-06 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-06 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ge | cimplicity | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6B27EAE-B866-41DA-A43F-03C218C6E800",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nAll versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer overflows, uninitialized pointers, and a heap-based buffer overflow. Successful exploitation could allow an attacker to execute arbitrary code.\n\n"
}
],
"id": "CVE-2023-3463",
"lastModified": "2024-11-21T08:17:19.300",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.7,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-19T14:15:10.620",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-06"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-3092
Vulnerability from fkie_nvd - Published: 2022-12-08 00:15 - Updated: 2024-11-21 07:18
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
GE CIMPICITY versions 2022 and prior is
vulnerable to an out-of-bounds write, which could allow an attacker to execute arbitrary code.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ge | cimplicity | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52563130-3092-4815-97A4-D6E95961DD7F",
"versionEndIncluding": "2022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GE CIMPICITY versions 2022 and prior is \n\n\n\n\n\nvulnerable to an out-of-bounds write, which could allow an attacker to execute arbitrary code. \n\n \n\n \n\n \n\n"
},
{
"lang": "es",
"value": "Las versiones 2022 y anteriores de GE CIMPICITY son vulnerables a una escritura fuera de los l\u00edmites, lo que podr\u00eda permitir a un atacante ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2022-3092",
"lastModified": "2024-11-21T07:18:48.617",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-08T00:15:10.453",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-3084
Vulnerability from fkie_nvd - Published: 2022-12-08 00:15 - Updated: 2024-11-21 07:18
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary code.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ge | cimplicity | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52563130-3092-4815-97A4-D6E95961DD7F",
"versionEndIncluding": "2022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary code. \n\n"
},
{
"lang": "es",
"value": "GE CIMPICITY versiones 2022 y anteriores es vulnerable cuando los datos de una direcci\u00f3n defectuosa controlan el flujo de c\u00f3digo a partir de gmmiObj!CGmmiRootOptionTable, lo que podr\u00eda permitir a un atacante ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2022-3084",
"lastModified": "2024-11-21T07:18:47.383",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-08T00:15:09.973",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-824"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-2952
Vulnerability from fkie_nvd - Published: 2022-12-07 23:15 - Updated: 2024-11-21 07:01
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
GE CIMPICITY versions 2022 and prior is
vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ge | cimplicity | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52563130-3092-4815-97A4-D6E95961DD7F",
"versionEndIncluding": "2022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GE CIMPICITY versions 2022 and prior is \n\nvulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.\n\n \n\n"
},
{
"lang": "es",
"value": "GE CIMPICITY versiones 2022 y anteriores es vulnerable cuando los datos de una direcci\u00f3n defectuosa controlan el flujo de c\u00f3digo a partir de gmmiObj!CGmmiOptionContainer, lo que podr\u00eda permitir a un atacante ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2022-2952",
"lastModified": "2024-11-21T07:01:58.813",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-07T23:15:10.003",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-824"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-2948
Vulnerability from fkie_nvd - Published: 2022-12-07 23:15 - Updated: 2024-11-21 07:01
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
GE CIMPICITY versions 2022 and prior is
vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ge | cimplicity | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52563130-3092-4815-97A4-D6E95961DD7F",
"versionEndIncluding": "2022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GE CIMPICITY versions 2022 and prior is \n\nvulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code. \n\n \n\n"
},
{
"lang": "es",
"value": "Las versiones 2022 y anteriores de GE CIMPICITY son vulnerables a un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico, lo que podr\u00eda permitir a un atacante ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2022-2948",
"lastModified": "2024-11-21T07:01:58.340",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-07T23:15:09.930",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-2002
Vulnerability from fkie_nvd - Published: 2022-12-07 23:15 - Updated: 2024-11-21 07:00
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
GE CIMPICITY versions 2022 and prior is
vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ge | cimplicity | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52563130-3092-4815-97A4-D6E95961DD7F",
"versionEndIncluding": "2022",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GE CIMPICITY versions 2022 and prior is \n\n\n\nvulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. \n\n \n\n \n\n"
},
{
"lang": "es",
"value": "GE CIMPICITY versiones 2022 y anteriores es vulnerable cuando los datos de la direcci\u00f3n defectuosa controlan el flujo de c\u00f3digo que comienza en gmmiObj!CGmmiOptionContainer, lo que podr\u00eda permitir a un atacante ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2022-2002",
"lastModified": "2024-11-21T07:00:09.353",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-07T23:15:09.850",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-822"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
CVE-2023-4487 (GCVE-0-2023-4487)
Vulnerability from cvelistv5 – Published: 2023-09-05 22:55 – Updated: 2025-01-16 21:30
VLAI?
Summary
GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software.
Severity ?
