Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    299 vulnerabilities by GE

    CVE-2024-6098 (GCVE-0-2024-6098)

    Vulnerability from nvd – Published: 2024-08-16 14:57 – Updated: 2024-08-19 17:32
    VLAI
    Title
    PTC Kepware ThingWorx Kepware Server Allocation of Resources Without Limits or Throttling
    Summary
    When performing an online tag generation to devices which communicate using the ControlLogix protocol, a machine-in-the-middle, or a device that is not configured correctly, could deliver a response leading to unrestricted or unregulated resource allocation. This could cause a denial-of-service condition and crash the Kepware application. By default, these functions are turned off, yet they remain accessible for users who recognize and require their advantages.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Credits
    Sharon Brizinov and Vera Mens of Claroty Research - Team82 reported this vulnerability to PTC.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-6098",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-19T17:32:29.303502Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-19T17:32:48.721Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Kepware ThingWorx Kepware Server",
              "vendor": "PTC",
              "versions": [
                {
                  "status": "affected",
                  "version": "V6"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Kepware KEPServerEX",
              "vendor": "PTC",
              "versions": [
                {
                  "status": "affected",
                  "version": "V6"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TOP Server",
              "vendor": "Software Toolbox",
              "versions": [
                {
                  "status": "affected",
                  "version": "V6"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "IGS",
              "vendor": "GE",
              "versions": [
                {
                  "status": "affected",
                  "version": "V7.6x"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sharon Brizinov and Vera Mens of Claroty Research - Team82 reported this vulnerability to PTC."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "When performing an online tag generation to devices which communicate \nusing the ControlLogix protocol, a machine-in-the-middle, or a device \nthat is not configured correctly, could deliver a response leading to \nunrestricted or unregulated resource allocation. This could cause a \ndenial-of-service condition and crash the Kepware application. By \ndefault, these functions are turned off, yet they remain accessible for \nusers who recognize and require their advantages."
                }
              ],
              "value": "When performing an online tag generation to devices which communicate \nusing the ControlLogix protocol, a machine-in-the-middle, or a device \nthat is not configured correctly, could deliver a response leading to \nunrestricted or unregulated resource allocation. This could cause a \ndenial-of-service condition and crash the Kepware application. By \ndefault, these functions are turned off, yet they remain accessible for \nusers who recognize and require their advantages."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "ADJACENT",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-16T14:57:51.023Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-228-11"
            },
            {
              "url": "https://www.ptc.com/en/support/article/CS423892"
            }
          ],
          "source": {
            "advisory": "ICSA-24-228-11",
            "discovery": "EXTERNAL"
          },
          "title": "PTC Kepware ThingWorx Kepware Server Allocation of Resources Without Limits or Throttling",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "PTC recommends users take a defense-in-depth stance with regards to \ntheir manufacturing networks ensuring proper access control is \nmaintained. Additionally, proper adherence to the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ptc.com/support/-/media/support/refdocs/ThingWorx_Kepware_Server/6,-d-,16/secure_deployment_guide_tks.pdf?sc_lang=en\u0026amp;source=search\"\u003eKepware Secure Deployment Guide\u003c/a\u003e\u003cp\u003e will minimize this threat through accurate configuration and use of the product.\u003c/p\u003e\n\u003cp\u003ePlease refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ptc.com/en/support/article/CS423892\"\u003ethis article (login required)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e for specific information on how this risk may be mitigated in your environment.\u003c/p\u003e\n\u003cp\u003eIf additional questions remain, contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.ptc.com/apps/case_logger_viewer/cs/auth/ssl/log?\"\u003ePTC Technical Support.\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "PTC recommends users take a defense-in-depth stance with regards to \ntheir manufacturing networks ensuring proper access control is \nmaintained. Additionally, proper adherence to the  Kepware Secure Deployment Guide https://www.ptc.com/support/-/media/support/refdocs/ThingWorx_Kepware_Server/6,-d-,16/secure_deployment_guide_tks.pdf  will minimize this threat through accurate configuration and use of the product.\n\n\nPlease refer to  this article (login required) https://www.ptc.com/en/support/article/CS423892 \n\n for specific information on how this risk may be mitigated in your environment.\n\n\nIf additional questions remain, contact  PTC Technical Support. https://support.ptc.com/apps/case_logger_viewer/cs/auth/ssl/log"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2024-6098",
        "datePublished": "2024-08-16T14:57:51.023Z",
        "dateReserved": "2024-06-17T21:40:20.832Z",
        "dateUpdated": "2024-08-19T17:32:48.721Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-6098 (GCVE-0-2024-6098)

    Vulnerability from cvelistv5 – Published: 2024-08-16 14:57 – Updated: 2024-08-19 17:32
    VLAI
    Title
    PTC Kepware ThingWorx Kepware Server Allocation of Resources Without Limits or Throttling
    Summary
    When performing an online tag generation to devices which communicate using the ControlLogix protocol, a machine-in-the-middle, or a device that is not configured correctly, could deliver a response leading to unrestricted or unregulated resource allocation. This could cause a denial-of-service condition and crash the Kepware application. By default, these functions are turned off, yet they remain accessible for users who recognize and require their advantages.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Credits
    Sharon Brizinov and Vera Mens of Claroty Research - Team82 reported this vulnerability to PTC.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-6098",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-19T17:32:29.303502Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-19T17:32:48.721Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Kepware ThingWorx Kepware Server",
              "vendor": "PTC",
              "versions": [
                {
                  "status": "affected",
                  "version": "V6"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Kepware KEPServerEX",
              "vendor": "PTC",
              "versions": [
                {
                  "status": "affected",
                  "version": "V6"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TOP Server",
              "vendor": "Software Toolbox",
              "versions": [
                {
                  "status": "affected",
                  "version": "V6"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "IGS",
              "vendor": "GE",
              "versions": [
                {
                  "status": "affected",
                  "version": "V7.6x"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Sharon Brizinov and Vera Mens of Claroty Research - Team82 reported this vulnerability to PTC."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "When performing an online tag generation to devices which communicate \nusing the ControlLogix protocol, a machine-in-the-middle, or a device \nthat is not configured correctly, could deliver a response leading to \nunrestricted or unregulated resource allocation. This could cause a \ndenial-of-service condition and crash the Kepware application. By \ndefault, these functions are turned off, yet they remain accessible for \nusers who recognize and require their advantages."
                }
              ],
              "value": "When performing an online tag generation to devices which communicate \nusing the ControlLogix protocol, a machine-in-the-middle, or a device \nthat is not configured correctly, could deliver a response leading to \nunrestricted or unregulated resource allocation. This could cause a \ndenial-of-service condition and crash the Kepware application. By \ndefault, these functions are turned off, yet they remain accessible for \nusers who recognize and require their advantages."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "ADJACENT",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-16T14:57:51.023Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-228-11"
            },
            {
              "url": "https://www.ptc.com/en/support/article/CS423892"
            }
          ],
          "source": {
            "advisory": "ICSA-24-228-11",
            "discovery": "EXTERNAL"
          },
          "title": "PTC Kepware ThingWorx Kepware Server Allocation of Resources Without Limits or Throttling",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "PTC recommends users take a defense-in-depth stance with regards to \ntheir manufacturing networks ensuring proper access control is \nmaintained. Additionally, proper adherence to the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ptc.com/support/-/media/support/refdocs/ThingWorx_Kepware_Server/6,-d-,16/secure_deployment_guide_tks.pdf?sc_lang=en\u0026amp;source=search\"\u003eKepware Secure Deployment Guide\u003c/a\u003e\u003cp\u003e will minimize this threat through accurate configuration and use of the product.\u003c/p\u003e\n\u003cp\u003ePlease refer to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ptc.com/en/support/article/CS423892\"\u003ethis article (login required)\u003c/a\u003e\u003c/p\u003e\u003cp\u003e for specific information on how this risk may be mitigated in your environment.\u003c/p\u003e\n\u003cp\u003eIf additional questions remain, contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.ptc.com/apps/case_logger_viewer/cs/auth/ssl/log?\"\u003ePTC Technical Support.\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "PTC recommends users take a defense-in-depth stance with regards to \ntheir manufacturing networks ensuring proper access control is \nmaintained. Additionally, proper adherence to the  Kepware Secure Deployment Guide https://www.ptc.com/support/-/media/support/refdocs/ThingWorx_Kepware_Server/6,-d-,16/secure_deployment_guide_tks.pdf  will minimize this threat through accurate configuration and use of the product.\n\n\nPlease refer to  this article (login required) https://www.ptc.com/en/support/article/CS423892 \n\n for specific information on how this risk may be mitigated in your environment.\n\n\nIf additional questions remain, contact  PTC Technical Support. https://support.ptc.com/apps/case_logger_viewer/cs/auth/ssl/log"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2024-6098",
        "datePublished": "2024-08-16T14:57:51.023Z",
        "dateReserved": "2024-06-17T21:40:20.832Z",
        "dateUpdated": "2024-08-19T17:32:48.721Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    VAR-200801-0247

    Vulnerability from variot - Updated: 2024-03-02 23:20

    GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges. GE Fanuc Proficy Information Portal , the authentication information is sent in clear text. The attacker obtains authentication information by intercepting this communication, Portal may be invaded. GE Fanuc Proficy Information Portal is a web-based system status reporting system that connects production information systems and inter-company networks and handles data such as production information in an integrated manner online. this Proficy Information Portal Because the credentials are sent in clear text, it is possible for an attacker to intercept this communication and obtain the credentials.Credentials may be obtained by an attacker who can intercept communications. Information obtained may lead to further attacks. Background

    GE-Fanuc's Proficy Information Portal 2.6 is a web based reporting application for the SCADA environment. As such it will usually be installed in a buffer zone between the SCADA and the corporate network, which makes it a very sensitive application as it can access both networks.

    Description

    The login process of Proficy involves sending the username in cleartext and the password in Base64 encoded format.

    Workaround/Fix

    The vendor issued a KB article on how to resolve this vulnerability at the GE-Fanuc website, yet the proposed solution was not verified by C4.

    Additional Information

    For additional information please contact us at info@c4-security.com. Note that we will respond only to verified utility personnel and governmental agencies. The CVE identifier assigned to this vulnerability by CERT is CVE-2008-0174

    Credit

    This vulnerability was discovered by Eyal Udassin of C4.

    Regards,

    Eyal Udassin - C4 (Formerly Swift Coders) 33 Jabotinsky St. The Twin Towers #1, Ramat Gan, Israel eyal.udassin@c4-security.com / www.c4-security.com http://www.c4-security.com/ +972-547-684989

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200801-0247",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "proficy real-time information portal",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ge",
            "version": "2.6"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ge fanuc",
            "version": null
          },
          {
            "model": "proficy real-time information portal",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "ge fanuc",
            "version": "2.6  and earlier"
          },
          {
            "model": "proficy real-time information portal",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ge fanuc",
            "version": null
          },
          {
            "model": "proficy real-time information portal",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge fanuc",
            "version": "2.6"
          },
          {
            "model": "fanuc proficy real-time information portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ge",
            "version": "2.6"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "proficy real time information portal",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "0642781e-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CERT/CC",
            "id": "VU#180876"
          },
          {
            "db": "BID",
            "id": "30754"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-001053"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200801-408"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-0174"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ge_fanuc:proficy_real-time_information_portal:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.6",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2008-0174"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "C4",
        "sources": [
          {
            "db": "BID",
            "id": "30754"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200801-408"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2008-0174",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2008-0174",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "0642781e-2352-11e6-abef-000c29c66e3d",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2008-0174",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2008-0174",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#180876",
                "trust": 0.8,
                "value": "0.17"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200801-408",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "0642781e-2352-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "0642781e-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CERT/CC",
            "id": "VU#180876"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-001053"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200801-408"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-0174"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges. GE Fanuc Proficy Information Portal , the authentication information is sent in clear text. The attacker obtains authentication information by intercepting this communication, Portal may be invaded. GE Fanuc Proficy Information Portal is a web-based system status reporting system that connects production information systems and inter-company networks and handles data such as production information in an integrated manner online. this Proficy Information Portal Because the credentials are sent in clear text, it is possible for an attacker to intercept this communication and obtain the credentials.Credentials may be obtained by an attacker who can intercept communications. Information obtained may lead to further attacks. Background\n-----------------\nGE-Fanuc\u0027s Proficy Information Portal 2.6 is a web based reporting\napplication for the SCADA environment. As such it will usually be installed\nin a buffer zone between the SCADA and the corporate network, which makes it\na very sensitive application as it can access both networks. \n \nDescription\n----------------\nThe login process of Proficy involves sending the username in cleartext and\nthe password in Base64 encoded format. \n \nWorkaround/Fix\n-----------------------\nThe vendor issued a KB article on how to resolve this vulnerability at the\nGE-Fanuc website, yet the proposed solution was not verified by C4. \n \nAdditional Information\n-------------------------------\nFor additional information please contact us at info@c4-security.com. Note\nthat we will respond only to verified utility personnel and governmental\nagencies. \nThe CVE identifier assigned to this vulnerability by CERT is CVE-2008-0174\n \nCredit\n---------\nThis vulnerability was discovered by Eyal Udassin of C4. \n \nRegards,\n \nEyal Udassin - C4 (Formerly Swift Coders)\n33 Jabotinsky St. The Twin Towers #1, Ramat Gan, Israel\neyal.udassin@c4-security.com / www.c4-security.com\n\u003chttp://www.c4-security.com/\u003e \n+972-547-684989\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2008-0174"
          },
          {
            "db": "CERT/CC",
            "id": "VU#180876"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-001053"
          },
          {
            "db": "BID",
            "id": "30754"
          },
          {
            "db": "IVD",
            "id": "0642781e-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "PACKETSTORM",
            "id": "63006"
          }
        ],
        "trust": 2.88
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2008-0174",
            "trust": 3.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#180876",
            "trust": 2.6
          },
          {
            "db": "SECTRACK",
            "id": "1019273",
            "trust": 2.4
          },
          {
            "db": "BID",
            "id": "30754",
            "trust": 1.9
          },
          {
            "db": "SREASON",
            "id": "3590",
            "trust": 1.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200801-408",
            "trust": 0.8
          },
          {
            "db": "EXPLOIT-DB",
            "id": "6921",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-001053",
            "trust": 0.8
          },
          {
            "db": "BUGTRAQ",
            "id": "20080129 RE: C4 SECURITY ADVISORY - GE FANUC PROFICY INFORMATION PORTAL 2.6 AUTHENTICATION VULNERABILITY",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20080125 C4 SECURITY ADVISORY - GE FANUC PROFICY INFORMATION PORTAL 2.6 AUTHENTICATION VULNERABILITY",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "0642781E-2352-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "63006",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "0642781e-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CERT/CC",
            "id": "VU#180876"
          },
          {
            "db": "BID",
            "id": "30754"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-001053"
          },
          {
            "db": "PACKETSTORM",
            "id": "63006"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200801-408"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-0174"
          }
        ]
      },
      "id": "VAR-200801-0247",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "0642781e-2352-11e6-abef-000c29c66e3d"
          }
        ],
        "trust": 0.5820513
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "0642781e-2352-11e6-abef-000c29c66e3d"
          }
        ]
      },
      "last_update_date": "2024-03-02T23:20:39.974000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "KB12459 GE\u00a0Fanuc",
            "trust": 0.8,
            "url": "http://support.gefanuc.com/support/index?page=kbchannel\u0026id=kb12459"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-001053"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-312",
            "trust": 1.0
          },
          {
            "problemtype": "Plaintext storage of important information (CWE-312) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-001053"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-0174"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.7,
            "url": "http://support.gefanuc.com/support/index?page=kbchannel\u0026id=kb12459"
          },
          {
            "trust": 2.4,
            "url": "http://securitytracker.com/id?1019273"
          },
          {
            "trust": 1.8,
            "url": "http://www.kb.cert.org/vuls/id/180876"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/30754"
          },
          {
            "trust": 1.6,
            "url": "http://securityreason.com/securityalert/3590"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/487075/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/487244/100/0/threaded"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/archive/1/487075/30/0/threaded"
          },
          {
            "trust": 0.8,
            "url": "http://support.microsoft.com/kb/324274"
          },
          {
            "trust": 0.8,
            "url": "http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/iis/36ea667e-c578-43b5-87fa-a2f174efb27a.mspx"
          },
          {
            "trust": 0.8,
            "url": "http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/iis/523ae943-5e6a-4200-9103-9808baa00157.mspx"
          },
          {
            "trust": 0.8,
            "url": "http://www.gefanuc.com/as_en/gefanuc/resource_center/hmi_scada/hmiscada_security.html"
          },
          {
            "trust": 0.8,
            "url": "http://java.sun.com/j2se/1.5.0/docs/guide/rmi/socketfactory/sslinfo.html"
          },
          {
            "trust": 0.8,
            "url": "http://java.sun.com/j2se/1.5.0/docs/guide/rmi/socketfactory/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://www.digitalmunition.com/hooked_on_fanucs.rb"
          },
          {
            "trust": 0.8,
            "url": "http://www.digitalmunition.com/rtipsniff.rb"
          },
          {
            "trust": 0.8,
            "url": "http://www.milw0rm.com/exploits/6921"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23180876/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0174"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/487075/100/0/threaded"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/487244/100/0/threaded"
          },
          {
            "trust": 0.3,
            "url": "http://www.gefanuc.com/as_en/products_solutions/production_management/products/proficy_portal.html"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/487075"
          },
          {
            "trust": 0.1,
            "url": "http://www.c4-security.com/\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0174"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#180876"
          },
          {
            "db": "BID",
            "id": "30754"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-001053"
          },
          {
            "db": "PACKETSTORM",
            "id": "63006"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200801-408"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-0174"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "0642781e-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CERT/CC",
            "id": "VU#180876"
          },
          {
            "db": "BID",
            "id": "30754"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-001053"
          },
          {
            "db": "PACKETSTORM",
            "id": "63006"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200801-408"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-0174"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2008-01-28T00:00:00",
            "db": "IVD",
            "id": "0642781e-2352-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2008-01-25T00:00:00",
            "db": "CERT/CC",
            "id": "VU#180876"
          },
          {
            "date": "2008-01-25T00:00:00",
            "db": "BID",
            "id": "30754"
          },
          {
            "date": "2008-02-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2008-001053"
          },
          {
            "date": "2008-01-26T00:14:33",
            "db": "PACKETSTORM",
            "id": "63006"
          },
          {
            "date": "2008-01-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200801-408"
          },
          {
            "date": "2008-01-29T02:00:00",
            "db": "NVD",
            "id": "CVE-2008-0174"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2008-11-13T00:00:00",
            "db": "CERT/CC",
            "id": "VU#180876"
          },
          {
            "date": "2008-11-10T16:45:00",
            "db": "BID",
            "id": "30754"
          },
          {
            "date": "2024-03-01T04:50:00",
            "db": "JVNDB",
            "id": "JVNDB-2008-001053"
          },
          {
            "date": "2008-09-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200801-408"
          },
          {
            "date": "2024-02-14T15:31:48.540000",
            "db": "NVD",
            "id": "CVE-2008-0174"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200801-408"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Fanuc Proficy Real-Time Information Portal Sensitive Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "0642781e-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200801-408"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "encryption problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200801-408"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202202-0307

