Search criteria
2 vulnerabilities found for Proficy HMI/SCADA–CIMPLICITY by GE
CVE-2014-2355 (GCVE-0-2014-2355)
Vulnerability from cvelistv5 – Published: 2015-01-17 02:00 – Updated: 2025-10-03 17:01
VLAI?
Title
GE Proficy HMI/SCADA CIMPLICITY CimView
Summary
The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GE | Proficy HMI/SCADA–CIMPLICITY |
Affected:
0 , ≤ 8.2
(custom)
|
Credits
Said Arfi
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-289-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Proficy HMI/SCADA\u2013CIMPLICITY",
"vendor": "GE",
"versions": [
{
"lessThanOrEqual": "8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Said Arfi"
}
],
"datePublic": "2015-01-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file.\u003c/p\u003e"
}
],
"value": "The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T17:01:02.978Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-289-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eGE recommends that asset owners apply product updates to Proficy \nHMI/SCADA\u2013CIMPLICITY Versions 8.1 and 8.2. The following product updates\n address the memory access violation vulnerability:\u003c/p\u003e\u003cp\u003eProficy HMI/SCADA \u2013 CIMPLICITY 8.1 SIM 29 (DN4219) available at:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://support.ge-ip.com/support/index?page=dwchannel\u0026amp;id=DN4219\"\u003ehttp://support.ge-ip.com/support/index?page=dwchannel\u0026amp;id=DN4219\u003c/a\u003e\u003c/p\u003e\u003cp\u003eProficy HMI/SCADA\u2013CIMPLICITY 8.2 SIM 26 (DN4197) available at:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://support.ge-ip.com/support/index?page=dwchannel\u0026amp;id=DN4197\"\u003ehttp://support.ge-ip.com/support/index?page=dwchannel\u0026amp;id=DN4197\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "GE recommends that asset owners apply product updates to Proficy \nHMI/SCADA\u2013CIMPLICITY Versions 8.1 and 8.2. The following product updates\n address the memory access violation vulnerability:\n\nProficy HMI/SCADA \u2013 CIMPLICITY 8.1 SIM 29 (DN4219) available at:\u00a0 http://support.ge-ip.com/support/index?page=dwchannel\u0026id=DN4219 \n\nProficy HMI/SCADA\u2013CIMPLICITY 8.2 SIM 26 (DN4197) available at:\u00a0 http://support.ge-ip.com/support/index?page=dwchannel\u0026id=DN4197"
}
],
"source": {
"advisory": "ICSA-14-289-02",
"discovery": "EXTERNAL"
},
"title": "GE Proficy HMI/SCADA CIMPLICITY CimView",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn cases where upgrading is not feasible, GE advises asset owners \nusing CIMPLICITY versions prior to 8.1 to consider using the following \nrecommendations that may mitigate or eliminate the impact of the \nvulnerability:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTake steps to properly secure and protect stored CIMPLICITY screen files (.CIM).\u003c/li\u003e\n\u003cli\u003eAvoid using .CIM files received from unknown sources.\u003c/li\u003e\n\u003cli\u003eAvoid sending unprotected .CIM files over unencrypted networks or public Internet.\u003c/li\u003e\n\u003cli\u003eConsider using a strong hashing algorithm to validate integrity of \ncreated .CIM files and ensure they have not been tampered with over \ntime.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "In cases where upgrading is not feasible, GE advises asset owners \nusing CIMPLICITY versions prior to 8.1 to consider using the following \nrecommendations that may mitigate or eliminate the impact of the \nvulnerability:\n\n\n\n * Take steps to properly secure and protect stored CIMPLICITY screen files (.CIM).\n\n * Avoid using .CIM files received from unknown sources.\n\n * Avoid sending unprotected .CIM files over unencrypted networks or public Internet.\n\n * Consider using a strong hashing algorithm to validate integrity of \ncreated .CIM files and ensure they have not been tampered with over \ntime."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2355",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-289-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-289-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2355",
"datePublished": "2015-01-17T02:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2025-10-03T17:01:02.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2355 (GCVE-0-2014-2355)
Vulnerability from nvd – Published: 2015-01-17 02:00 – Updated: 2025-10-03 17:01
VLAI?