7.8 (High)
CWE
- CWE-114 - Process Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GE Digital | CIMPLICITY |
Affected:
2023
|
Credits
Michael Heinzl reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:05.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-02"
},
{
"tags": [
"x_transferred"
],
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Privilege-Escalation-Vulnerability"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4487",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:20:27.625218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:30:31.371Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CIMPLICITY",
"vendor": "GE Digital",
"versions": [
{
"status": "affected",
"version": "2023"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "\u200bMichael Heinzl reported this vulnerability to CISA."
}
],
"datePublic": "2023-08-31T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eGE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software.\u003c/span\u003e\n\n"
}
],
"value": "\nGE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-114",
"description": "CWE-114 Process Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T22:55:45.047Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-02"
},
{
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Privilege-Escalation-Vulnerability"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003e\u200bGE Digital recommends users apply the following mitigations:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u200bUpdate CIMPLICITY to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/s/article/CIMPLICITY-2023-SIM-1?language=en_US\"\u003ev2023 SIM 1\u003c/a\u003e\u0026nbsp;(login is required)\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u200bPlease refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Privilege-Escalation-Vulnerability\"\u003eGE Digital\u2019s security bulletin\u003c/a\u003e\u0026nbsp;(login is required) for more information.\u003c/p\u003e"
}
],
"value": "\n\u200bGE Digital recommends users apply the following mitigations:\n\n * \u200bUpdate CIMPLICITY to v2023 SIM 1 https://digitalsupport.ge.com/s/article/CIMPLICITY-2023-SIM-1 \u00a0(login is required)\n\n\n\n\n\u200bPlease refer to GE Digital\u2019s security bulletin https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Privilege-Escalation-Vulnerability \u00a0(login is required) for more information.\n\n"
}
],
"source": {
"advisory": "\u200b\u200bICSA-23-243-02",
"discovery": "EXTERNAL"
},
"title": "GE Digital CIMPLICITY Process Control",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-4487",
"datePublished": "2023-09-05T22:55:45.047Z",
"dateReserved": "2023-08-22T20:32:42.621Z",
"dateUpdated": "2025-01-16T21:30:31.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3463 (GCVE-0-2023-3463)
Vulnerability from cvelistv5 – Published: 2023-07-19 13:40 – Updated: 2024-10-21 18:16
VLAI?
Summary
All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer overflows, uninitialized pointers, and a heap-based buffer overflow. Successful exploitation could allow an attacker to execute arbitrary code.
Severity ?
6.6 (Medium)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GE Digital | CIMPLICITY |
Affected:
All
|
Credits
Michael Heinzl reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3463",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T18:12:15.698997Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T18:16:08.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CIMPLICITY",
"vendor": "GE Digital",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Michael Heinzl reported this vulnerability to CISA."
}
],
"datePublic": "2023-07-18T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAll versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer overflows, uninitialized pointers, and a heap-based buffer overflow. Successful exploitation could allow an attacker to execute arbitrary code.\u003c/span\u003e\n\n"
}
],
"value": "\nAll versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer overflows, uninitialized pointers, and a heap-based buffer overflow. Successful exploitation could allow an attacker to execute arbitrary code.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-19T13:40:22.326Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-06"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eTo obtain the latest versions of GE CIMPLICITY, contact your local GE Digital representative at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/s/contactsupport\"\u003ehttps://digitalsupport.ge.com/s/contactsupport\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eExploit is only possible if an authenticated user with local access to the system obtains and opens a document from a malicious source so secure deployment and strong access management by users is essential. GE Digital and customers have a shared responsibility for security and users are required to adhere to the most recent \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/s/article/CIMPLICITY-Secure-Deployment-Guide2?language=en_US\"\u003eSecure Deployment Guide (SDG) instructions\u003c/a\u003e.\u003c/p\u003e\u003cp\u003ePlease refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Memory-Corruption-Vulnerability\"\u003eGE Digital\u2019s security bulletin\u003c/a\u003e\u0026nbsp;for more information.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nTo obtain the latest versions of GE CIMPLICITY, contact your local GE Digital representative at https://digitalsupport.ge.com/s/contactsupport https://digitalsupport.ge.com/s/contactsupport .\n\nExploit is only possible if an authenticated user with local access to the system obtains and opens a document from a malicious source so secure deployment and strong access management by users is essential. GE Digital and customers have a shared responsibility for security and users are required to adhere to the most recent Secure Deployment Guide (SDG) instructions https://digitalsupport.ge.com/s/article/CIMPLICITY-Secure-Deployment-Guide2 .\n\nPlease refer to GE Digital\u2019s security bulletin https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Memory-Corruption-Vulnerability \u00a0for more information.\n\n\n\n\n"
}
],
"source": {
"advisory": "ICSA-23-199-06",
"discovery": "EXTERNAL"
},
"title": "GE Digital CIMPLICITY Heap-based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-3463",
"datePublished": "2023-07-19T13:40:22.326Z",
"dateReserved": "2023-06-29T19:23:17.313Z",
"dateUpdated": "2024-10-21T18:16:08.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3092 (GCVE-0-2022-3092)
Vulnerability from cvelistv5 – Published: 2022-12-07 23:01 – Updated: 2025-04-16 17:40
VLAI?