    Vulnerability from variot - Updated: 2023-12-21 22:02

    The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the system. GE Digital Provided by the company HMI and SCADA Is a platform Proficy CIMPLICITY There is a vulnerability in plaintext communication of sensitive information ( CWE-319 , CVE-2022-21798 ) Exists. CIMPLICITY Authentication information is communicated in clear text on the network.Authentication information sent in clear text may be stolen and the device may be manipulated illegally. GE CIMPLICITY is a client (server)-based HMI (SCADA) solution from General Electric (GE) in the United States. The solution can collect and share real-time and historical data between all levels of the enterprise, realizing process, equipment, Operational visualization of resource monitoring.

    There is an information leakage vulnerability in GEProficy CIMPLICITY. An attacker can use this vulnerability to log in to the system and perform unauthorized operations

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202202-0307",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "cimplicity",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ge",
            "version": "*"
          },
          {
            "model": "proficy cimplicity",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ge \u30c7\u30b8\u30bf\u30eb",
            "version": "all  s"
          },
          {
            "model": "proficy cimplicity",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ge \u30c7\u30b8\u30bf\u30eb",
            "version": null
          },
          {
            "model": "proficy cimplicity",
            "scope": null,
            "trust": 0.6,
            "vendor": "ge",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-98795"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001376"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21798"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-21798"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Users are advised to refer to the",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1761"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2022-21798",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2023-98795",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.6,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Adjacent Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2022-001376",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2022-21798",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2022-21798",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2022-001376",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2023-98795",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202202-1761",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-98795"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001376"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21798"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21798"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1761"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the system. GE Digital Provided by the company  HMI and  SCADA Is a platform  Proficy CIMPLICITY There is a vulnerability in plaintext communication of sensitive information ( CWE-319 , CVE-2022-21798 ) Exists. CIMPLICITY Authentication information is communicated in clear text on the network.Authentication information sent in clear text may be stolen and the device may be manipulated illegally. GE CIMPLICITY is a client (server)-based HMI (SCADA) solution from General Electric (GE) in the United States. The solution can collect and share real-time and historical data between all levels of the enterprise, realizing process, equipment, Operational visualization of resource monitoring. \n\r\n\r\nThere is an information leakage vulnerability in GEProficy CIMPLICITY. An attacker can use this vulnerability to log in to the system and perform unauthorized operations",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-21798"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001376"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-98795"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2022-21798",
            "trust": 3.0
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-22-053-02",
            "trust": 2.4
          },
          {
            "db": "JVN",
            "id": "JVNVU96846804",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001376",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2023-98795",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2022.0787",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2022022305",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1761",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-98795"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001376"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21798"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1761"
          }
        ]
      },
      "id": "VAR-202202-0307",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-98795"
          }
        ],
        "trust": 1.2
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-98795"
          }
        ]
      },
      "last_update_date": "2023-12-21T22:02:59.477000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Secure\u00a0Deployment\u00a0Guide (Login required)  GE\u00a0Digital",
            "trust": 0.8,
            "url": "https://digitalsupport.ge.com/communities/cc_login?starturl=%2fen_us%2fdocumentation%2fifix-secure-deployment-guide"
          },
          {
            "title": "Patch for GE Proficy CIMPLICITY information leakage vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/358056"
          },
          {
            "title": "General Electric Proficy Cimplicity Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=185279"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-98795"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001376"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1761"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-319",
            "trust": 1.0
          },
          {
            "problemtype": "Sending important information in clear text (CWE-319) [ Other ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001376"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21798"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-053-02"
          },
          {
            "trust": 1.2,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21798"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu96846804/"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-21798/"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2022022305"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2022.0787"
          },
          {
            "trust": 0.6,
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-053-02"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-98795"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001376"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21798"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1761"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2023-98795"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001376"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-21798"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1761"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-10-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-98795"
          },
          {
            "date": "2022-02-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-001376"
          },
          {
            "date": "2022-02-25T19:15:23.723000",
            "db": "NVD",
            "id": "CVE-2022-21798"
          },
          {
            "date": "2022-02-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202202-1761"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-12-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2023-98795"
          },
          {
            "date": "2022-02-28T07:33:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-001376"
          },
          {
            "date": "2022-03-08T15:38:39.317000",
            "db": "NVD",
            "id": "CVE-2022-21798"
          },
          {
            "date": "2022-03-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202202-1761"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1761"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE\u00a0Digital\u00a0 Made \u00a0Proficy\u00a0CIMPLICITY\u00a0 Vulnerability of plaintext communication of sensitive information in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-001376"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202202-1761"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200801-0249

    Vulnerability from variot - Updated: 2023-12-18 14:06

    Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI SCADA system 7.0 before 7.0 SIM 9, and earlier versions before 6.1 SP6 Hot fix - 010708_162517_6106, allow remote attackers to execute arbitrary code via unknown vectors. GE Fanuc CIMPLICITY HMI Contains a heap buffer overflow vulnerability. GE Fanuc CIMPLICITY HMI Is a product used for monitoring and controlling production information systems. this CIMPLICITY Network service processes (w32rtr.exe) Contains a heap buffer overflow vulnerability on both the server and the client. Attackers have this vulnerability CIMPLICITY HMI This vulnerability could be exploited by sending crafted packets to the system.Arbitrary code execution or denial of service by a remote attacker (DoS) There is a possibility of being attacked.

    GE Fanuc CIMPLICITY has a vulnerability in processing malformed requests. Remote attackers could use this vulnerability to control servers. An attacker can exploit this issue to execute arbitrary code or cause denial-of-service conditions. Versions prior to CIMPLICITY 7.0 SIM 9 are vulnerable.


    A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.

    Download and test it today: https://psi.secunia.com/

    Read more about this new version: https://psi.secunia.com/?page=changelog


    TITLE: Proficy HMI/SCADA - CIMPLICITY w32rtr.exe Packet Processing Buffer Overflow

    SECUNIA ADVISORY ID: SA28663

    VERIFY ADVISORY: http://secunia.com/advisories/28663/

    CRITICAL: Moderately critical

    IMPACT: DoS, System access

    WHERE:

    From local network

    SOFTWARE: Proficy HMI/SCADA - CIMPLICITY 6.x http://secunia.com/product/11105/ Proficy HMI/SCADA - CIMPLICITY 7.x http://secunia.com/product/17337/

    DESCRIPTION: Eyal Udassin has reported a vulnerability in Proficy HMI/SCADA - CIMPLICITY, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

    The vulnerability is caused due to a boundary error in w32rtr.exe when processing packets and can be exploited to cause a heap-based buffer overflow by sending a specially-crafted packet to default port 32000/TCP.

    The vulnerability is reported in version 6.1.

    SOLUTION: Apply hotfixes. Please see the vendor's advisory for details.

    • CIMPLICITY 6.1 SP6 Hot Fix - 010708_162517_6106
    • CIMPLICITY 7.0 SIM 9

    PROVIDED AND/OR DISCOVERED BY: Eyal Udassin, C4 Security

    ORIGINAL ADVISORY: GE Fanuc (KB12458): http://support.gefanuc.com/support/index?page=kbchannel&id=KB12458

    C4 Security (via BugTraq): http://archives.neohapsis.com/archives/bugtraq/2008-01/0372.html

    OTHER REFERENCES: US-CERT VU#308556: http://www.kb.cert.org/vuls/id/308556


    About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    . Background

    Vendor product information: CIMPLICITY is a powerful and technically advanced HMI/SCADA product. With its open system design approach, true client/server architecture, and the latest web technologies, CIMPLICITY allows you to realize the benefits of digitization for the collection, monitoring, supervisory control and sharing of critical process and production data throughout your operations CIMPLICITY has been used in all industries -- from process to discrete, to system monitoring. It is extremely well suited for discrete applications, and handles very large amounts of digital signals and alarm bursts. Its advanced Client/Sever architecture makes it easy to start small and expand your system. The description of the vulnerability is intentionally limited as this software controls critical national infrastructure.

    Impact

    An attacker can compromise the Cimplicity 6.1 control server, and each of the operator workstations.

    Workaround/Fix

    The vendor issued a hotfix to resolve this vulnerability

    Additional Information

    For additional information please contact us at info@c4-security.com. Note that we will respond only to verified utility personnel and governmental agencies. The CVE identifier assigned to this vulnerability by CERT is CVE-2008-0176

    Credit

    This vulnerability was discovered and exploited by Gilad Bakas and Eyal Udassin of C4.

    Regards,

    Eyal Udassin - C4 (Formerly Swift Coders) 33 Jabotinsky St. The Twin Towers #1, Ramat Gan, Israel eyal.udassin@c4-security.com / www.c4-security.com http://www.c4-security.com/ +972-547-684989