Title
GE Proficy HMI/SCADA CIMPLICITY CimView
Summary
The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GE | Proficy HMI/SCADA–CIMPLICITY |
Affected:
0 , ≤ 8.2
(custom)
|
Credits
Said Arfi
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-289-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Proficy HMI/SCADA\u2013CIMPLICITY",
"vendor": "GE",
"versions": [
{
"lessThanOrEqual": "8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Said Arfi"
}
],
"datePublic": "2015-01-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file.\u003c/p\u003e"
}
],
"value": "The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T17:01:02.978Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-289-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eGE recommends that asset owners apply product updates to Proficy \nHMI/SCADA\u2013CIMPLICITY Versions 8.1 and 8.2. The following product updates\n address the memory access violation vulnerability:\u003c/p\u003e\u003cp\u003eProficy HMI/SCADA \u2013 CIMPLICITY 8.1 SIM 29 (DN4219) available at:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://support.ge-ip.com/support/index?page=dwchannel\u0026amp;id=DN4219\"\u003ehttp://support.ge-ip.com/support/index?page=dwchannel\u0026amp;id=DN4219\u003c/a\u003e\u003c/p\u003e\u003cp\u003eProficy HMI/SCADA\u2013CIMPLICITY 8.2 SIM 26 (DN4197) available at:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://support.ge-ip.com/support/index?page=dwchannel\u0026amp;id=DN4197\"\u003ehttp://support.ge-ip.com/support/index?page=dwchannel\u0026amp;id=DN4197\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "GE recommends that asset owners apply product updates to Proficy \nHMI/SCADA\u2013CIMPLICITY Versions 8.1 and 8.2. The following product updates\n address the memory access violation vulnerability:\n\nProficy HMI/SCADA \u2013 CIMPLICITY 8.1 SIM 29 (DN4219) available at:\u00a0 http://support.ge-ip.com/support/index?page=dwchannel\u0026id=DN4219 \n\nProficy HMI/SCADA\u2013CIMPLICITY 8.2 SIM 26 (DN4197) available at:\u00a0 http://support.ge-ip.com/support/index?page=dwchannel\u0026id=DN4197"
}
],
"source": {
"advisory": "ICSA-14-289-02",
"discovery": "EXTERNAL"
},
"title": "GE Proficy HMI/SCADA CIMPLICITY CimView",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn cases where upgrading is not feasible, GE advises asset owners \nusing CIMPLICITY versions prior to 8.1 to consider using the following \nrecommendations that may mitigate or eliminate the impact of the \nvulnerability:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eTake steps to properly secure and protect stored CIMPLICITY screen files (.CIM).\u003c/li\u003e\n\u003cli\u003eAvoid using .CIM files received from unknown sources.\u003c/li\u003e\n\u003cli\u003eAvoid sending unprotected .CIM files over unencrypted networks or public Internet.\u003c/li\u003e\n\u003cli\u003eConsider using a strong hashing algorithm to validate integrity of \ncreated .CIM files and ensure they have not been tampered with over \ntime.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "In cases where upgrading is not feasible, GE advises asset owners \nusing CIMPLICITY versions prior to 8.1 to consider using the following \nrecommendations that may mitigate or eliminate the impact of the \nvulnerability:\n\n\n\n * Take steps to properly secure and protect stored CIMPLICITY screen files (.CIM).\n\n * Avoid using .CIM files received from unknown sources.\n\n * Avoid sending unprotected .CIM files over unencrypted networks or public Internet.\n\n * Consider using a strong hashing algorithm to validate integrity of \ncreated .CIM files and ensure they have not been tampered with over \ntime."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2355",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-289-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-289-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2355",
"datePublished": "2015-01-17T02:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2025-10-03T17:01:02.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}