Summary
GE CIMPICITY versions 2022 and prior is
vulnerable to an out-of-bounds write, which could allow an attacker to execute arbitrary code.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GE | CIMPLICITY |
Affected:
0 , ≤ v2022
(custom)
|
Credits
Kimiya working with Trend micro Zero Day Initiative reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:09.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3092",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:25:35.683235Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:40:47.032Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CIMPLICITY",
"vendor": "GE",
"versions": [
{
"lessThanOrEqual": "v2022",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "coordinator",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Kimiya working with Trend micro Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-11-22T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eGE CIMPICITY versions 2022 and prior is \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evulnerable to an out-of-bounds write, which could allow an attacker to execute arbitrary code. \u003c/span\u003e\n\n \u003c/span\u003e\n\n \u003c/span\u003e\n\n \u003c/span\u003e\n\n"
}
],
"value": "GE CIMPICITY versions 2022 and prior is \n\n\n\n\n\nvulnerable to an out-of-bounds write, which could allow an attacker to execute arbitrary code. \n\n \n\n \n\n \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T23:01:34.391Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eGE recommends users refer to the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/en_US/Documentation/CIMPLICITY-Secure-Deployment-Guide2\"\u003eCIMPLICITY Secure Deployment Guide\u003c/a\u003e\u0026nbsp;(login required) for mitigations to the reported vulnerabilities. Specific sections to reference include Section 3.5 Projects and Section 4.2 CimView. \u003c/p\u003e\u003cp\u003eFor more information about this issue, see the GE Digital Product \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-22-06\"\u003eSecurity Advisory\u003c/a\u003e\u0026nbsp;(login required). \u003c/p\u003e\u003cp\u003eFor further questions, users should contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/CC_Contact\"\u003eGE\u003c/a\u003e. \u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nGE recommends users refer to the CIMPLICITY Secure Deployment Guide https://digitalsupport.ge.com/communities/en_US/Documentation/CIMPLICITY-Secure-Deployment-Guide2 \u00a0(login required) for mitigations to the reported vulnerabilities. Specific sections to reference include Section 3.5 Projects and Section 4.2 CimView. \n\nFor more information about this issue, see the GE Digital Product Security Advisory https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-22-06 \u00a0(login required). \n\nFor further questions, users should contact GE https://digitalsupport.ge.com/communities/CC_Contact . \n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GE CIMPLICITY Out-of-bounds Write",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-3092",
"datePublished": "2022-12-07T23:01:34.391Z",
"dateReserved": "2022-09-01T19:32:53.105Z",
"dateUpdated": "2025-04-16T17:40:47.032Z",
"requesterUserId": "548e5310-2409-4eaf-9220-2910d23bb95a",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3084 (GCVE-0-2022-3084)
Vulnerability from cvelistv5 – Published: 2022-12-07 23:00 – Updated: 2025-04-16 17:41
VLAI?
Summary
GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary code.
Severity ?
7.8 (High)
CWE
- CWE-824 - Access of Uninitialized Pointer
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GE | CIMPLICITY |
Affected:
0 , ≤ v2022
(custom)
|
Credits
Kimiya working with Trend micro Zero Day Initiative reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:09.782Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3084",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:25:38.328932Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:41:02.767Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CIMPLICITY",
"vendor": "GE",
"versions": [
{
"lessThanOrEqual": "v2022",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "coordinator",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Kimiya working with Trend micro Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-11-22T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eGE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary code. \u003c/span\u003e\n\n"
}
],
"value": "GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary code. \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824 Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T23:00:22.514Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eGE recommends users refer to the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/en_US/Documentation/CIMPLICITY-Secure-Deployment-Guide2\"\u003eCIMPLICITY Secure Deployment Guide\u003c/a\u003e\u0026nbsp;(login required) for mitigations to the reported vulnerabilities. Specific sections to reference include Section 3.5 Projects and Section 4.2 CimView. \u003c/p\u003e\u003cp\u003eFor more information about this issue, see the GE Digital Product \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-22-06\"\u003eSecurity Advisory\u003c/a\u003e\u0026nbsp;(login required). \u003c/p\u003e\u003cp\u003eFor further questions, users should contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/CC_Contact\"\u003eGE\u003c/a\u003e. \u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nGE recommends users refer to the CIMPLICITY Secure Deployment Guide https://digitalsupport.ge.com/communities/en_US/Documentation/CIMPLICITY-Secure-Deployment-Guide2 \u00a0(login required) for mitigations to the reported vulnerabilities. Specific sections to reference include Section 3.5 Projects and Section 4.2 CimView. \n\nFor more information about this issue, see the GE Digital Product Security Advisory https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-22-06 \u00a0(login required). \n\nFor further questions, users should contact GE https://digitalsupport.ge.com/communities/CC_Contact . \n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GE CIMPLICITY Access of Uninitialized Pointer",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-3084",
"datePublished": "2022-12-07T23:00:22.514Z",
"dateReserved": "2022-09-01T18:49:08.745Z",
"dateUpdated": "2025-04-16T17:41:02.767Z",
"requesterUserId": "548e5310-2409-4eaf-9220-2910d23bb95a",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2952 (GCVE-0-2022-2952)
Vulnerability from cvelistv5 – Published: 2022-12-07 22:59 – Updated: 2025-04-16 17:41
VLAI?