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200801-0249",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "cimplicity",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ge fanuc",
            "version": "7.0_sim8"
          },
          {
            "model": "cimplicity",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ge fanuc",
            "version": "6.1_sp6_hf_010708_162517_6106"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.8,
            "vendor": "cimplicity",
            "version": "*"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "ge fanuc",
            "version": null
          },
          {
            "model": "cimplicity",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "ge fanuc",
            "version": "7.0"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.6,
            "vendor": "none",
            "version": null
          },
          {
            "model": "cimplicity",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge fanuc",
            "version": "6.1_sp6_hf_010708_162517_6106"
          },
          {
            "model": "cimplicity",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge fanuc",
            "version": "7.0_sim8"
          },
          {
            "model": "fanuc cimplicity sim8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ge",
            "version": "7.0"
          },
          {
            "model": "fanuc cimplicity sim7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ge",
            "version": "7.0"
          },
          {
            "model": "fanuc cimplicity sp6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ge",
            "version": "6.1"
          },
          {
            "model": "fanuc cimplicity sp5",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ge",
            "version": "6.1"
          },
          {
            "model": "fanuc cimplicity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ge",
            "version": "6.1"
          },
          {
            "model": "fanuc cimplicity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ge",
            "version": "6.0"
          },
          {
            "model": "fanuc cimplicity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ge",
            "version": "0"
          },
          {
            "model": "fanuc cimplicity sim9",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ge",
            "version": "7.0"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "067d2766-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7ae201-463f-11e9-819f-000c29342cb1"
          },
          {
            "db": "CERT/CC",
            "id": "VU#308556"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2008-0434"
          },
          {
            "db": "BID",
            "id": "27447"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-001054"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-0176"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200801-410"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ge_fanuc:cimplicity:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "6.1_sp6_hf_010708_162517_6106",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge_fanuc:cimplicity:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.0_sim8",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2008-0176"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Douglas A. Stewart of CERT as well as Gilad Bakas and Eyal Udassin of C4 are credited with the discovery of this vulnerability.",
        "sources": [
          {
            "db": "BID",
            "id": "27447"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200801-410"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2008-0176",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2008-0176",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "067d2766-2352-11e6-abef-000c29c66e3d",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "7d7ae201-463f-11e9-819f-000c29342cb1",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2008-0176",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CARNEGIE MELLON",
                "id": "VU#308556",
                "trust": 0.8,
                "value": "3.01"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200801-410",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "067d2766-2352-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "7d7ae201-463f-11e9-819f-000c29342cb1",
                "trust": 0.2,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "067d2766-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7ae201-463f-11e9-819f-000c29342cb1"
          },
          {
            "db": "CERT/CC",
            "id": "VU#308556"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-001054"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-0176"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200801-410"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI SCADA system 7.0 before 7.0 SIM 9, and earlier versions before 6.1 SP6 Hot fix - 010708_162517_6106, allow remote attackers to execute arbitrary code via unknown vectors. GE Fanuc CIMPLICITY HMI Contains a heap buffer overflow vulnerability. GE Fanuc CIMPLICITY HMI Is a product used for monitoring and controlling production information systems. this CIMPLICITY Network service processes (w32rtr.exe) Contains a heap buffer overflow vulnerability on both the server and the client. Attackers have this vulnerability CIMPLICITY HMI This vulnerability could be exploited by sending crafted packets to the system.Arbitrary code execution or denial of service by a remote attacker (DoS) There is a possibility of being attacked. \n\n\u00a0GE Fanuc CIMPLICITY has a vulnerability in processing malformed requests. Remote attackers could use this vulnerability to control servers. \nAn attacker can exploit this issue to execute arbitrary code or cause denial-of-service conditions. \nVersions prior to CIMPLICITY 7.0 SIM 9 are vulnerable. \n\n----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nProficy HMI/SCADA - CIMPLICITY w32rtr.exe Packet Processing Buffer\nOverflow\n\nSECUNIA ADVISORY ID:\nSA28663\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/28663/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS, System access\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nProficy HMI/SCADA - CIMPLICITY 6.x\nhttp://secunia.com/product/11105/\nProficy HMI/SCADA - CIMPLICITY 7.x\nhttp://secunia.com/product/17337/\n\nDESCRIPTION:\nEyal Udassin has reported a vulnerability in Proficy HMI/SCADA -\nCIMPLICITY, which can be exploited by malicious people to cause a DoS\n(Denial of Service) or compromise a vulnerable system. \n\nThe vulnerability is caused due to a boundary error in w32rtr.exe\nwhen processing packets and can be exploited to cause a heap-based\nbuffer overflow by sending a specially-crafted packet to default port\n32000/TCP. \n\nThe vulnerability is reported in version 6.1. \n\nSOLUTION:\nApply hotfixes. Please see the vendor\u0027s advisory for details. \n\n* CIMPLICITY 6.1 SP6 Hot Fix - 010708_162517_6106\n* CIMPLICITY 7.0 SIM 9\n\nPROVIDED AND/OR DISCOVERED BY:\nEyal Udassin, C4 Security\n\nORIGINAL ADVISORY:\nGE Fanuc (KB12458):\nhttp://support.gefanuc.com/support/index?page=kbchannel\u0026id=KB12458\n\nC4 Security (via BugTraq):\nhttp://archives.neohapsis.com/archives/bugtraq/2008-01/0372.html\n\nOTHER REFERENCES:\nUS-CERT VU#308556:\nhttp://www.kb.cert.org/vuls/id/308556\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. Background\n-----------------\nVendor product information:\nCIMPLICITY is a powerful and technically advanced HMI/SCADA product. With\nits open system design approach, true client/server architecture, and the\nlatest web technologies, CIMPLICITY allows you to realize the benefits of\ndigitization for the collection, monitoring, supervisory control and sharing\nof critical process and production data throughout your operations\nCIMPLICITY has been used in all industries -- from process to discrete, to\nsystem monitoring. It is extremely well suited for discrete applications,\nand handles very large amounts of digital signals and alarm bursts. Its\nadvanced Client/Sever architecture makes it easy to start small and expand\nyour system. \nThe description of the vulnerability is intentionally limited as this\nsoftware controls critical national infrastructure. \n \nImpact\n----------\nAn attacker can compromise the Cimplicity 6.1 control server, and each of\nthe operator workstations. \n \nWorkaround/Fix\n-----------------------\nThe vendor issued a hotfix to resolve this vulnerability \n \nAdditional Information\n-------------------------------\nFor additional information please contact us at info@c4-security.com. Note\nthat we will respond only to verified utility personnel and governmental\nagencies. \nThe CVE identifier assigned to this vulnerability by CERT is CVE-2008-0176\n \nCredit\n--------\nThis vulnerability was discovered and exploited by Gilad Bakas and Eyal\nUdassin of C4. \n \nRegards,\n \nEyal Udassin - C4 (Formerly Swift Coders)\n33 Jabotinsky St. The Twin Towers #1, Ramat Gan, Israel\neyal.udassin@c4-security.com / www.c4-security.com\n\u003chttp://www.c4-security.com/\u003e \n+972-547-684989\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2008-0176"
          },
          {
            "db": "CERT/CC",
            "id": "VU#308556"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-001054"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2008-0434"
          },
          {
            "db": "BID",
            "id": "27447"
          },
          {
            "db": "IVD",
            "id": "067d2766-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7ae201-463f-11e9-819f-000c29342cb1"
          },
          {
            "db": "PACKETSTORM",
            "id": "63057"
          },
          {
            "db": "PACKETSTORM",
            "id": "63004"
          }
        ],
        "trust": 3.69
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2008-0176",
            "trust": 3.8
          },
          {
            "db": "CERT/CC",
            "id": "VU#308556",
            "trust": 3.0
          },
          {
            "db": "BID",
            "id": "27447",
            "trust": 2.7
          },
          {
            "db": "SECUNIA",
            "id": "28663",
            "trust": 2.6
          },
          {
            "db": "SECTRACK",
            "id": "1019275",
            "trust": 2.4
          },
          {
            "db": "SREASON",
            "id": "3592",
            "trust": 1.6
          },
          {
            "db": "VUPEN",
            "id": "ADV-2008-0306",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2008-0434",
            "trust": 1.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200801-410",
            "trust": 1.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-001054",
            "trust": 0.8
          },
          {
            "db": "BUGTRAQ",
            "id": "20080125 C4 SECURITY ADVISORY - GE FANUC CIMPLICITY 6.1 HEAP OVERFLOW",
            "trust": 0.6
          },
          {
            "db": "BUGTRAQ",
            "id": "20080129 RE: C4 SECURITY ADVISORY - GE FANUC CIMPLICITY 6.1 HEAP OVERFLOW",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "067D2766-2352-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "7D7AE201-463F-11E9-819F-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "63057",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "63004",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "067d2766-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7ae201-463f-11e9-819f-000c29342cb1"
          },
          {
            "db": "CERT/CC",
            "id": "VU#308556"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2008-0434"
          },
          {
            "db": "BID",
            "id": "27447"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-001054"
          },
          {
            "db": "PACKETSTORM",
            "id": "63057"
          },
          {
            "db": "PACKETSTORM",
            "id": "63004"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-0176"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200801-410"
          }
        ]
      },
      "id": "VAR-200801-0249",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "067d2766-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7ae201-463f-11e9-819f-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2008-0434"
          }
        ],
        "trust": 0.1
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "067d2766-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7ae201-463f-11e9-819f-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2008-0434"
          }
        ]
      },
      "last_update_date": "2023-12-18T14:06:41.655000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Securing Your HMI/SCADA Systems",
            "trust": 0.8,
            "url": "http://www.gefanuc.com/as_en/gefanuc/resource_center/hmi_scada/hmiscada_security.html"
          },
          {
            "title": "KB12458",
            "trust": 0.8,
            "url": "http://support.gefanuc.com/support/index?page=kbchannel\u0026id=kb12458"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-001054"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-001054"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-0176"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "http://support.gefanuc.com/support/index?page=kbchannel\u0026id=kb12458"
          },
          {
            "trust": 2.4,
            "url": "http://secunia.com/advisories/28663"
          },
          {
            "trust": 2.4,
            "url": "http://www.securityfocus.com/bid/27447"
          },
          {
            "trust": 2.4,
            "url": "http://www.securitytracker.com/id?1019275"
          },
          {
            "trust": 2.2,
            "url": "http://www.kb.cert.org/vuls/id/308556"
          },
          {
            "trust": 1.6,
            "url": "http://securityreason.com/securityalert/3592"
          },
          {
            "trust": 1.4,
            "url": "http://www.frsirt.com/english/advisories/2008/0306"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/487076/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/archive/1/487241/100/0/threaded"
          },
          {
            "trust": 1.0,
            "url": "http://www.vupen.com/english/advisories/2008/0306"
          },
          {
            "trust": 0.8,
            "url": "http://www.securityfocus.com/archive/1/487076/30/0/threaded"
          },
          {
            "trust": 0.8,
            "url": "http://www.gefanuc.com/as_en/gefanuc/resource_center/hmi_scada/hmiscada_security.html"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0176"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/cert/jvnvu%23308556/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0176"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/487076/100/0/threaded"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/487241/100/0/threaded"
          },
          {
            "trust": 0.3,
            "url": "http://www.gefanuc.com/as_en/products_solutions/hmi_scada/products/proficy_cimplicity.html"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/487076"
          },
          {
            "trust": 0.3,
            "url": "/archive/1/487241"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/about_secunia_advisories/"
          },
          {
            "trust": 0.1,
            "url": "https://psi.secunia.com/?page=changelog"
          },
          {
            "trust": 0.1,
            "url": "https://psi.secunia.com/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/11105/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/28663/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/17337/"
          },
          {
            "trust": 0.1,
            "url": "http://archives.neohapsis.com/archives/bugtraq/2008-01/0372.html"
          },
          {
            "trust": 0.1,
            "url": "http://www.c4-security.com/\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0176"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#308556"
          },
          {
            "db": "BID",
            "id": "27447"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-001054"
          },
          {
            "db": "PACKETSTORM",
            "id": "63057"
          },
          {
            "db": "PACKETSTORM",
            "id": "63004"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-0176"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200801-410"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "067d2766-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7ae201-463f-11e9-819f-000c29342cb1"
          },
          {
            "db": "CERT/CC",
            "id": "VU#308556"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2008-0434"
          },
          {
            "db": "BID",
            "id": "27447"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2008-001054"
          },
          {
            "db": "PACKETSTORM",
            "id": "63057"
          },
          {
            "db": "PACKETSTORM",
            "id": "63004"
          },
          {
            "db": "NVD",
            "id": "CVE-2008-0176"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200801-410"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2008-01-24T00:00:00",
            "db": "IVD",
            "id": "067d2766-2352-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2008-01-24T00:00:00",
            "db": "IVD",
            "id": "7d7ae201-463f-11e9-819f-000c29342cb1"
          },
          {
            "date": "2008-01-25T00:00:00",
            "db": "CERT/CC",
            "id": "VU#308556"
          },
          {
            "date": "2008-01-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2008-0434"
          },
          {
            "date": "2008-01-24T00:00:00",
            "db": "BID",
            "id": "27447"
          },
          {
            "date": "2008-02-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2008-001054"
          },
          {
            "date": "2008-01-29T00:00:58",
            "db": "PACKETSTORM",
            "id": "63057"
          },
          {
            "date": "2008-01-26T00:10:20",
            "db": "PACKETSTORM",
            "id": "63004"
          },
          {
            "date": "2008-01-29T02:00:00",
            "db": "NVD",
            "id": "CVE-2008-0176"
          },
          {
            "date": "2008-01-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200801-410"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2008-01-25T00:00:00",
            "db": "CERT/CC",
            "id": "VU#308556"
          },
          {
            "date": "2008-01-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2008-0434"
          },
          {
            "date": "2008-01-29T16:27:00",
            "db": "BID",
            "id": "27447"
          },
          {
            "date": "2008-02-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2008-001054"
          },
          {
            "date": "2018-10-15T21:58:25.670000",
            "db": "NVD",
            "id": "CVE-2008-0176"
          },
          {
            "date": "2008-09-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200801-410"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200801-410"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE-Fanuc CIMPLICITY w32rtr.exe Remote Heap Overflow Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "067d2766-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7ae201-463f-11e9-819f-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2008-0434"
          }
        ],
        "trust": 1.0
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow",
        "sources": [
          {
            "db": "IVD",
            "id": "067d2766-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "IVD",
            "id": "7d7ae201-463f-11e9-819f-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200801-410"
          }
        ],
        "trust": 1.0
      }
    }

    VAR-201805-1045

    Vulnerability from variot - Updated: 2023-12-18 14:01

    Silex SD-320AN version 2.01 and prior and GE MobileLink(GEH-SD-320AN) version GEH-1.1 and prior have a system call parameter that is not properly sanitized, which may allow remote code execution. Silex SD-320AN and GE MobileLink (GEH-SD-320AN) Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Silex SD-320AN is a serial device server from Japan's Silex Technology Corporation. GE MobileLink (GEH-SD-320AN) is a set of electrocardiogram analysis system of General Electric (GE). A remote attacker could use this vulnerability to execute code. The vulnerability stems from the fact that the program does not have correct filtering system call parameters

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201805-1045",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "geh-sd-320an",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "silextechnology",
            "version": "geh-1.1"
          },
          {
            "model": "sd-320an",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "silextechnology",
            "version": "2.01"
          },
          {
            "model": "geh-sd-320an",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "silex",
            "version": "1.1"
          },
          {
            "model": "sd-320an",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "silex",
            "version": "2.01"
          },
          {
            "model": "sd-320an",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "silex",
            "version": "\u003c=2.01"
          },
          {
            "model": "mobilelink \u003c=geh-1.1",
            "scope": null,
            "trust": 0.6,
            "vendor": "ge",
            "version": null
          },
          {
            "model": "sd-320an",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "silextechnology",
            "version": "2.01"
          },
          {
            "model": "geh-sd-320an",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "silextechnology",
            "version": "geh-1.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-09554"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004825"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-6021"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-233"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:silextechnology:sd-320an_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.01",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:silextechnology:sd-320an:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:silextechnology:geh-sd-320an_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "geh-1.1",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:silextechnology:geh-sd-320an:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-6021"
          }
        ]
      },
      "cve": "CVE-2018-6021",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-6021",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-09554",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-136053",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "LOW",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.1,
                "impactScore": 3.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "Low",
                "baseScore": 7.4,
                "baseSeverity": "High",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2018-6021",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-6021",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-09554",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201805-233",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-136053",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-09554"
          },
          {
            "db": "VULHUB",
            "id": "VHN-136053"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004825"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-6021"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-233"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Silex SD-320AN version 2.01 and prior and GE MobileLink(GEH-SD-320AN) version GEH-1.1 and prior have a system call parameter that is not properly sanitized, which may allow remote code execution. Silex SD-320AN and GE MobileLink (GEH-SD-320AN) Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Silex SD-320AN is a serial device server from Japan\u0027s Silex Technology Corporation. GE MobileLink (GEH-SD-320AN) is a set of electrocardiogram analysis system of General Electric (GE). A remote attacker could use this vulnerability to execute code. The vulnerability stems from the fact that the program does not have correct filtering system call parameters",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-6021"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004825"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-09554"
          },
          {
            "db": "VULHUB",
            "id": "VHN-136053"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSMA-18-128-01",
            "trust": 3.1
          },
          {
            "db": "NVD",
            "id": "CVE-2018-6021",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004825",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-233",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-09554",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-136053",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-09554"
          },
          {
            "db": "VULHUB",
            "id": "VHN-136053"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004825"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-6021"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-233"
          }
        ]
      },
      "id": "VAR-201805-1045",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-09554"
          },
          {
            "db": "VULHUB",
            "id": "VHN-136053"
          }
        ],
        "trust": 1.53333335
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-09554"
          }
        ]
      },
      "last_update_date": "2023-12-18T14:01:13.321000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
            "trust": 0.8,
            "url": "http://www.silex.jp/"
          },
          {
            "title": "Patch for Silex SD-320AN and GE MobileLink Remote Code Execution Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/129203"
          },
          {
            "title": "Silex SD-320AN  and GE MobileLink Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79912"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-09554"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004825"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-233"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-136053"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004825"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-6021"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-128-01"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6021"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-6021"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-09554"
          },
          {
            "db": "VULHUB",
            "id": "VHN-136053"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004825"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-6021"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-233"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-09554"
          },
          {
            "db": "VULHUB",
            "id": "VHN-136053"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004825"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-6021"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-233"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-05-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-09554"
          },
          {
            "date": "2018-05-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-136053"
          },
          {
            "date": "2018-06-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-004825"
          },
          {
            "date": "2018-05-09T21:29:00.277000",
            "db": "NVD",
            "id": "CVE-2018-6021"
          },
          {
            "date": "2018-05-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201805-233"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-05-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-09554"
          },
          {
            "date": "2018-06-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-136053"
          },
          {
            "date": "2018-06-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-004825"
          },
          {
            "date": "2018-06-13T14:25:35.437000",
            "db": "NVD",
            "id": "CVE-2018-6021"
          },
          {
            "date": "2018-05-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201805-233"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-233"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Silex SD-320AN and  GE MobileLink In  OS Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-004825"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-233"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202303-1316

    Vulnerability from variot - Updated: 2023-12-18 13:59

    GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202303-1316",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ifix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ge",
            "version": "6.5"
          },
          {
            "model": "ifix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ge",
            "version": "6.1"
          },
          {
            "model": "ifix",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ge",
            "version": "2022"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-0598"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:ifix:6.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:ifix:2022:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:ifix:6.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-0598"
          }
        ]
      },
      "cve": "CVE-2023-0598",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2023-0598",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2023-0598",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202303-1247",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-0598"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-0598"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202303-1247"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "\nGE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-0598"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-0598"
          }
        ],
        "trust": 0.99
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSA-23-073-03",
            "trust": 1.7
          },
          {
            "db": "NVD",
            "id": "CVE-2023-0598",
            "trust": 1.7
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.1564",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202303-1247",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-0598",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-0598"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-0598"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202303-1247"
          }
        ]
      },
      "id": "VAR-202303-1316",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.54761904
      },
      "last_update_date": "2023-12-18T13:59:12.877000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-94",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-0598"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "https://digitalsupport.ge.com/s/article/ifix-secure-deployment-guide?language=en_us"
          },
          {
            "trust": 1.7,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-073-03"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.1564"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-0598/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/94.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-0598"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-0598"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202303-1247"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2023-0598"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-0598"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202303-1247"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-03-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-0598"
          },
          {
            "date": "2023-03-16T20:15:11.327000",
            "db": "NVD",
            "id": "CVE-2023-0598"
          },
          {
            "date": "2023-03-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202303-1247"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-03-17T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-0598"
          },
          {
            "date": "2023-11-07T04:00:56.850000",
            "db": "NVD",
            "id": "CVE-2023-0598"
          },
          {
            "date": "2023-03-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202303-1247"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202303-1247"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE iFIX Code injection vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202303-1247"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202303-1247"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201503-0371