Summary
GE CIMPICITY versions 2022 and prior is
vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.
Severity ?
7.8 (High)
CWE
- CWE-824 - Access of Uninitialized Pointer
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GE | CIMPLICITY |
Affected:
0 , ≤ v2022
(custom)
|
Credits
Kimiya working with Trend micro Zero Day Initiative reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2952",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:25:40.998399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:41:18.679Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CIMPLICITY",
"vendor": "GE",
"versions": [
{
"lessThanOrEqual": "v2022",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "coordinator",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Kimiya working with Trend micro Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-11-22T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eGE CIMPICITY versions 2022 and prior is \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.\u003c/span\u003e\n\n \u003c/span\u003e\n\n"
}
],
"value": "GE CIMPICITY versions 2022 and prior is \n\nvulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.\n\n \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824 Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T22:59:10.715Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eGE recommends users refer to the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/en_US/Documentation/CIMPLICITY-Secure-Deployment-Guide2\"\u003eCIMPLICITY Secure Deployment Guide\u003c/a\u003e\u0026nbsp;(login required) for mitigations to the reported vulnerabilities. Specific sections to reference include Section 3.5 Projects and Section 4.2 CimView. \u003c/p\u003e\u003cp\u003eFor more information about this issue, see the GE Digital Product \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-22-06\"\u003eSecurity Advisory\u003c/a\u003e\u0026nbsp;(login required). \u003c/p\u003e\u003cp\u003eFor further questions, users should contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/CC_Contact\"\u003eGE\u003c/a\u003e. \u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nGE recommends users refer to the CIMPLICITY Secure Deployment Guide https://digitalsupport.ge.com/communities/en_US/Documentation/CIMPLICITY-Secure-Deployment-Guide2 \u00a0(login required) for mitigations to the reported vulnerabilities. Specific sections to reference include Section 3.5 Projects and Section 4.2 CimView. \n\nFor more information about this issue, see the GE Digital Product Security Advisory https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-22-06 \u00a0(login required). \n\nFor further questions, users should contact GE https://digitalsupport.ge.com/communities/CC_Contact . \n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GE CIMPLICITY Access of Uninitialized Pointer",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2952",
"datePublished": "2022-12-07T22:59:10.715Z",
"dateReserved": "2022-08-22T19:31:51.879Z",
"dateUpdated": "2025-04-16T17:41:18.679Z",
"requesterUserId": "548e5310-2409-4eaf-9220-2910d23bb95a",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2948 (GCVE-0-2022-2948)
Vulnerability from cvelistv5 – Published: 2022-12-07 22:58 – Updated: 2025-04-16 17:41
VLAI?
Summary
GE CIMPICITY versions 2022 and prior is
vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code.
Severity ?
7.8 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GE | CIMPLICITY |
Affected:
0 , ≤ v2022
(custom)
|
Credits
Kimiya working with Trend micro Zero Day Initiative reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:53:00.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2948",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:25:43.607131Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:41:36.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CIMPLICITY",
"vendor": "GE",
"versions": [
{
"lessThanOrEqual": "v2022",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "coordinator",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Kimiya working with Trend micro Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-11-22T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eGE CIMPICITY versions 2022 and prior is \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code. \u003c/span\u003e\n\n \u003c/span\u003e\n\n"
}
],
"value": "GE CIMPICITY versions 2022 and prior is \n\nvulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code. \n\n \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T22:58:15.094Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eGE recommends users refer to the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/en_US/Documentation/CIMPLICITY-Secure-Deployment-Guide2\"\u003eCIMPLICITY Secure Deployment Guide\u003c/a\u003e\u0026nbsp;(login required) for mitigations to the reported vulnerabilities. Specific sections to reference include Section 3.5 Projects and Section 4.2 CimView. \u003c/p\u003e\u003cp\u003eFor more information about this issue, see the GE Digital Product \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-22-06\"\u003eSecurity Advisory\u003c/a\u003e\u0026nbsp;(login required). \u003c/p\u003e\u003cp\u003eFor further questions, users should contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/CC_Contact\"\u003eGE\u003c/a\u003e. \u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nGE recommends users refer to the CIMPLICITY Secure Deployment Guide https://digitalsupport.ge.com/communities/en_US/Documentation/CIMPLICITY-Secure-Deployment-Guide2 \u00a0(login required) for mitigations to the reported vulnerabilities. Specific sections to reference include Section 3.5 Projects and Section 4.2 CimView. \n\nFor more information about this issue, see the GE Digital Product Security Advisory https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-22-06 \u00a0(login required). \n\nFor further questions, users should contact GE https://digitalsupport.ge.com/communities/CC_Contact . \n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GE CIMPLICITY Heap-based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2948",
"datePublished": "2022-12-07T22:58:15.094Z",
"dateReserved": "2022-08-22T19:29:24.599Z",
"dateUpdated": "2025-04-16T17:41:36.455Z",
"requesterUserId": "548e5310-2409-4eaf-9220-2910d23bb95a",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2002 (GCVE-0-2022-2002)
Vulnerability from cvelistv5 – Published: 2022-12-07 22:56 – Updated: 2025-04-16 17:41
VLAI?
Summary
GE CIMPICITY versions 2022 and prior is
vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.
Severity ?
7.8 (High)
CWE
- CWE-822 - Untrusted Pointer Dereference
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GE | CIMPLICITY |
Affected:
0 , ≤ v2022
(custom)
|
Credits
Kimiya working with Trend micro Zero Day Initiative reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2002",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:25:46.272621Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:41:56.274Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CIMPLICITY",
"vendor": "GE",
"versions": [
{
"lessThanOrEqual": "v2022",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "coordinator",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Kimiya working with Trend micro Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-11-22T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eGE CIMPICITY versions 2022 and prior is \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. \u003c/span\u003e\n\n \u003c/span\u003e\n\n \u003c/span\u003e\n\n"
}
],
"value": "GE CIMPICITY versions 2022 and prior is \n\n\n\nvulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. \n\n \n\n \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-822",
"description": "CWE-822 Untrusted Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T22:56:50.504Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eGE recommends users refer to the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/en_US/Documentation/CIMPLICITY-Secure-Deployment-Guide2\"\u003eCIMPLICITY Secure Deployment Guide\u003c/a\u003e\u0026nbsp;(login required) for mitigations to the reported vulnerabilities. Specific sections to reference include Section 3.5 Projects and Section 4.2 CimView. \u003c/p\u003e\u003cp\u003eFor more information about this issue, see the GE Digital Product \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-22-06\"\u003eSecurity Advisory\u003c/a\u003e\u0026nbsp;(login required). \u003c/p\u003e\u003cp\u003eFor further questions, users should contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/CC_Contact\"\u003eGE\u003c/a\u003e. \u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nGE recommends users refer to the CIMPLICITY Secure Deployment Guide https://digitalsupport.ge.com/communities/en_US/Documentation/CIMPLICITY-Secure-Deployment-Guide2 \u00a0(login required) for mitigations to the reported vulnerabilities. Specific sections to reference include Section 3.5 Projects and Section 4.2 CimView. \n\nFor more information about this issue, see the GE Digital Product Security Advisory https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-22-06 \u00a0(login required). \n\nFor further questions, users should contact GE https://digitalsupport.ge.com/communities/CC_Contact . \n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GE CIMPLICITY Untrusted Pointer Dereference",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2002",
"datePublished": "2022-12-07T22:56:50.504Z",
"dateReserved": "2022-06-06T20:28:22.383Z",
"dateUpdated": "2025-04-16T17:41:56.274Z",
"requesterUserId": "548e5310-2409-4eaf-9220-2910d23bb95a",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4487 (GCVE-0-2023-4487)
Vulnerability from nvd – Published: 2023-09-05 22:55 – Updated: 2025-01-16 21:30
VLAI?
Summary
GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software.
Severity ?
7.8 (High)
CWE
- CWE-114 - Process Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GE Digital | CIMPLICITY |
Affected:
2023
|
Credits
Michael Heinzl reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:05.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-02"
},
{
"tags": [
"x_transferred"
],
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Privilege-Escalation-Vulnerability"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4487",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:20:27.625218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:30:31.371Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CIMPLICITY",
"vendor": "GE Digital",
"versions": [
{
"status": "affected",
"version": "2023"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "\u200bMichael Heinzl reported this vulnerability to CISA."