    Vulnerability from variot - Updated: 2023-12-18 13:53

    The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values. Supplementary information : CWE Vulnerability type by CWE-330: Use of Insufficiently Random Values ( Insufficient random value used ) Has been identified. The GE Hydran M2 is a fault gas and moisture detection solution. General Electric (GE) Hydran M2 is prone to a predictable random number generator weakness

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201503-0371",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "hydran m2",
            "scope": null,
            "trust": 1.2,
            "vendor": "ge",
            "version": null
          },
          {
            "model": "hydran m2",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ge",
            "version": "*"
          },
          {
            "model": "hydran m2",
            "scope": null,
            "trust": 0.8,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": "electric hydran m2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "general",
            "version": "0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "hydran m2",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "9ca20a14-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-01827"
          },
          {
            "db": "BID",
            "id": "73026"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007977"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5409"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201503-323"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:hydran_m2:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-5409"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Raheem Beyah, David Formby, and San Shin Jung of Georgia Tech.",
        "sources": [
          {
            "db": "BID",
            "id": "73026"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2014-5409",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2014-5409",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-01827",
                "impactScore": 4.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "9ca20a14-2351-11e6-abef-000c29c66e3d",
                "impactScore": 4.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2014-5409",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-01827",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201503-323",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "9ca20a14-2351-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "9ca20a14-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-01827"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007977"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5409"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201503-323"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values. Supplementary information : CWE Vulnerability type by CWE-330: Use of Insufficiently Random Values ( Insufficient random value used ) Has been identified. The GE Hydran M2 is a fault gas and moisture detection solution. General Electric (GE) Hydran M2 is prone to a predictable random number generator weakness",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-5409"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007977"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-01827"
          },
          {
            "db": "BID",
            "id": "73026"
          },
          {
            "db": "IVD",
            "id": "9ca20a14-2351-11e6-abef-000c29c66e3d"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-5409",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-15-041-02",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "73026",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-01827",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201503-323",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007977",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "9CA20A14-2351-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "9ca20a14-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-01827"
          },
          {
            "db": "BID",
            "id": "73026"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007977"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5409"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201503-323"
          }
        ]
      },
      "id": "VAR-201503-0371",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "9ca20a14-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-01827"
          }
        ],
        "trust": 1.425
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "9ca20a14-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-01827"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:53:18.752000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Hydran M2",
            "trust": 0.8,
            "url": "https://www.gedigitalenergy.com/md/catalog/hydranm2.htm"
          },
          {
            "title": "GE Hydran M2 can guess patches for TCP initialization sequence vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/56375"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-01827"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007977"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007977"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5409"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-041-02"
          },
          {
            "trust": 1.6,
            "url": "http://libraries.ge.com/download?fileid=642886573101\u0026entity_id=31955841101\u0026sid=101"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5409"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5409"
          },
          {
            "trust": 0.3,
            "url": "http://www.ge.com/"
          },
          {
            "trust": 0.3,
            "url": "https://www.gedigitalenergy.com/md/catalog/hydranm2.htm"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-01827"
          },
          {
            "db": "BID",
            "id": "73026"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007977"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5409"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201503-323"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "9ca20a14-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-01827"
          },
          {
            "db": "BID",
            "id": "73026"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007977"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-5409"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201503-323"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-03-19T00:00:00",
            "db": "IVD",
            "id": "9ca20a14-2351-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2015-03-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-01827"
          },
          {
            "date": "2015-03-10T00:00:00",
            "db": "BID",
            "id": "73026"
          },
          {
            "date": "2015-03-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-007977"
          },
          {
            "date": "2015-03-14T01:59:00.067000",
            "db": "NVD",
            "id": "CVE-2014-5409"
          },
          {
            "date": "2015-03-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201503-323"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-03-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-01827"
          },
          {
            "date": "2015-03-10T00:00:00",
            "db": "BID",
            "id": "73026"
          },
          {
            "date": "2015-03-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-007977"
          },
          {
            "date": "2015-03-16T16:26:28.807000",
            "db": "NVD",
            "id": "CVE-2014-5409"
          },
          {
            "date": "2015-03-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201503-323"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201503-323"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Digital Energy Hydran M2 for  17046 Ethernet Vulnerability in a packet being spoofed",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007977"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Design Error",
        "sources": [
          {
            "db": "BID",
            "id": "73026"
          }
        ],
        "trust": 0.3
      }
    }

    VAR-201810-0464

    Vulnerability from variot - Updated: 2023-12-18 13:52

    Multiple instances of this vulnerability (Unsafe ActiveX Control Marked Safe For Scripting) have been identified in the third-party ActiveX object provided to GE iFIX versions 2.0 - 5.8 by Gigasoft. Only the independent use of the Gigasoft charting package outside the iFIX product may expose users to the reported vulnerability. The reported method shown to impact Internet Explorer is not exposed in the iFIX product, nor is the core functionality of the iFIX product known to be impacted. GE iFIX Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. iFIX is an intelligent hardware and software solution from GE Intelligent Platforms (GE-IP). There is a security hole in the Gigasoft component in GEiFix. An attacker could exploit the vulnerability to perform unauthorized operations. General Electric iFix is prone to an unspecified local security vulnerability

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0464",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ifix",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "ge",
            "version": "2.0"
          },
          {
            "model": "ifix",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ge",
            "version": "5.8"
          },
          {
            "model": "ifix",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ge",
            "version": "5.8"
          },
          {
            "model": "ifix",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "2.0 to  5.8"
          },
          {
            "model": "ifix",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge",
            "version": "5.5"
          },
          {
            "model": "ifix",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge",
            "version": "2.0"
          },
          {
            "model": "ifix",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge",
            "version": "5.0"
          },
          {
            "model": "ifix",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge",
            "version": "5.1"
          },
          {
            "model": "electric ifix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "general",
            "version": "5.8"
          },
          {
            "model": "electric ifix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "general",
            "version": "5.5"
          },
          {
            "model": "electric ifix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "general",
            "version": "5.1"
          },
          {
            "model": "electric ifix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "general",
            "version": "5.0"
          },
          {
            "model": "electric ifix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "general",
            "version": "2.0"
          },
          {
            "model": "electric ifix",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "general",
            "version": "5.9"
          },
          {
            "model": "ifix",
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ge",
            "version": "5.5*"
          },
          {
            "model": "ifix",
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ge",
            "version": "2.0*"
          },
          {
            "model": "ifix",
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ge",
            "version": "5.0*"
          },
          {
            "model": "ifix",
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ge",
            "version": "5.1*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d85694f-463f-11e9-a62b-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21170"
          },
          {
            "db": "BID",
            "id": "105540"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011235"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17925"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:ifix:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "5.8",
                    "versionStartIncluding": "2.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-17925"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "LiMingzheng of 360 aegis.",
        "sources": [
          {
            "db": "BID",
            "id": "105540"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-17925",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.4,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.4,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-17925",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2018-21170",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "7d85694f-463f-11e9-a62b-000c29342cb1",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "LOW",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.3,
                "impactScore": 3.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "Low",
                "baseScore": 4.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2018-17925",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-17925",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-21170",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201810-510",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "7d85694f-463f-11e9-a62b-000c29342cb1",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d85694f-463f-11e9-a62b-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21170"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011235"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17925"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-510"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple instances of this vulnerability (Unsafe ActiveX Control Marked Safe For Scripting) have been identified in the third-party ActiveX object provided to GE iFIX versions 2.0 - 5.8 by Gigasoft. Only the independent use of the Gigasoft charting package outside the iFIX product may expose users to the reported vulnerability. The reported method shown to impact Internet Explorer is not exposed in the iFIX product, nor is the core functionality of the iFIX product known to be impacted. GE iFIX Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. iFIX is an intelligent hardware and software solution from GE Intelligent Platforms (GE-IP). There is a security hole in the Gigasoft component in GEiFix. An attacker could exploit the vulnerability to perform unauthorized operations. General Electric iFix is prone to an unspecified local security vulnerability",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-17925"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011235"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21170"
          },
          {
            "db": "BID",
            "id": "105540"
          },
          {
            "db": "IVD",
            "id": "7d85694f-463f-11e9-a62b-000c29342cb1"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-17925",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-282-01",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "105540",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21170",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-510",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011235",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "7D85694F-463F-11E9-A62B-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d85694f-463f-11e9-a62b-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21170"
          },
          {
            "db": "BID",
            "id": "105540"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011235"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17925"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-510"
          }
        ]
      },
      "id": "VAR-201810-0464",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "7d85694f-463f-11e9-a62b-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21170"
          }
        ],
        "trust": 1.34761904
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d85694f-463f-11e9-a62b-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21170"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:52:32.202000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://digitalsupport.ge.com/communities/cc_home"
          },
          {
            "title": "GEiFix does not authorize patches for operating vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/142387"
          },
          {
            "title": "GE iFIX Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86165"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-21170"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011235"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-510"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-254",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011235"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17925"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-282-01"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/105540"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17925"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17925"
          },
          {
            "trust": 0.3,
            "url": "https://www.ge.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-21170"
          },
          {
            "db": "BID",
            "id": "105540"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011235"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17925"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-510"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "7d85694f-463f-11e9-a62b-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21170"
          },
          {
            "db": "BID",
            "id": "105540"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011235"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17925"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-510"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-18T00:00:00",
            "db": "IVD",
            "id": "7d85694f-463f-11e9-a62b-000c29342cb1"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-21170"
          },
          {
            "date": "2018-10-09T00:00:00",
            "db": "BID",
            "id": "105540"
          },
          {
            "date": "2019-01-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011235"
          },
          {
            "date": "2018-10-10T17:29:04.297000",
            "db": "NVD",
            "id": "CVE-2018-17925"
          },
          {
            "date": "2018-10-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-510"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-01-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-21170"
          },
          {
            "date": "2018-10-09T00:00:00",
            "db": "BID",
            "id": "105540"
          },
          {
            "date": "2019-01-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011235"
          },
          {
            "date": "2019-10-09T23:37:04.537000",
            "db": "NVD",
            "id": "CVE-2018-17925"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-510"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "BID",
            "id": "105540"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-510"
          }
        ],
        "trust": 0.9
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE iFIX Cryptographic vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011235"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-510"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201301-0033

    Vulnerability from variot - Updated: 2023-12-18 13:49

    Integer overflow in CimWebServer.exe in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to cause a denial of service (daemon crash) via a malformed HTTP request. GE Proficy HMI/SCADA-CIMPLICITY is software for monitoring and controlling scada devices. There are security vulnerabilities in GE Proficy HMI/SCADA-CIMPLICITY 4.01 and other versions. An attacker could exploit this vulnerability to compromise an affected application and deny service to legitimate users. GE Proficy HMI/SCADA-CIMPLICITY is prone to a remote denial-of-service vulnerability. ----------------------------------------------------------------------

    The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/


    TITLE: Proficy HMI/SCADA - CIMPLICITY Web Server Integer Overflow Vulnerability

    SECUNIA ADVISORY ID: SA51789

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51789/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51789

    RELEASE DATE: 2013-01-09

    DISCUSS ADVISORY: http://secunia.com/advisories/51789/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/51789/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=51789

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: A vulnerability has been reported in Proficy HMI/SCADA - CIMPLICITY, which can be exploited by malicious people to cause a DoS (Denial of Service).

    The vulnerability is caused due to an integer overflow error within the web server (CimWebServer.exe) when handling certain HTTP data and can be exploited to crash the web server.

    The vulnerability is reported in versions 8.0 and later.

    SOLUTION: Apply patches (please see vendor's advisory for details).

    PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Kuang-Chun Hung, Information and Communication Security Technology Center.

    ORIGINAL ADVISORY: GE: http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15153

    ICS-CERT (ICSA-12-341-01): http://www.us-cert.gov/control_systems/pdf/ICSA-12-341-01.pdf

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201301-0033",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "intelligent platforms proficy hmi\\/scada cimplicity",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "8.0"
          },
          {
            "model": "intelligent platforms proficy hmi\\/scada cimplicity",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "7.5"
          },
          {
            "model": "intelligent platforms proficy process systems with cimplicity",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": null
          },
          {
            "model": "intelligent platforms proficy hmi\\/scada cimplicity",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "4.01"
          },
          {
            "model": "intelligent platforms proficy process systems",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ge",
            "version": null
          },
          {
            "model": "proficy hmi/scada - cimplicity",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "4.01 to  8.0"
          },
          {
            "model": "proficy hmi/scada-cimplicity",
            "scope": null,
            "trust": 0.6,
            "vendor": "ge fanuc automation",
            "version": null
          },
          {
            "model": "proficy hmi/scada-cimplicity",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge fanuc automation",
            "version": "4.01"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "intelligent platforms proficy hmi scada cimplicity",
            "version": "4.01"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "intelligent platforms proficy hmi scada cimplicity",
            "version": "7.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "intelligent platforms proficy hmi scada cimplicity",
            "version": "8.0"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "2204923e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00198"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001206"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-4689"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-121"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:4.01:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:7.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_process_systems_with_cimplicity:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:ge:intelligent_platforms_proficy_process_systems:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-4689"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Kuang-Chun Hung of Information and Communication Security Technology Center",
        "sources": [
          {
            "db": "BID",
            "id": "57188"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-121"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2012-4689",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2012-4689",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "2204923e-2353-11e6-abef-000c29c66e3d",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2012-4689",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201301-121",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "2204923e-2353-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "2204923e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001206"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-4689"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-121"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Integer overflow in CimWebServer.exe in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to cause a denial of service (daemon crash) via a malformed HTTP request. GE Proficy HMI/SCADA-CIMPLICITY is software for monitoring and controlling scada devices. There are security vulnerabilities in GE Proficy HMI/SCADA-CIMPLICITY 4.01 and other versions. An attacker could exploit this vulnerability to compromise an affected application and deny service to legitimate users. GE Proficy HMI/SCADA-CIMPLICITY is prone to a remote denial-of-service vulnerability. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nProficy HMI/SCADA - CIMPLICITY Web Server Integer Overflow\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA51789\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/51789/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51789\n\nRELEASE DATE:\n2013-01-09\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/51789/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/51789/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51789\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Proficy HMI/SCADA - CIMPLICITY,\nwhich can be exploited by malicious people to cause a DoS (Denial of\nService). \n\nThe vulnerability is caused due to an integer overflow error within\nthe web server (CimWebServer.exe) when handling certain HTTP data and\ncan be exploited to crash the web server. \n\nThe vulnerability is reported in versions 8.0 and later. \n\nSOLUTION:\nApply patches (please see vendor\u0027s advisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\nICS-CERT credits Kuang-Chun Hung, Information and Communication\nSecurity Technology Center. \n\nORIGINAL ADVISORY:\nGE:\nhttp://support.ge-ip.com/support/index?page=kbchannel\u0026id=S:KB15153\n\nICS-CERT (ICSA-12-341-01):\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-341-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-4689"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001206"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00198"
          },
          {
            "db": "BID",
            "id": "57188"
          },
          {
            "db": "IVD",
            "id": "2204923e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "PACKETSTORM",
            "id": "119429"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2012-4689",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-12-341-01",
            "trust": 2.5
          },
          {
            "db": "BID",
            "id": "57188",
            "trust": 1.5
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00198",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-121",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001206",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "51789",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "2204923E-2353-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "119429",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "2204923e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00198"
          },
          {
            "db": "BID",
            "id": "57188"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001206"
          },
          {
            "db": "PACKETSTORM",
            "id": "119429"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-4689"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-121"
          }
        ]
      },
      "id": "VAR-201301-0033",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "2204923e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00198"
          }
        ],
        "trust": 1.4684981666666668
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "2204923e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00198"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:49:07.748000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Proficy HMI/SCADA - CIMPLICITY",
            "trust": 0.8,
            "url": "http://www.ge-ip.com/products/proficy-hmi-scada-cimplicity/p2819"
          },
          {
            "title": "\u76e3\u8996\u5236\u5fa1\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2(SCADA) CIMPLICITY",
            "trust": 0.8,
            "url": "http://www.ge-ip.co.jp/cimpli-ta.html"
          },
          {
            "title": "GE Proficy HMI/SCADA CIMPLICITY Denial of Service Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/28671"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-00198"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001206"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-189",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001206"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-4689"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-341-01.pdf"
          },
          {
            "trust": 1.7,
            "url": "http://support.ge-ip.com/support/index?page=kbchannel\u0026id=s:kb15153"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4689"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4689"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/57188http"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/51789"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/57188"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/51789/#comments"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_intelligence/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51789"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/51789/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/blog/325/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-00198"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001206"
          },
          {
            "db": "PACKETSTORM",
            "id": "119429"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-4689"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-121"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "2204923e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00198"
          },
          {
            "db": "BID",
            "id": "57188"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001206"
          },
          {
            "db": "PACKETSTORM",
            "id": "119429"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-4689"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-121"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-01-11T00:00:00",
            "db": "IVD",
            "id": "2204923e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2013-01-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-00198"
          },
          {
            "date": "2012-12-06T00:00:00",
            "db": "BID",
            "id": "57188"
          },
          {
            "date": "2013-01-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-001206"
          },
          {
            "date": "2013-01-10T07:53:28",
            "db": "PACKETSTORM",
            "id": "119429"
          },
          {
            "date": "2013-01-17T16:55:01.780000",
            "db": "NVD",
            "id": "CVE-2012-4689"
          },
          {
            "date": "2012-12-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201301-121"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-01-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-00198"
          },
          {
            "date": "2012-12-06T00:00:00",
            "db": "BID",
            "id": "57188"
          },
          {
            "date": "2013-01-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-001206"
          },
          {
            "date": "2013-01-29T05:00:00",
            "db": "NVD",
            "id": "CVE-2012-4689"
          },
          {
            "date": "2013-01-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201301-121"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-121"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Proficy HMI/SCADA CIMPLICITY Denial of service vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "2204923e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00198"
          },
          {
            "db": "BID",
            "id": "57188"
          }
        ],
        "trust": 1.1
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "digital error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-121"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202004-2037