}
],
"datePublic": "2023-08-31T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eGE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software.\u003c/span\u003e\n\n"
}
],
"value": "\nGE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-114",
"description": "CWE-114 Process Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T22:55:45.047Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-02"
},
{
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Privilege-Escalation-Vulnerability"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003e\u200bGE Digital recommends users apply the following mitigations:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u200bUpdate CIMPLICITY to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/s/article/CIMPLICITY-2023-SIM-1?language=en_US\"\u003ev2023 SIM 1\u003c/a\u003e\u0026nbsp;(login is required)\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u200bPlease refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Privilege-Escalation-Vulnerability\"\u003eGE Digital\u2019s security bulletin\u003c/a\u003e\u0026nbsp;(login is required) for more information.\u003c/p\u003e"
}
],
"value": "\n\u200bGE Digital recommends users apply the following mitigations:\n\n * \u200bUpdate CIMPLICITY to v2023 SIM 1 https://digitalsupport.ge.com/s/article/CIMPLICITY-2023-SIM-1 \u00a0(login is required)\n\n\n\n\n\u200bPlease refer to GE Digital\u2019s security bulletin https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Privilege-Escalation-Vulnerability \u00a0(login is required) for more information.\n\n"
}
],
"source": {
"advisory": "\u200b\u200bICSA-23-243-02",
"discovery": "EXTERNAL"
},
"title": "GE Digital CIMPLICITY Process Control",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-4487",
"datePublished": "2023-09-05T22:55:45.047Z",
"dateReserved": "2023-08-22T20:32:42.621Z",
"dateUpdated": "2025-01-16T21:30:31.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3463 (GCVE-0-2023-3463)
Vulnerability from nvd – Published: 2023-07-19 13:40 – Updated: 2024-10-21 18:16
VLAI?
Summary
All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer overflows, uninitialized pointers, and a heap-based buffer overflow. Successful exploitation could allow an attacker to execute arbitrary code.
Severity ?
6.6 (Medium)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GE Digital | CIMPLICITY |
Affected:
All
|
Credits
Michael Heinzl reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-06"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3463",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T18:12:15.698997Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T18:16:08.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CIMPLICITY",
"vendor": "GE Digital",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Michael Heinzl reported this vulnerability to CISA."
}
],
"datePublic": "2023-07-18T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAll versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer overflows, uninitialized pointers, and a heap-based buffer overflow. Successful exploitation could allow an attacker to execute arbitrary code.\u003c/span\u003e\n\n"
}
],
"value": "\nAll versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer overflows, uninitialized pointers, and a heap-based buffer overflow. Successful exploitation could allow an attacker to execute arbitrary code.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-19T13:40:22.326Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-06"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eTo obtain the latest versions of GE CIMPLICITY, contact your local GE Digital representative at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/s/contactsupport\"\u003ehttps://digitalsupport.ge.com/s/contactsupport\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eExploit is only possible if an authenticated user with local access to the system obtains and opens a document from a malicious source so secure deployment and strong access management by users is essential. GE Digital and customers have a shared responsibility for security and users are required to adhere to the most recent \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/s/article/CIMPLICITY-Secure-Deployment-Guide2?language=en_US\"\u003eSecure Deployment Guide (SDG) instructions\u003c/a\u003e.\u003c/p\u003e\u003cp\u003ePlease refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Memory-Corruption-Vulnerability\"\u003eGE Digital\u2019s security bulletin\u003c/a\u003e\u0026nbsp;for more information.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nTo obtain the latest versions of GE CIMPLICITY, contact your local GE Digital representative at https://digitalsupport.ge.com/s/contactsupport https://digitalsupport.ge.com/s/contactsupport .\n\nExploit is only possible if an authenticated user with local access to the system obtains and opens a document from a malicious source so secure deployment and strong access management by users is essential. GE Digital and customers have a shared responsibility for security and users are required to adhere to the most recent Secure Deployment Guide (SDG) instructions https://digitalsupport.ge.com/s/article/CIMPLICITY-Secure-Deployment-Guide2 .\n\nPlease refer to GE Digital\u2019s security bulletin https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Memory-Corruption-Vulnerability \u00a0for more information.\n\n\n\n\n"
}
],
"source": {
"advisory": "ICSA-23-199-06",
"discovery": "EXTERNAL"
},
"title": "GE Digital CIMPLICITY Heap-based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-3463",
"datePublished": "2023-07-19T13:40:22.326Z",
"dateReserved": "2023-06-29T19:23:17.313Z",
"dateUpdated": "2024-10-21T18:16:08.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3092 (GCVE-0-2022-3092)
Vulnerability from nvd – Published: 2022-12-07 23:01 – Updated: 2025-04-16 17:40
VLAI?
Summary
GE CIMPICITY versions 2022 and prior is
vulnerable to an out-of-bounds write, which could allow an attacker to execute arbitrary code.
Severity ?
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GE | CIMPLICITY |
Affected:
0 , ≤ v2022
(custom)
|
Credits
Kimiya working with Trend micro Zero Day Initiative reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:09.769Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3092",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:25:35.683235Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:40:47.032Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CIMPLICITY",
"vendor": "GE",
"versions": [
{
"lessThanOrEqual": "v2022",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "coordinator",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Kimiya working with Trend micro Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-11-22T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eGE CIMPICITY versions 2022 and prior is \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evulnerable to an out-of-bounds write, which could allow an attacker to execute arbitrary code. \u003c/span\u003e\n\n \u003c/span\u003e\n\n \u003c/span\u003e\n\n \u003c/span\u003e\n\n"
}
],
"value": "GE CIMPICITY versions 2022 and prior is \n\n\n\n\n\nvulnerable to an out-of-bounds write, which could allow an attacker to execute arbitrary code. \n\n \n\n \n\n \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T23:01:34.391Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eGE recommends users refer to the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/en_US/Documentation/CIMPLICITY-Secure-Deployment-Guide2\"\u003eCIMPLICITY Secure Deployment Guide\u003c/a\u003e\u0026nbsp;(login required) for mitigations to the reported vulnerabilities. Specific sections to reference include Section 3.5 Projects and Section 4.2 CimView. \u003c/p\u003e\u003cp\u003eFor more information about this issue, see the GE Digital Product \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-22-06\"\u003eSecurity Advisory\u003c/a\u003e\u0026nbsp;(login required). \u003c/p\u003e\u003cp\u003eFor further questions, users should contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/CC_Contact\"\u003eGE\u003c/a\u003e. \u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nGE recommends users refer to the CIMPLICITY Secure Deployment Guide https://digitalsupport.ge.com/communities/en_US/Documentation/CIMPLICITY-Secure-Deployment-Guide2 \u00a0(login required) for mitigations to the reported vulnerabilities. Specific sections to reference include Section 3.5 Projects and Section 4.2 CimView. \n\nFor more information about this issue, see the GE Digital Product Security Advisory https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-22-06 \u00a0(login required). \n\nFor further questions, users should contact GE https://digitalsupport.ge.com/communities/CC_Contact . \n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GE CIMPLICITY Out-of-bounds Write",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-3092",
"datePublished": "2022-12-07T23:01:34.391Z",
"dateReserved": "2022-09-01T19:32:53.105Z",
"dateUpdated": "2025-04-16T17:40:47.032Z",
"requesterUserId": "548e5310-2409-4eaf-9220-2910d23bb95a",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3084 (GCVE-0-2022-3084)
Vulnerability from nvd – Published: 2022-12-07 23:00 – Updated: 2025-04-16 17:41
VLAI?
Summary
GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary code.
Severity ?
7.8 (High)
CWE
- CWE-824 - Access of Uninitialized Pointer
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GE | CIMPLICITY |
Affected:
0 , ≤ v2022
(custom)
|
Credits
Kimiya working with Trend micro Zero Day Initiative reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:09.782Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3084",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:25:38.328932Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:41:02.767Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CIMPLICITY",
"vendor": "GE",
"versions": [
{
"lessThanOrEqual": "v2022",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "coordinator",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Kimiya working with Trend micro Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-11-22T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eGE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary code. \u003c/span\u003e\n\n"
}
],
"value": "GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary code. \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824 Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T23:00:22.514Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eGE recommends users refer to the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/en_US/Documentation/CIMPLICITY-Secure-Deployment-Guide2\"\u003eCIMPLICITY Secure Deployment Guide\u003c/a\u003e\u0026nbsp;(login required) for mitigations to the reported vulnerabilities. Specific sections to reference include Section 3.5 Projects and Section 4.2 CimView. \u003c/p\u003e\u003cp\u003eFor more information about this issue, see the GE Digital Product \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-22-06\"\u003eSecurity Advisory\u003c/a\u003e\u0026nbsp;(login required). \u003c/p\u003e\u003cp\u003eFor further questions, users should contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/CC_Contact\"\u003eGE\u003c/a\u003e. \u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nGE recommends users refer to the CIMPLICITY Secure Deployment Guide https://digitalsupport.ge.com/communities/en_US/Documentation/CIMPLICITY-Secure-Deployment-Guide2 \u00a0(login required) for mitigations to the reported vulnerabilities. Specific sections to reference include Section 3.5 Projects and Section 4.2 CimView. \n\nFor more information about this issue, see the GE Digital Product Security Advisory https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-22-06 \u00a0(login required). \n\nFor further questions, users should contact GE https://digitalsupport.ge.com/communities/CC_Contact . \n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GE CIMPLICITY Access of Uninitialized Pointer",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-3084",
"datePublished": "2022-12-07T23:00:22.514Z",
"dateReserved": "2022-09-01T18:49:08.745Z",
"dateUpdated": "2025-04-16T17:41:02.767Z",
"requesterUserId": "548e5310-2409-4eaf-9220-2910d23bb95a",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2952 (GCVE-0-2022-2952)
Vulnerability from nvd – Published: 2022-12-07 22:59 – Updated: 2025-04-16 17:41
VLAI?
Summary
GE CIMPICITY versions 2022 and prior is
vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.
Severity ?