    Vulnerability from variot - Updated: 2023-12-18 13:47

    A local privilege escalation vulnerability has been identified in the GE Digital CIMPLICITY HMI/SCADA product v10.0 and prior. If exploited, this vulnerability could allow an adversary to modify the system, leading to the arbitrary execution of code. This vulnerability is only exploitable if an attacker has access to an authenticated session. GE Digital CIMPLICITY v11.0, released January 2020, contains mitigation for this local privilege escalation vulnerability. GE Digital recommends all users upgrade to GE CIMPLICITY v11.0 or newer. CIMPLICITY Inappropriate authority management vulnerabilities (CWE-269) Exists. GE CIMPLICITY is a client/server-based HMI/SCADA solution from General Electric (GE) of the United States. The solution can collect and share real-time and historical data between all levels of the enterprise, and realize the operation visualization of process, equipment and resource monitoring

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202004-2037",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "cimplicity",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ge",
            "version": "10.0"
          },
          {
            "model": "cimplicity",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "10.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.6,
            "vendor": "cimplicity",
            "version": "*"
          },
          {
            "model": "cimplicity",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "ge",
            "version": "\u003c=v10.0"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7da42928-7c08-4225-bfdf-8978c341a37a"
          },
          {
            "db": "IVD",
            "id": "5bcac29d-8726-4410-b55b-bf233b8aaeaf"
          },
          {
            "db": "IVD",
            "id": "6d889fac-0db2-48e3-982e-eac48e690731"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-22318"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003278"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-6992"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-6992"
          }
        ]
      },
      "cve": "CVE-2020-6992",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-22318",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "7da42928-7c08-4225-bfdf-8978c341a37a",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "5bcac29d-8726-4410-b55b-bf233b8aaeaf",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "6d889fac-0db2-48e3-982e-eac48e690731",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2020-6992",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Local",
                "author": "IPA score",
                "availabilityImpact": "High",
                "baseScore": 6.0,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2020-003278",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2020-6992",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2020-003278",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-22318",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202004-378",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "7da42928-7c08-4225-bfdf-8978c341a37a",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "5bcac29d-8726-4410-b55b-bf233b8aaeaf",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "6d889fac-0db2-48e3-982e-eac48e690731",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2020-6992",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7da42928-7c08-4225-bfdf-8978c341a37a"
          },
          {
            "db": "IVD",
            "id": "5bcac29d-8726-4410-b55b-bf233b8aaeaf"
          },
          {
            "db": "IVD",
            "id": "6d889fac-0db2-48e3-982e-eac48e690731"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-22318"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-6992"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003278"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-6992"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-378"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A local privilege escalation vulnerability has been identified in the GE Digital CIMPLICITY HMI/SCADA product v10.0 and prior. If exploited, this vulnerability could allow an adversary to modify the system, leading to the arbitrary execution of code. This vulnerability is only exploitable if an attacker has access to an authenticated session. GE Digital CIMPLICITY v11.0, released January 2020, contains mitigation for this local privilege escalation vulnerability. GE Digital recommends all users upgrade to GE CIMPLICITY v11.0 or newer. CIMPLICITY Inappropriate authority management vulnerabilities (CWE-269) Exists. GE CIMPLICITY is a client/server-based HMI/SCADA solution from General Electric (GE) of the United States. The solution can collect and share real-time and historical data between all levels of the enterprise, and realize the operation visualization of process, equipment and resource monitoring",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-6992"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003278"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-22318"
          },
          {
            "db": "IVD",
            "id": "7da42928-7c08-4225-bfdf-8978c341a37a"
          },
          {
            "db": "IVD",
            "id": "5bcac29d-8726-4410-b55b-bf233b8aaeaf"
          },
          {
            "db": "IVD",
            "id": "6d889fac-0db2-48e3-982e-eac48e690731"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-6992"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-6992",
            "trust": 3.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-098-02",
            "trust": 3.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-22318",
            "trust": 1.2
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-378",
            "trust": 1.2
          },
          {
            "db": "JVN",
            "id": "JVNVU95253418",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003278",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.1252",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "47765",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "7DA42928-7C08-4225-BFDF-8978C341A37A",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "5BCAC29D-8726-4410-B55B-BF233B8AAEAF",
            "trust": 0.2
          },
          {
            "db": "IVD",
            "id": "6D889FAC-0DB2-48E3-982E-EAC48E690731",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-6992",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7da42928-7c08-4225-bfdf-8978c341a37a"
          },
          {
            "db": "IVD",
            "id": "5bcac29d-8726-4410-b55b-bf233b8aaeaf"
          },
          {
            "db": "IVD",
            "id": "6d889fac-0db2-48e3-982e-eac48e690731"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-22318"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-6992"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003278"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-6992"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-378"
          }
        ]
      },
      "id": "VAR-202004-2037",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "7da42928-7c08-4225-bfdf-8978c341a37a"
          },
          {
            "db": "IVD",
            "id": "5bcac29d-8726-4410-b55b-bf233b8aaeaf"
          },
          {
            "db": "IVD",
            "id": "6d889fac-0db2-48e3-982e-eac48e690731"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-22318"
          }
        ],
        "trust": 0.12
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 1.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7da42928-7c08-4225-bfdf-8978c341a37a"
          },
          {
            "db": "IVD",
            "id": "5bcac29d-8726-4410-b55b-bf233b8aaeaf"
          },
          {
            "db": "IVD",
            "id": "6d889fac-0db2-48e3-982e-eac48e690731"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-22318"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:47:31.928000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Customer Center",
            "trust": 0.8,
            "url": "https://digitalsupport.ge.com/communities/cc_contact"
          },
          {
            "title": "Patch for GE CIMPLICITY permission elevation vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/213375"
          },
          {
            "title": "GE CIMPLICITY Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=115598"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/jianmingguo/sicsp_ics "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22318"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-6992"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003278"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-378"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-269",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003278"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-6992"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.7,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-098-02"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6992"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu95253418/"
          },
          {
            "trust": 0.6,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6992"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/47765"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.1252/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/269.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/jianmingguo/sicsp_ics"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-22318"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-6992"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003278"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-6992"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-378"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "7da42928-7c08-4225-bfdf-8978c341a37a"
          },
          {
            "db": "IVD",
            "id": "5bcac29d-8726-4410-b55b-bf233b8aaeaf"
          },
          {
            "db": "IVD",
            "id": "6d889fac-0db2-48e3-982e-eac48e690731"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-22318"
          },
          {
            "db": "VULMON",
            "id": "CVE-2020-6992"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003278"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-6992"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-378"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-04-07T00:00:00",
            "db": "IVD",
            "id": "7da42928-7c08-4225-bfdf-8978c341a37a"
          },
          {
            "date": "2020-04-07T00:00:00",
            "db": "IVD",
            "id": "5bcac29d-8726-4410-b55b-bf233b8aaeaf"
          },
          {
            "date": "2020-04-07T00:00:00",
            "db": "IVD",
            "id": "6d889fac-0db2-48e3-982e-eac48e690731"
          },
          {
            "date": "2020-04-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-22318"
          },
          {
            "date": "2020-04-15T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-6992"
          },
          {
            "date": "2020-04-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-003278"
          },
          {
            "date": "2020-04-15T17:15:14.953000",
            "db": "NVD",
            "id": "CVE-2020-6992"
          },
          {
            "date": "2020-04-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-378"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-04-12T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-22318"
          },
          {
            "date": "2020-04-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2020-6992"
          },
          {
            "date": "2020-04-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-003278"
          },
          {
            "date": "2020-04-22T17:21:43.147000",
            "db": "NVD",
            "id": "CVE-2020-6992"
          },
          {
            "date": "2020-08-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202004-378"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-378"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Digital Made  CIMPLICITY Improper authority management vulnerabilities in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-003278"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "IVD",
            "id": "7da42928-7c08-4225-bfdf-8978c341a37a"
          },
          {
            "db": "IVD",
            "id": "5bcac29d-8726-4410-b55b-bf233b8aaeaf"
          },
          {
            "db": "IVD",
            "id": "6d889fac-0db2-48e3-982e-eac48e690731"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202004-378"
          }
        ],
        "trust": 1.2
      }
    }

    VAR-201301-0370

    Vulnerability from variot - Updated: 2023-12-18 13:44

    GE Intelligent Platforms Proficy Real-Time Information Portal does not restrict access to methods of an unspecified Java class, which allows remote attackers to obtain a username listing via an RMI call. Attackers can exploit these issues to gain access to sensitive information that may aid in further attacks. ----------------------------------------------------------------------

    The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/


    TITLE: Proficy Real-Time Information Portal Two Information Disclosure Security Issues

    SECUNIA ADVISORY ID: SA51746

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51746/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51746

    RELEASE DATE: 2013-01-23

    DISCUSS ADVISORY: http://secunia.com/advisories/51746/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/51746/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=51746

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: Two security issues have been reported in Proficy Real-Time Information Portal, which can be exploited by malicious people to disclose certain sensitive information.

    1) The application provides unrestricted access to certain files and directories, which can be exploited to e.g. retrieve configuration files.

    The security issues are reported in all supported versions.

    SOLUTION: Apply updates (please see the vendor's advisory for details).

    Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

    ORIGINAL ADVISORY: ICSA-13-022-01: http://www.us-cert.gov/control_systems/pdf/ICSA-13-022-01.pdf

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201301-0370",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "intelligent platforms proficy real-time information portal",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "2.6"
          },
          {
            "model": "intelligent platforms proficy real-time information portal",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": null
          },
          {
            "model": "intelligent platforms proficy real-time information portal",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "3.0"
          },
          {
            "model": "intelligent platforms proficy real-time information portal",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "3.5"
          },
          {
            "model": "electric proficy real-time information portal",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "general",
            "version": "2.5"
          },
          {
            "model": "electric proficy real-time information portal",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "general",
            "version": "2.6"
          },
          {
            "model": "electric proficy real-time information portal",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "general",
            "version": "3.0"
          },
          {
            "model": "electric proficy real-time information portal sp1",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "general",
            "version": "3.0"
          },
          {
            "model": "electric proficy real-time information portal",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "general",
            "version": "3.5"
          },
          {
            "model": "proficy real-time information portal",
            "scope": null,
            "trust": 0.8,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "intelligent platforms proficy real time information portal",
            "version": "3.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "intelligent platforms proficy real time information portal",
            "version": "3.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "intelligent platforms proficy real time information portal",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "intelligent platforms proficy real time information portal",
            "version": "2.6"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1f5f6cfc-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00514"
          },
          {
            "db": "BID",
            "id": "57506"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001288"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-0652"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-446"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.0:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:2.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.5:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-0652"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Reported by the vendor.",
        "sources": [
          {
            "db": "BID",
            "id": "57506"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2013-0652",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2013-0652",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "1f5f6cfc-2353-11e6-abef-000c29c66e3d",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2013-0652",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201301-446",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "1f5f6cfc-2353-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1f5f6cfc-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001288"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-0652"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-446"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Intelligent Platforms Proficy Real-Time Information Portal does not restrict access to methods of an unspecified Java class, which allows remote attackers to obtain a username listing via an RMI call. \nAttackers can exploit these issues to gain access to sensitive information that may aid in further attacks. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nProficy Real-Time Information Portal Two Information Disclosure\nSecurity Issues\n\nSECUNIA ADVISORY ID:\nSA51746\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/51746/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51746\n\nRELEASE DATE:\n2013-01-23\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/51746/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/51746/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51746\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nTwo security issues have been reported in Proficy Real-Time\nInformation Portal, which can be exploited by malicious people to\ndisclose certain sensitive information. \n\n1) The application provides unrestricted access to certain files and\ndirectories, which can be exploited to e.g. retrieve configuration\nfiles. \n\nThe security issues are reported in all supported versions. \n\nSOLUTION:\nApply updates (please see the vendor\u0027s advisory for details). \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nICSA-13-022-01:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-13-022-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-0652"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001288"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00514"
          },
          {
            "db": "BID",
            "id": "57506"
          },
          {
            "db": "IVD",
            "id": "1f5f6cfc-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "PACKETSTORM",
            "id": "119753"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-0652",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-13-022-01",
            "trust": 3.1
          },
          {
            "db": "BID",
            "id": "57506",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00514",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-446",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001288",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "51746",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "1F5F6CFC-2353-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "119753",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1f5f6cfc-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00514"
          },
          {
            "db": "BID",
            "id": "57506"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001288"
          },
          {
            "db": "PACKETSTORM",
            "id": "119753"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-0652"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-446"
          }
        ]
      },
      "id": "VAR-201301-0370",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "1f5f6cfc-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00514"
          }
        ],
        "trust": 1.51428573
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1f5f6cfc-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00514"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:44:36.859000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Proficy Real-Time Information Portal",
            "trust": 0.8,
            "url": "http://www.ge-ip.com/products/proficy-real-time-information-portal/p2811"
          },
          {
            "title": "Real-Time Information Portal (RTIP)",
            "trust": 0.8,
            "url": "http://www.ge-ip.co.jp/rtip-ta.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001288"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001288"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-0652"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "http://www.us-cert.gov/control_systems/pdf/icsa-13-022-01.pdf"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0652"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0652"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/51746"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/57506"
          },
          {
            "trust": 0.3,
            "url": "http://www.ge-ip.com/products/2811"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51746"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_intelligence/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/51746/#comments"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/51746/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/blog/325/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-00514"
          },
          {
            "db": "BID",
            "id": "57506"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001288"
          },
          {
            "db": "PACKETSTORM",
            "id": "119753"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-0652"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-446"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "1f5f6cfc-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00514"
          },
          {
            "db": "BID",
            "id": "57506"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001288"
          },
          {
            "db": "PACKETSTORM",
            "id": "119753"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-0652"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-446"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-01-24T00:00:00",
            "db": "IVD",
            "id": "1f5f6cfc-2353-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2013-01-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-00514"
          },
          {
            "date": "2013-01-22T00:00:00",
            "db": "BID",
            "id": "57506"
          },
          {
            "date": "2013-01-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-001288"
          },
          {
            "date": "2013-01-23T05:45:10",
            "db": "PACKETSTORM",
            "id": "119753"
          },
          {
            "date": "2013-01-27T18:55:03.413000",
            "db": "NVD",
            "id": "CVE-2013-0652"
          },
          {
            "date": "2013-01-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201301-446"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-01-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-00514"
          },
          {
            "date": "2013-01-22T00:00:00",
            "db": "BID",
            "id": "57506"
          },
          {
            "date": "2013-01-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-001288"
          },
          {
            "date": "2013-01-30T05:00:00",
            "db": "NVD",
            "id": "CVE-2013-0652"
          },
          {
            "date": "2013-01-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201301-446"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-446"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Proficy Real-Time Information Portal Multiple Information Disclosure Vulnerabilities",
        "sources": [
          {
            "db": "BID",
            "id": "57506"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-446"
          }
        ],
        "trust": 0.9
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-446"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201301-0369

    Vulnerability from variot - Updated: 2023-12-18 13:44

    The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to read configuration files, and discover data-source credentials, via a direct request. GE Proficy Real-Time Information Portal is a Proficy real-time information portal, a real-time manufacturing intelligence application for GE Intelligent Platforms. Attackers can exploit these issues to gain access to sensitive information that may aid in further attacks. ----------------------------------------------------------------------

    The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/


    TITLE: Proficy Real-Time Information Portal Two Information Disclosure Security Issues

    SECUNIA ADVISORY ID: SA51746

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51746/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51746

    RELEASE DATE: 2013-01-23

    DISCUSS ADVISORY: http://secunia.com/advisories/51746/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/51746/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=51746

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: Two security issues have been reported in Proficy Real-Time Information Portal, which can be exploited by malicious people to disclose certain sensitive information.

    1) The application provides unrestricted access to certain files and directories, which can be exploited to e.g. retrieve configuration files.

    2) The application exposes certain methods via Java RMI, which can be exploited to disclose information via RMI call.

    The security issues are reported in all supported versions.

    SOLUTION: Apply updates (please see the vendor's advisory for details).

    Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

    ORIGINAL ADVISORY: ICSA-13-022-01: http://www.us-cert.gov/control_systems/pdf/ICSA-13-022-01.pdf

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201301-0369",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "intelligent platforms proficy real-time information portal",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "2.6"
          },
          {
            "model": "intelligent platforms proficy real-time information portal",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": null
          },
          {
            "model": "intelligent platforms proficy real-time information portal",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "3.0"
          },
          {
            "model": "intelligent platforms proficy real-time information portal",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "3.5"
          },
          {
            "model": "electric proficy real-time information portal",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "general",
            "version": "2.5"
          },
          {
            "model": "electric proficy real-time information portal",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "general",
            "version": "2.6"
          },
          {
            "model": "electric proficy real-time information portal",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "general",
            "version": "3.0"
          },
          {
            "model": "electric proficy real-time information portal sp1",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "general",
            "version": "3.0"
          },
          {
            "model": "electric proficy real-time information portal",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "general",
            "version": "3.5"
          },
          {
            "model": "proficy real-time information portal",
            "scope": null,
            "trust": 0.8,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "intelligent platforms proficy real time information portal",
            "version": "3.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "intelligent platforms proficy real time information portal",
            "version": "3.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "intelligent platforms proficy real time information portal",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "intelligent platforms proficy real time information portal",
            "version": "2.6"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1f657034-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00513"
          },
          {
            "db": "BID",
            "id": "57506"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001287"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-0651"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-445"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:2.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.5:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.0:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-0651"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Reported by the vendor.",
        "sources": [
          {
            "db": "BID",
            "id": "57506"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2013-0651",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2013-0651",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "1f657034-2353-11e6-abef-000c29c66e3d",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2013-0651",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201301-445",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "1f657034-2353-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1f657034-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001287"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-0651"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-445"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to read configuration files, and discover data-source credentials, via a direct request. GE Proficy Real-Time Information Portal is a Proficy real-time information portal, a real-time manufacturing intelligence application for GE Intelligent Platforms. \nAttackers can exploit these issues to gain access to sensitive information that may aid in further attacks. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nProficy Real-Time Information Portal Two Information Disclosure\nSecurity Issues\n\nSECUNIA ADVISORY ID:\nSA51746\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/51746/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51746\n\nRELEASE DATE:\n2013-01-23\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/51746/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/51746/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51746\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nTwo security issues have been reported in Proficy Real-Time\nInformation Portal, which can be exploited by malicious people to\ndisclose certain sensitive information. \n\n1) The application provides unrestricted access to certain files and\ndirectories, which can be exploited to e.g. retrieve configuration\nfiles. \n\n2) The application exposes certain methods via Java RMI, which can be\nexploited to disclose information via RMI call. \n\nThe security issues are reported in all supported versions. \n\nSOLUTION:\nApply updates (please see the vendor\u0027s advisory for details). \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nICSA-13-022-01:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-13-022-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-0651"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001287"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00513"
          },
          {
            "db": "BID",
            "id": "57506"
          },
          {
            "db": "IVD",
            "id": "1f657034-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "PACKETSTORM",
            "id": "119753"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-0651",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-13-022-01",
            "trust": 3.1
          },
          {
            "db": "BID",
            "id": "57506",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00513",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-445",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001287",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "51746",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "1F657034-2353-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "119753",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1f657034-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00513"
          },
          {
            "db": "BID",
            "id": "57506"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001287"
          },
          {
            "db": "PACKETSTORM",
            "id": "119753"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-0651"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-445"
          }
        ]
      },
      "id": "VAR-201301-0369",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "1f657034-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00513"
          }
        ],
        "trust": 1.51428573
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1f657034-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00513"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:44:36.821000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Proficy Real-Time Information Portal",
            "trust": 0.8,
            "url": "http://www.ge-ip.com/products/proficy-real-time-information-portal/p2811"
          },
          {
            "title": "Real-Time Information Portal (RTIP)",
            "trust": 0.8,
            "url": "http://www.ge-ip.co.jp/rtip-ta.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001287"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001287"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-0651"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "http://www.us-cert.gov/control_systems/pdf/icsa-13-022-01.pdf"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0651"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0651"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/51746"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/57506"
          },
          {
            "trust": 0.3,
            "url": "http://www.ge-ip.com/products/2811"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51746"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_intelligence/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/51746/#comments"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/51746/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/blog/325/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-00513"
          },
          {
            "db": "BID",
            "id": "57506"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001287"
          },
          {
            "db": "PACKETSTORM",
            "id": "119753"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-0651"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-445"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "1f657034-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00513"
          },
          {
            "db": "BID",
            "id": "57506"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001287"
          },
          {
            "db": "PACKETSTORM",
            "id": "119753"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-0651"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-445"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-01-24T00:00:00",
            "db": "IVD",
            "id": "1f657034-2353-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2013-01-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-00513"
          },
          {
            "date": "2013-01-22T00:00:00",
            "db": "BID",
            "id": "57506"
          },
          {
            "date": "2013-01-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-001287"
          },
          {
            "date": "2013-01-23T05:45:10",
            "db": "PACKETSTORM",
            "id": "119753"
          },
          {
            "date": "2013-01-27T18:55:03.367000",
            "db": "NVD",
            "id": "CVE-2013-0651"
          },
          {
            "date": "2013-01-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201301-445"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-01-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-00513"
          },
          {
            "date": "2013-01-22T00:00:00",
            "db": "BID",
            "id": "57506"
          },
          {
            "date": "2013-01-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-001287"
          },
          {
            "date": "2013-01-30T05:00:00",
            "db": "NVD",
            "id": "CVE-2013-0651"
          },
          {
            "date": "2013-01-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201301-445"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-445"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Proficy Real-Time Information Portal Multiple Information Disclosure Vulnerabilities",
        "sources": [
          {
            "db": "BID",
            "id": "57506"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-445"
          }
        ],
        "trust": 0.9
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-445"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201307-0318

    Vulnerability from variot - Updated: 2023-12-18 13:44

    Multiple buffer overflows in CimWebServer.exe in the WebView component in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.0 SIM 27, 8.1 before SIM 25, and 8.2 before SIM 19, and Proficy Process Systems with CIMPLICITY, allow remote attackers to execute arbitrary code via crafted data in packets to TCP port 10212, aka ZDI-CAN-1621 and ZDI-CAN-1624. GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and Proficy Process Systems with CIMPLICITY of WebView Component CimWebServer.exe Contains a buffer overflow vulnerability. Zero Day Initiative The vulnerability ZDI-CAN-1621 and ZDI-CAN-1624 It was announced as.By a third party TCP port 10212 Arbitrary code may be executed via crafted data in the packet to the. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE Proficy CIMPLICITY. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CimWebServer component. This component performs insufficient bounds checking on user-supplied data passed in the szPassword field which results in stack corruption. An attacker can leverage this situation to execute code under the context of the process. GE Proficy CIMPLICITY is a monitoring software developed by GE and one of the industry's leading HMI/SCADA software

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201307-0318",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "proficy cimplicity",
            "scope": null,
            "trust": 2.0,
            "vendor": "ge",
            "version": null
          },
          {
            "model": "intelligent platforms proficy hmi\\/scada cimplicity",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "8.2"
          },
          {
            "model": "intelligent platforms proficy hmi\\/scada cimplicity",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "8.1"
          },
          {
            "model": "intelligent platforms proficy hmi\\/scada cimplicity",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "8.0"
          },
          {
            "model": "intelligent platforms proficy process systems with cimplicity",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": null
          },
          {
            "model": "proficy hmi/scada - cimplicity",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "sim 19"
          },
          {
            "model": "proficy hmi/scada - cimplicity",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "8.2"
          },
          {
            "model": "proficy hmi/scada - cimplicity",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "sim 25"
          },
          {
            "model": "proficy hmi/scada - cimplicity",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "8.1"
          },
          {
            "model": "proficy process systems with cimplicity",
            "scope": null,
            "trust": 0.8,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "intelligent platforms proficy hmi scada cimplicity",
            "version": "8.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "intelligent platforms proficy hmi scada cimplicity",
            "version": "8.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "intelligent platforms proficy hmi scada cimplicity",
            "version": "8.2"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "intelligent platforms proficy process with cimplicity",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "ce8baf5c-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-13-180"
          },
          {
            "db": "ZDI",
            "id": "ZDI-13-181"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-11048"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-003613"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2785"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-646"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:8.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_process_systems_with_cimplicity:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:8.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-2785"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ZombiE and amisto0x07",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-13-180"
          },
          {
            "db": "ZDI",
            "id": "ZDI-13-181"
          },
          {
            "db": "BID",
            "id": "61469"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-646"
          }
        ],
        "trust": 2.3
      },
      "cve": "CVE-2013-2785",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.3,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2013-2785",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2013-2785",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "MEDIUM",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2013-2785",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2013-11048",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "ce8baf5c-2352-11e6-abef-000c29c66e3d",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2013-2785",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "CVE-2013-2785",
                "trust": 0.7,
                "value": "MEDIUM"
              },
              {
                "author": "ZDI",
                "id": "CVE-2013-2785",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2013-11048",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201307-646",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "ce8baf5c-2352-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "ce8baf5c-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-13-180"
          },
          {
            "db": "ZDI",
            "id": "ZDI-13-181"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-11048"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-003613"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2785"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-646"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple buffer overflows in CimWebServer.exe in the WebView component in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.0 SIM 27, 8.1 before SIM 25, and 8.2 before SIM 19, and Proficy Process Systems with CIMPLICITY, allow remote attackers to execute arbitrary code via crafted data in packets to TCP port 10212, aka ZDI-CAN-1621 and ZDI-CAN-1624. GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and Proficy Process Systems with CIMPLICITY of WebView Component CimWebServer.exe Contains a buffer overflow vulnerability. Zero Day Initiative The vulnerability ZDI-CAN-1621 and ZDI-CAN-1624 It was announced as.By a third party TCP port 10212 Arbitrary code may be executed via crafted data in the packet to the. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE Proficy CIMPLICITY. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CimWebServer component. This component performs insufficient bounds checking on user-supplied data passed in the szPassword field which results in stack corruption. An attacker can leverage this situation to execute code under the context of the process. GE Proficy CIMPLICITY is a monitoring software developed by GE and one of the industry\u0027s leading HMI/SCADA software",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-2785"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-003613"
          },
          {
            "db": "ZDI",
            "id": "ZDI-13-180"
          },
          {
            "db": "ZDI",
            "id": "ZDI-13-181"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-11048"
          },
          {
            "db": "BID",
            "id": "61469"
          },
          {
            "db": "IVD",
            "id": "ce8baf5c-2352-11e6-abef-000c29c66e3d"
          }
        ],
        "trust": 3.87
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-2785",
            "trust": 4.9
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-13-170-01",
            "trust": 2.4
          },
          {
            "db": "BID",
            "id": "61469",
            "trust": 1.5
          },
          {
            "db": "ZDI",
            "id": "ZDI-13-180",
            "trust": 1.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-11048",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-646",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-003613",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-1621",
            "trust": 0.7
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-1624",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-13-181",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "CE8BAF5C-2352-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "ce8baf5c-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-13-180"
          },
          {
            "db": "ZDI",
            "id": "ZDI-13-181"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-11048"
          },
          {
            "db": "BID",
            "id": "61469"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-003613"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2785"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-646"
          }
        ]
      },
      "id": "VAR-201307-0318",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "ce8baf5c-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-11048"
          }
        ],
        "trust": 1.3907204000000002
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "ce8baf5c-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-11048"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:44:35.983000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "KB15602",
            "trust": 2.2,
            "url": "http://support.ge-ip.com/support/index?page=kbchannel\u0026id=kb15602"
          },
          {
            "title": "GE Proficy CIMPLICITY \u0027CimWebServer\u0027 patch for remote stack buffer overflow vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/36553"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-13-180"
          },
          {
            "db": "ZDI",
            "id": "ZDI-13-181"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-11048"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-003613"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-003613"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2785"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "http://support.ge-ip.com/support/index?page=kbchannel\u0026id=kb15602"
          },
          {
            "trust": 2.4,
            "url": "http://ics-cert.us-cert.gov/advisories/icsa-13-170-01"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2785"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2785"
          },
          {
            "trust": 0.6,
            "url": "http://www.zerodayinitiative.com/advisories/zdi-13-180/"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/61469"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-13-180"
          },
          {
            "db": "ZDI",
            "id": "ZDI-13-181"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-11048"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-003613"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2785"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-646"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "ce8baf5c-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "ZDI",
            "id": "ZDI-13-180"
          },
          {
            "db": "ZDI",
            "id": "ZDI-13-181"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-11048"
          },
          {
            "db": "BID",
            "id": "61469"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-003613"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-2785"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-646"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-07-31T00:00:00",
            "db": "IVD",
            "id": "ce8baf5c-2352-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2013-07-26T00:00:00",
            "db": "ZDI",
            "id": "ZDI-13-180"
          },
          {
            "date": "2013-07-26T00:00:00",
            "db": "ZDI",
            "id": "ZDI-13-181"
          },
          {
            "date": "2013-07-31T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-11048"
          },
          {
            "date": "2013-07-26T00:00:00",
            "db": "BID",
            "id": "61469"
          },
          {
            "date": "2013-08-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-003613"
          },
          {
            "date": "2013-07-31T13:20:28.707000",
            "db": "NVD",
            "id": "CVE-2013-2785"
          },
          {
            "date": "2013-07-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201307-646"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-07-26T00:00:00",
            "db": "ZDI",
            "id": "ZDI-13-180"
          },
          {
            "date": "2013-07-26T00:00:00",
            "db": "ZDI",
            "id": "ZDI-13-181"
          },
          {
            "date": "2013-07-31T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-11048"
          },
          {
            "date": "2013-07-26T00:00:00",
            "db": "BID",
            "id": "61469"
          },
          {
            "date": "2013-08-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-003613"
          },
          {
            "date": "2013-07-31T13:20:28.707000",
            "db": "NVD",
            "id": "CVE-2013-2785"
          },
          {
            "date": "2013-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201307-646"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-646"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Proficy CIMPLICITY \u0027CimWebServer\u0027 Remote Stack Buffer Overflow Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "ce8baf5c-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-11048"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow",
        "sources": [
          {
            "db": "IVD",
            "id": "ce8baf5c-2352-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201307-646"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201508-0152