7.8 (High)
CWE
- CWE-824 - Access of Uninitialized Pointer
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GE | CIMPLICITY |
Affected:
0 , ≤ v2022
(custom)
|
Credits
Kimiya working with Trend micro Zero Day Initiative reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2952",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:25:40.998399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:41:18.679Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CIMPLICITY",
"vendor": "GE",
"versions": [
{
"lessThanOrEqual": "v2022",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "coordinator",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Kimiya working with Trend micro Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-11-22T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eGE CIMPICITY versions 2022 and prior is \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.\u003c/span\u003e\n\n \u003c/span\u003e\n\n"
}
],
"value": "GE CIMPICITY versions 2022 and prior is \n\nvulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.\n\n \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824 Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T22:59:10.715Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eGE recommends users refer to the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/en_US/Documentation/CIMPLICITY-Secure-Deployment-Guide2\"\u003eCIMPLICITY Secure Deployment Guide\u003c/a\u003e\u0026nbsp;(login required) for mitigations to the reported vulnerabilities. Specific sections to reference include Section 3.5 Projects and Section 4.2 CimView. \u003c/p\u003e\u003cp\u003eFor more information about this issue, see the GE Digital Product \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-22-06\"\u003eSecurity Advisory\u003c/a\u003e\u0026nbsp;(login required). \u003c/p\u003e\u003cp\u003eFor further questions, users should contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/CC_Contact\"\u003eGE\u003c/a\u003e. \u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nGE recommends users refer to the CIMPLICITY Secure Deployment Guide https://digitalsupport.ge.com/communities/en_US/Documentation/CIMPLICITY-Secure-Deployment-Guide2 \u00a0(login required) for mitigations to the reported vulnerabilities. Specific sections to reference include Section 3.5 Projects and Section 4.2 CimView. \n\nFor more information about this issue, see the GE Digital Product Security Advisory https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-22-06 \u00a0(login required). \n\nFor further questions, users should contact GE https://digitalsupport.ge.com/communities/CC_Contact . \n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GE CIMPLICITY Access of Uninitialized Pointer",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2952",
"datePublished": "2022-12-07T22:59:10.715Z",
"dateReserved": "2022-08-22T19:31:51.879Z",
"dateUpdated": "2025-04-16T17:41:18.679Z",
"requesterUserId": "548e5310-2409-4eaf-9220-2910d23bb95a",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2948 (GCVE-0-2022-2948)
Vulnerability from nvd – Published: 2022-12-07 22:58 – Updated: 2025-04-16 17:41
VLAI?
Summary
GE CIMPICITY versions 2022 and prior is
vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code.
Severity ?
7.8 (High)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GE | CIMPLICITY |
Affected:
0 , ≤ v2022
(custom)
|
Credits
Kimiya working with Trend micro Zero Day Initiative reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:53:00.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2948",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:25:43.607131Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:41:36.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CIMPLICITY",
"vendor": "GE",
"versions": [
{
"lessThanOrEqual": "v2022",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "coordinator",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Kimiya working with Trend micro Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-11-22T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eGE CIMPICITY versions 2022 and prior is \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code. \u003c/span\u003e\n\n \u003c/span\u003e\n\n"
}
],
"value": "GE CIMPICITY versions 2022 and prior is \n\nvulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code. \n\n \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T22:58:15.094Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eGE recommends users refer to the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/en_US/Documentation/CIMPLICITY-Secure-Deployment-Guide2\"\u003eCIMPLICITY Secure Deployment Guide\u003c/a\u003e\u0026nbsp;(login required) for mitigations to the reported vulnerabilities. Specific sections to reference include Section 3.5 Projects and Section 4.2 CimView. \u003c/p\u003e\u003cp\u003eFor more information about this issue, see the GE Digital Product \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-22-06\"\u003eSecurity Advisory\u003c/a\u003e\u0026nbsp;(login required). \u003c/p\u003e\u003cp\u003eFor further questions, users should contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/communities/CC_Contact\"\u003eGE\u003c/a\u003e. \u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nGE recommends users refer to the CIMPLICITY Secure Deployment Guide https://digitalsupport.ge.com/communities/en_US/Documentation/CIMPLICITY-Secure-Deployment-Guide2 \u00a0(login required) for mitigations to the reported vulnerabilities. Specific sections to reference include Section 3.5 Projects and Section 4.2 CimView. \n\nFor more information about this issue, see the GE Digital Product Security Advisory https://digitalsupport.ge.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-22-06 \u00a0(login required). \n\nFor further questions, users should contact GE https://digitalsupport.ge.com/communities/CC_Contact . \n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GE CIMPLICITY Heap-based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-2948",
"datePublished": "2022-12-07T22:58:15.094Z",
"dateReserved": "2022-08-22T19:29:24.599Z",
"dateUpdated": "2025-04-16T17:41:36.455Z",
"requesterUserId": "548e5310-2409-4eaf-9220-2910d23bb95a",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}