    Vulnerability from variot - Updated: 2023-12-18 13:44

    The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. GE Healthcare Centricity DMS is a cardiology clinical education data management system for the medical industry from General Electric (GE). An attacker could use this vulnerability to control the device. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0152",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "centricity dms",
            "scope": "eq",
            "trust": 1.9,
            "vendor": "gehealthcare",
            "version": "4.2"
          },
          {
            "model": "centricity cardiology data management system",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ge healthcare",
            "version": "4.2"
          },
          {
            "model": "centricity dms",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge",
            "version": "4.2"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05138"
          },
          {
            "db": "BID",
            "id": "76166"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004008"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-7405"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-033"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:gehealthcare:centricity_dms:4.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-7405"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported this issue.",
        "sources": [
          {
            "db": "BID",
            "id": "76166"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2013-7405",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": true,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2013-7405",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-05138",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2013-7405",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-05138",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201508-033",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2013-7405",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05138"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-7405"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004008"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-7405"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-033"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has unspecified impact and attack vectors.  NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. GE Healthcare Centricity DMS is a cardiology clinical education data management system for the medical industry from General Electric (GE). An attacker could use this vulnerability to control the device. \nAttackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-7405"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004008"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05138"
          },
          {
            "db": "BID",
            "id": "76166"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-7405"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-7405",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004008",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-05138",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-033",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "76166",
            "trust": 0.4
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-7405",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05138"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-7405"
          },
          {
            "db": "BID",
            "id": "76166"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004008"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-7405"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-033"
          }
        ]
      },
      "id": "VAR-201508-0152",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05138"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05138"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:44:19.418000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Centricity* Cardiology Data Management System DMS Admin. - v. 4.2 Master Trainer Guide",
            "trust": 0.8,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/0908141_dms%204.2%20mtg.pdf?docclass=a\u0026req=rac\u0026direction=0908141\u0026filename=0908141_dms+4.2+mtg.pdf\u0026filerev=d\u0026docrev_org=d\u0026submit=+accept+"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004008"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-255",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004008"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-7405"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
          },
          {
            "trust": 1.7,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/0908141_dms+4.2+mtg.pdf?req=raa\u0026direction=0908141\u0026filename=0908141_dms%2b4.2%2bmtg.pdf\u0026filerev=d\u0026docrev_org=d"
          },
          {
            "trust": 1.7,
            "url": "https://twitter.com/digitalbond/status/619250429751222277"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7405"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7405"
          },
          {
            "trust": 0.6,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/0908141_dms+4.2+mtg.pdf?req=raa\u0026amp;direction=0908141\u0026amp;filename=0908141_dms%2b4.2%2bmtg.pdf\u0026amp;filerev=d\u0026amp;docrev_org=d"
          },
          {
            "trust": 0.3,
            "url": "http://apps.gehealthcare.com/servlet/clientservlet/0908141_dms%204.2%20mtg.pdf?docclass=a\u0026req=rac\u0026direction=0908141\u0026filename=0908141_dms+4.2+mtg.pdf\u0026filerev=d\u0026docrev_org=d\u0026submit=+accept+"
          },
          {
            "trust": 0.3,
            "url": "http://www3.gehealthcare.com/en"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/255.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.securityfocus.com/bid/76166"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05138"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-7405"
          },
          {
            "db": "BID",
            "id": "76166"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004008"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-7405"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-033"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05138"
          },
          {
            "db": "VULMON",
            "id": "CVE-2013-7405"
          },
          {
            "db": "BID",
            "id": "76166"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-004008"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-7405"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-033"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05138"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "VULMON",
            "id": "CVE-2013-7405"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "76166"
          },
          {
            "date": "2015-08-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004008"
          },
          {
            "date": "2015-08-04T14:59:22.643000",
            "db": "NVD",
            "id": "CVE-2013-7405"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-033"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-08-06T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-05138"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "VULMON",
            "id": "CVE-2013-7405"
          },
          {
            "date": "2015-08-04T00:00:00",
            "db": "BID",
            "id": "76166"
          },
          {
            "date": "2015-08-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-004008"
          },
          {
            "date": "2015-08-04T19:24:23.680000",
            "db": "NVD",
            "id": "CVE-2013-7405"
          },
          {
            "date": "2015-08-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201508-033"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-033"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Healthcare Centricity DMS Ad Hoc Reporting Trust Management Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-05138"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-033"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201508-033"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201111-0006

    Vulnerability from variot - Updated: 2023-12-18 13:40

    Multiple stack-based buffer overflows in GE Intelligent Platforms Proficy Applications before 4.4.1 SIM 101 and 5.x before 5.0 SIM 43 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted TCP message traffic to (1) PRProficyMgr.exe in Proficy Server Manager, (2) PRGateway.exe in Proficy Server Gateway, (3) PRRDS.exe in Proficy Remote Data Service, or (4) PRLicenseMgr.exe in Proficy Server License Manager. GE Proficy Plant is a smart factory solution that allows you to make business decisions and make decisions through real-time plant data. A security vulnerability exists in multiple Proficy services, allowing an attacker to gain control of the system. The GE Proficy Plan application component handles inbound TCP/IP messaging. There is a stack-based buffer overflow. This vulnerability affects: (1) By default, the Proficy Server Manager (PRProficyMgr.exe) on the TCP 12293 port is monitored. (2) By default, the Proficy Service Gateway program (PRGateway.exe) on the TCP 12294 port is monitored. (3) By default, the Proficy Remote Data Service (PRRDS.exe) on the TCP 12299 port is monitored. (4) By default, the Proficy Server License Manager (PRLicenseMgr.exe) on the TCP 12401 port is monitored. GE Proficy Plant is prone to a remote stack buffer-overflow vulnerability. An attacker could exploit this issue to execute arbitrary code with administrative privileges. Successfully exploiting this issue will result in the complete compromise of the affected computer. ----------------------------------------------------------------------

    Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.

    Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/


    TITLE: Proficy Plant Applications Multiple Services Buffer Overflow Vulnerabilities

    SECUNIA ADVISORY ID: SA46700

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46700/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46700

    RELEASE DATE: 2011-11-02

    DISCUSS ADVISORY: http://secunia.com/advisories/46700/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/46700/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=46700

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: Multiple vulnerabilities have been reported in Proficy Plant Applications, which can be exploited by malicious people to compromise a vulnerable system.

    Please see the vendor's advisory for a list of affected versions.

    SOLUTION: Apply updates.

    PROVIDED AND/OR DISCOVERED BY: The vendor credits Luigi Auriemma via ZDI.

    ORIGINAL ADVISORY: GE (GEIP-11-02): http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14493/en_US/GEIP11-02%20Security%20Advisory%20-%20Proficy%20Plant%20Applications%20services.pdf

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201111-0006",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "intelligent platforms proficy historian",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "4.0"
          },
          {
            "model": "intelligent platforms proficy historian",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "5.0"
          },
          {
            "model": "intelligent platforms proficy historian",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ge",
            "version": "4.4.1"
          },
          {
            "model": "ge intelligent platforms proficy applications",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "5.0 sim 43"
          },
          {
            "model": "ge intelligent platforms proficy applications",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "5.x"
          },
          {
            "model": "proficy historian",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "general electric",
            "version": "5.0"
          },
          {
            "model": "proficy historian",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "general electric",
            "version": "\u003c=4.4.1"
          },
          {
            "model": "proficy historian",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "general electric",
            "version": "4.0"
          },
          {
            "model": "intelligent platforms proficy historian",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge",
            "version": "4.4.1"
          },
          {
            "model": "electric proficy plant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "general",
            "version": "4.4.1"
          },
          {
            "model": "electric proficy plant",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "general",
            "version": "5.0"
          },
          {
            "model": "electric proficy plant sim43",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "general",
            "version": "5.0"
          },
          {
            "model": "electric proficy plant sim101",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "general",
            "version": "4.4.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "intelligent platforms proficy historian",
            "version": "4.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "intelligent platforms proficy historian",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "intelligent platforms proficy historian",
            "version": "5.0"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7061ba28-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4651"
          },
          {
            "db": "BID",
            "id": "50474"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-002757"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-1919"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-051"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_historian:4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_historian:5.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_historian:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.4.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2011-1919"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "US-CERT",
        "sources": [
          {
            "db": "BID",
            "id": "50474"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-051"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2011-1919",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2011-1919",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "7061ba28-2354-11e6-abef-000c29c66e3d",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2011-1919",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201111-051",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "7061ba28-2354-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7061ba28-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-002757"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-1919"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-051"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple stack-based buffer overflows in GE Intelligent Platforms Proficy Applications before 4.4.1 SIM 101 and 5.x before 5.0 SIM 43 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted TCP message traffic to (1) PRProficyMgr.exe in Proficy Server Manager, (2) PRGateway.exe in Proficy Server Gateway, (3) PRRDS.exe in Proficy Remote Data Service, or (4) PRLicenseMgr.exe in Proficy Server License Manager. GE Proficy Plant is a smart factory solution that allows you to make business decisions and make decisions through real-time plant data. A security vulnerability exists in multiple Proficy services, allowing an attacker to gain control of the system. The GE Proficy Plan application component handles inbound TCP/IP messaging. There is a stack-based buffer overflow. This vulnerability affects: (1) By default, the Proficy Server Manager (PRProficyMgr.exe) on the TCP 12293 port is monitored. (2) By default, the Proficy Service Gateway program (PRGateway.exe) on the TCP 12294 port is monitored. (3) By default, the Proficy Remote Data Service (PRRDS.exe) on the TCP 12299 port is monitored. (4) By default, the Proficy Server License Manager (PRLicenseMgr.exe) on the TCP 12401 port is monitored. GE Proficy Plant is prone to a remote stack buffer-overflow vulnerability. \nAn attacker could exploit this issue to execute arbitrary code with administrative privileges. Successfully exploiting this issue will result in the complete compromise of the affected computer. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nProficy Plant Applications Multiple Services Buffer Overflow\nVulnerabilities\n\nSECUNIA ADVISORY ID:\nSA46700\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46700/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46700\n\nRELEASE DATE:\n2011-11-02\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46700/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46700/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46700\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Proficy Plant\nApplications, which can be exploited by malicious people to\ncompromise a vulnerable system. \n\nPlease see the vendor\u0027s advisory for a list of affected versions. \n\nSOLUTION:\nApply updates. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Luigi Auriemma via ZDI. \n\nORIGINAL ADVISORY:\nGE (GEIP-11-02):\nhttp://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14493/en_US/GEIP11-02%20Security%20Advisory%20-%20Proficy%20Plant%20Applications%20services.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2011-1919"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-002757"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4651"
          },
          {
            "db": "BID",
            "id": "50474"
          },
          {
            "db": "IVD",
            "id": "7061ba28-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "PACKETSTORM",
            "id": "106517"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2011-1919",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-11-243-01",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "50474",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4651",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-051",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-002757",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "46700",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "7061BA28-2354-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "106517",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7061ba28-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4651"
          },
          {
            "db": "BID",
            "id": "50474"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-002757"
          },
          {
            "db": "PACKETSTORM",
            "id": "106517"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-1919"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-051"
          }
        ]
      },
      "id": "VAR-201111-0006",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "7061ba28-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4651"
          }
        ],
        "trust": 1.46872201
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7061ba28-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4651"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:40:09.075000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.ge-ip.com/"
          },
          {
            "title": "partner",
            "trust": 0.8,
            "url": "http://www.ge-ip.co.jp/partner.html"
          },
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.ge-ip.co.jp/"
          },
          {
            "title": "GE Proficy Plant Application Component Remote Stack Buffer Overflow Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/5754"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2011-4651"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-002757"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-002757"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-1919"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.6,
            "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-243-01.pdf"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/50474"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1919"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1919"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/46700"
          },
          {
            "trust": 0.4,
            "url": "http://support.ge-ip.com/support/resources/sites/ge_fanuc_support/content/live/kb/14000/kb14493/en_us/geip11-02%20security%20advisory%20-%20proficy%20plant%20applications%20services.pdf"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46700"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_intelligence/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/46700/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/46700/#comments"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2011-4651"
          },
          {
            "db": "BID",
            "id": "50474"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-002757"
          },
          {
            "db": "PACKETSTORM",
            "id": "106517"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-1919"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-051"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "7061ba28-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4651"
          },
          {
            "db": "BID",
            "id": "50474"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-002757"
          },
          {
            "db": "PACKETSTORM",
            "id": "106517"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-1919"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-051"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-11-03T00:00:00",
            "db": "IVD",
            "id": "7061ba28-2354-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2011-11-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-4651"
          },
          {
            "date": "2011-11-01T00:00:00",
            "db": "BID",
            "id": "50474"
          },
          {
            "date": "2011-11-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-002757"
          },
          {
            "date": "2011-11-02T02:34:52",
            "db": "PACKETSTORM",
            "id": "106517"
          },
          {
            "date": "2011-11-02T17:55:00.857000",
            "db": "NVD",
            "id": "CVE-2011-1919"
          },
          {
            "date": "1900-01-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201111-051"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-11-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2011-4651"
          },
          {
            "date": "2011-11-15T00:47:00",
            "db": "BID",
            "id": "50474"
          },
          {
            "date": "2012-02-03T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-002757"
          },
          {
            "date": "2011-11-17T05:00:00",
            "db": "NVD",
            "id": "CVE-2011-1919"
          },
          {
            "date": "2012-02-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201111-051"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-051"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Proficy Plant Application component remote stack buffer overflow vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "7061ba28-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2011-4651"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow",
        "sources": [
          {
            "db": "IVD",
            "id": "7061ba28-2354-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201111-051"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201702-0859

    Vulnerability from variot - Updated: 2023-12-18 13:39

    An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session. GE Proficy HMI/SCADA-CIMPLICITY is a client/server based HMI/SCADA solution from General Electric (GE). The solution captures and shares real-time and historical data across all levels of the enterprise, enabling visualization of processes, equipment, and resource monitoring operations. Proficy Historian is a factory system that collects, archives and distributes a large amount of real-time data at high speed, which significantly improves operational visibility and profit and loss settlement lines. Local vulnerabilities can exploit this vulnerability to obtain sensitive information. Multiple GE products are prone to a local information-disclosure vulnerability

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0859",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "cimplicity",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ge",
            "version": "9.0"
          },
          {
            "model": "historian",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ge",
            "version": "6.0"
          },
          {
            "model": "ifix",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ge",
            "version": "5.8"
          },
          {
            "model": "cimplicity",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "9.0"
          },
          {
            "model": "historian",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "6.0"
          },
          {
            "model": "ifix",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "5.8 sim 13"
          },
          {
            "model": "electric proficy historian",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "general",
            "version": "\u003c=6.0"
          },
          {
            "model": "electric proficy hmi/scada cimplicity",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "general",
            "version": "\u003c=9.0"
          },
          {
            "model": "electric proficy hmi/scada ifix sim",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "general",
            "version": "\u003c=5.813"
          },
          {
            "model": "historian",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "general electric",
            "version": "6.0"
          },
          {
            "model": "ifix",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "general electric",
            "version": "5.8"
          },
          {
            "model": "cimplicity",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "general electric",
            "version": "9.0"
          },
          {
            "model": "proficy hmi/scada ifix sim",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ge",
            "version": "5.813"
          },
          {
            "model": "proficy hmi/scada ifix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ge",
            "version": "5.5"
          },
          {
            "model": "proficy hmi/scada ifix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ge",
            "version": "5.1"
          },
          {
            "model": "proficy hmi/scada ifix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ge",
            "version": "5.0"
          },
          {
            "model": "proficy hmi/scada ifix",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ge",
            "version": "4.0"
          },
          {
            "model": "proficy hmi/scada cimplicity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ge",
            "version": "9.0"
          },
          {
            "model": "proficy hmi/scada cimplicity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ge",
            "version": "8.0"
          },
          {
            "model": "proficy hmi/scada cimplicity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ge",
            "version": "7.0"
          },
          {
            "model": "proficy historian",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ge",
            "version": "6.0"
          },
          {
            "model": "proficy historian",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ge",
            "version": "5.5"
          },
          {
            "model": "proficy historian",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ge",
            "version": "4.5"
          },
          {
            "model": "proficy historian",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ge",
            "version": "4.0"
          },
          {
            "model": "proficy historian",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ge",
            "version": "3.5"
          },
          {
            "model": "proficy hmi/scada ifix sim",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ge",
            "version": "5.814"
          },
          {
            "model": "proficy hmi/scada cimplicity",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ge",
            "version": "9.5"
          },
          {
            "model": "proficy historian",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ge",
            "version": "7.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "cimplicity",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "historian",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ifix",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "8e677a52-d1d3-4559-96bd-040386314b48"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-00906"
          },
          {
            "db": "BID",
            "id": "95630"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007952"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9360"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201701-692"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "9.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:historian:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "6.0",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:ifix:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "5.8",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-9360"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported this issue.",
        "sources": [
          {
            "db": "BID",
            "id": "95630"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2016-9360",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.4,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.4,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2016-9360",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 1.9,
                "id": "CNVD-2017-00906",
                "impactScore": 8.5,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:H/Au:N/C:C/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 1.9,
                "id": "8e677a52-d1d3-4559-96bd-040386314b48",
                "impactScore": 8.5,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:L/AC:H/Au:N/C:C/I:P/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "LOW",
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.8,
                "impactScore": 5.3,
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "Low",
                "baseScore": 6.7,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2016-9360",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "High",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2016-9360",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-00906",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201701-692",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "8e677a52-d1d3-4559-96bd-040386314b48",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "8e677a52-d1d3-4559-96bd-040386314b48"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-00906"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007952"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9360"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201701-692"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session. GE Proficy HMI/SCADA-CIMPLICITY is a client/server based HMI/SCADA solution from General Electric (GE). The solution captures and shares real-time and historical data across all levels of the enterprise, enabling visualization of processes, equipment, and resource monitoring operations. Proficy Historian is a factory system that collects, archives and distributes a large amount of real-time data at high speed, which significantly improves operational visibility and profit and loss settlement lines. Local vulnerabilities can exploit this vulnerability to obtain sensitive information. Multiple GE products are prone to a local information-disclosure vulnerability",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-9360"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007952"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-00906"
          },
          {
            "db": "BID",
            "id": "95630"
          },
          {
            "db": "IVD",
            "id": "8e677a52-d1d3-4559-96bd-040386314b48"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-9360",
            "trust": 3.5
          },
          {
            "db": "BID",
            "id": "95630",
            "trust": 2.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-16-336-05",
            "trust": 1.7
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-16-336-05A",
            "trust": 1.6
          },
          {
            "db": "SECTRACK",
            "id": "1037809",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-00906",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201701-692",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007952",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "8E677A52-D1D3-4559-96BD-040386314B48",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "8e677a52-d1d3-4559-96bd-040386314b48"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-00906"
          },
          {
            "db": "BID",
            "id": "95630"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007952"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9360"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201701-692"
          }
        ]
      },
      "id": "VAR-201702-0859",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "8e677a52-d1d3-4559-96bd-040386314b48"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-00906"
          }
        ],
        "trust": 1.4808041200000002
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "8e677a52-d1d3-4559-96bd-040386314b48"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-00906"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:39:04.182000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://digitalsupport.ge.com/communities/cc_home"
          },
          {
            "title": "Patches for multiple GE product local information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/88599"
          },
          {
            "title": "Multiple GE Product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=67287"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-00906"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007952"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201701-692"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-522",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-200",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007952"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9360"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/95630"
          },
          {
            "trust": 1.6,
            "url": "http://www.securitytracker.com/id/1037809"
          },
          {
            "trust": 1.6,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-336-05a"
          },
          {
            "trust": 1.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-336-05"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9360"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9360"
          },
          {
            "trust": 0.3,
            "url": "https://www.ge.com/"
          },
          {
            "trust": 0.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-336-05 "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-00906"
          },
          {
            "db": "BID",
            "id": "95630"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007952"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9360"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201701-692"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "8e677a52-d1d3-4559-96bd-040386314b48"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-00906"
          },
          {
            "db": "BID",
            "id": "95630"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007952"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-9360"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201701-692"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-02-05T00:00:00",
            "db": "IVD",
            "id": "8e677a52-d1d3-4559-96bd-040386314b48"
          },
          {
            "date": "2017-02-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-00906"
          },
          {
            "date": "2017-01-17T00:00:00",
            "db": "BID",
            "id": "95630"
          },
          {
            "date": "2017-03-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-007952"
          },
          {
            "date": "2017-02-13T21:59:02.050000",
            "db": "NVD",
            "id": "CVE-2016-9360"
          },
          {
            "date": "2017-01-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201701-692"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-02-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-00906"
          },
          {
            "date": "2017-01-23T03:11:00",
            "db": "BID",
            "id": "95630"
          },
          {
            "date": "2017-03-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-007952"
          },
          {
            "date": "2022-02-03T19:40:11.877000",
            "db": "NVD",
            "id": "CVE-2016-9360"
          },
          {
            "date": "2022-02-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201701-692"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "BID",
            "id": "95630"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201701-692"
          }
        ],
        "trust": 0.9
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  General Electric Proficy Vulnerability to obtain user password in product",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007952"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201701-692"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201802-0934

    Vulnerability from variot - Updated: 2023-12-18 13:38

    An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. The SSH functions of the device are vulnerable to buffer overflow conditions that may allow a remote attacker to execute arbitrary code on the device. GeneralElectricCompany is a manufacturer of electrical equipment, electrical and electronic equipment. General Electric (GE) D60 Line Distance Relay is prone to multiple buffer-overflow vulnerabilities because the application fails to handle exceptions properly. Failed exploits will result in denial-of-service condition. D60 devices running firmware Version 7.11 and prior are vulnerable. The product is used to protect transmission lines and cables, supports double circuit breaker applications, and can be used in single-pole or three-pole tripping applications. The vulnerability is caused by the program not properly restricting operations within the boundaries of the memory buffer

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201802-0934",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "d60 line distance relay",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ge",
            "version": "7.11"
          },
          {
            "model": "electric d60 line distance relay",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "general",
            "version": "7.11"
          },
          {
            "model": "d60 line distance relay",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "7.11"
          },
          {
            "model": "d60 line distance relay",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "gegridsolutions",
            "version": "7.11"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-03479"
          },
          {
            "db": "BID",
            "id": "103054"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002425"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5473"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-813"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:ge:d60_line_distance_relay_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "7.11",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:ge:d60_line_distance_relay:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-5473"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Kirill Nesterov of Kaspersky Labs",
        "sources": [
          {
            "db": "BID",
            "id": "103054"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-5473",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2018-5473",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-03479",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-135504",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-5473",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-5473",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-03479",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201802-813",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-135504",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-5473",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-03479"
          },
          {
            "db": "VULHUB",
            "id": "VHN-135504"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5473"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002425"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5473"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-813"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. The SSH functions of the device are vulnerable to buffer overflow conditions that may allow a remote attacker to execute arbitrary code on the device. GeneralElectricCompany is a manufacturer of electrical equipment, electrical and electronic equipment. General Electric (GE) D60 Line Distance Relay is prone to multiple buffer-overflow vulnerabilities because the application fails to handle exceptions properly. Failed exploits will result in denial-of-service condition. \nD60 devices running firmware Version 7.11 and prior are vulnerable. The product is used to protect transmission lines and cables, supports double circuit breaker applications, and can be used in single-pole or three-pole tripping applications. The vulnerability is caused by the program not properly restricting operations within the boundaries of the memory buffer",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-5473"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002425"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03479"
          },
          {
            "db": "BID",
            "id": "103054"
          },
          {
            "db": "VULHUB",
            "id": "VHN-135504"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5473"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSA-18-046-02",
            "trust": 3.5
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5473",
            "trust": 3.5
          },
          {
            "db": "BID",
            "id": "103054",
            "trust": 2.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002425",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-813",
            "trust": 0.7
          },
          {
            "db": "BID",
            "id": "103054103054",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03479",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-135504",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5473",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-03479"
          },
          {
            "db": "VULHUB",
            "id": "VHN-135504"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5473"
          },
          {
            "db": "BID",
            "id": "103054"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002425"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5473"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-813"
          }
        ]
      },
      "id": "VAR-201802-0934",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-03479"
          },
          {
            "db": "VULHUB",
            "id": "VHN-135504"
          }
        ],
        "trust": 1.42916665
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-03479"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:38:43.833000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.gegridsolutions.com/"
          },
          {
            "title": "GeneralElectricD60LineDistanceRelay Patch for Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/117909"
          },
          {
            "title": "GE D60 Line Distance Relay devices Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=100260"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-03479"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002425"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-813"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-135504"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002425"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5473"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.6,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-046-02"
          },
          {
            "trust": 1.9,
            "url": "http://www.securityfocus.com/bid/103054"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5473"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5473"
          },
          {
            "trust": 0.3,
            "url": "https://www.gegridsolutions.com/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/119.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-03479"
          },
          {
            "db": "VULHUB",
            "id": "VHN-135504"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5473"
          },
          {
            "db": "BID",
            "id": "103054"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002425"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5473"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-813"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-03479"
          },
          {
            "db": "VULHUB",
            "id": "VHN-135504"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-5473"
          },
          {
            "db": "BID",
            "id": "103054"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002425"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5473"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-813"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-02-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-03479"
          },
          {
            "date": "2018-02-19T00:00:00",
            "db": "VULHUB",
            "id": "VHN-135504"
          },
          {
            "date": "2018-02-19T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-5473"
          },
          {
            "date": "2018-02-15T00:00:00",
            "db": "BID",
            "id": "103054"
          },
          {
            "date": "2018-04-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-002425"
          },
          {
            "date": "2018-02-19T18:29:00.257000",
            "db": "NVD",
            "id": "CVE-2018-5473"
          },
          {
            "date": "2018-02-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201802-813"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-02-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-03479"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-135504"
          },
          {
            "date": "2021-08-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-5473"
          },
          {
            "date": "2018-02-15T00:00:00",
            "db": "BID",
            "id": "103054"
          },
          {
            "date": "2018-04-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-002425"
          },
          {
            "date": "2022-04-19T16:06:55.230000",
            "db": "NVD",
            "id": "CVE-2018-5473"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201802-813"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-813"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE D60 Line Distance Relay Device firmware buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002425"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-813"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201802-0935

    Vulnerability from variot - Updated: 2023-12-18 13:38

    A Stack-based Buffer Overflow issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. Multiple stack-based buffer overflow vulnerabilities have been identified, which may allow remote code execution. GeneralElectricCompany is a manufacturer of electrical equipment, electrical and electronic equipment. General Electric (GE) D60 Line Distance Relay is prone to multiple buffer-overflow vulnerabilities because the application fails to handle exceptions properly. Failed exploits will result in denial-of-service condition. The product is used to protect transmission lines and cables, supports double circuit breaker applications, and can be used in single-pole or three-pole tripping applications

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201802-0935",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "d60 line distance relay",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ge",
            "version": "7.11"
          },
          {
            "model": "electric d60 line distance relay",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "general",
            "version": "7.11"
          },
          {
            "model": "d60 line distance relay",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "7.11"
          },
          {
            "model": "d60 line distance relay",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge",
            "version": "7.11"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-03478"
          },
          {
            "db": "BID",
            "id": "103054"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002475"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5475"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-812"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:ge:d60_line_distance_relay_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "7.11",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:ge:d60_line_distance_relay:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-5475"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Kirill Nesterov of Kaspersky Labs",
        "sources": [
          {
            "db": "BID",
            "id": "103054"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-5475",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": true,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-5475",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-03478",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-135506",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-5475",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-5475",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-03478",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201802-812",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-135506",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-03478"
          },
          {
            "db": "VULHUB",
            "id": "VHN-135506"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002475"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5475"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-812"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A Stack-based Buffer Overflow issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. Multiple stack-based buffer overflow vulnerabilities have been identified, which may allow remote code execution. GeneralElectricCompany is a manufacturer of electrical equipment, electrical and electronic equipment. General Electric (GE) D60 Line Distance Relay is prone to multiple buffer-overflow vulnerabilities because the application fails to handle exceptions properly. Failed exploits will result in denial-of-service condition. The product is used to protect transmission lines and cables, supports double circuit breaker applications, and can be used in single-pole or three-pole tripping applications",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-5475"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002475"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03478"
          },
          {
            "db": "BID",
            "id": "103054"
          },
          {
            "db": "VULHUB",
            "id": "VHN-135506"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-5475",
            "trust": 3.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-046-02",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "103054",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002475",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-812",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-03478",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-135506",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-03478"
          },
          {
            "db": "VULHUB",
            "id": "VHN-135506"
          },
          {
            "db": "BID",
            "id": "103054"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002475"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5475"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-812"
          }
        ]
      },
      "id": "VAR-201802-0935",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-03478"
          },
          {
            "db": "VULHUB",
            "id": "VHN-135506"
          }
        ],
        "trust": 1.42916665
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-03478"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:38:43.799000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "TopPage",
            "trust": 0.8,
            "url": "https://www.gegridsolutions.com/"
          },
          {
            "title": "Patch for GeneralElectricD60LineDistanceRelay Buffer Overflow Vulnerability (CNVD-2018-03478)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/117907"
          },
          {
            "title": "GE D60 Line Distance Relay devices Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=100259"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-03478"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002475"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-812"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-135506"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002475"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5475"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-046-02"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/103054"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5475"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5475"
          },
          {
            "trust": 0.3,
            "url": "https://www.gegridsolutions.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-03478"
          },
          {
            "db": "VULHUB",
            "id": "VHN-135506"
          },
          {
            "db": "BID",
            "id": "103054"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002475"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5475"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-812"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-03478"
          },
          {
            "db": "VULHUB",
            "id": "VHN-135506"
          },
          {
            "db": "BID",
            "id": "103054"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002475"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-5475"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-812"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-02-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-03478"
          },
          {
            "date": "2018-02-19T00:00:00",
            "db": "VULHUB",
            "id": "VHN-135506"
          },
          {
            "date": "2018-02-15T00:00:00",
            "db": "BID",
            "id": "103054"
          },
          {
            "date": "2018-04-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-002475"
          },
          {
            "date": "2018-02-19T18:29:00.320000",
            "db": "NVD",
            "id": "CVE-2018-5475"
          },
          {
            "date": "2018-02-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201802-812"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-02-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-03478"
          },
          {
            "date": "2020-09-18T00:00:00",
            "db": "VULHUB",
            "id": "VHN-135506"
          },
          {
            "date": "2018-02-15T00:00:00",
            "db": "BID",
            "id": "103054"
          },
          {
            "date": "2018-04-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-002475"
          },
          {
            "date": "2020-09-18T16:07:02.037000",
            "db": "NVD",
            "id": "CVE-2018-5475"
          },
          {
            "date": "2020-09-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201802-812"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-812"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE D60 Line Distance Relay Device buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-002475"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201802-812"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201611-0263

    Vulnerability from variot - Updated: 2023-12-18 13:29

    General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote attackers to obtain privileged access via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) ,and CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. https://cwe.mitre.org/data/definitions/254.html https://cwe.mitre.org/data/definitions/284.htmlA remote attacker could gain privileged access. GE Bently Nevada 3500 / 22M is a vibration monitoring system.

    GE Bently Nevada 3500 / 22M has a security bypass vulnerability. Allows an attacker to perform unauthorized operations. This may lead to other attacks. The following products are vulnerable: GE Bently Nevada 3500/22M (USB version) prior to firmware Version 5.0 are vulnerable. USB and Serial are 2 versions of it

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201611-0263",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "electric bently nevada 3500/22m",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "general",
            "version": "0"
          },
          {
            "model": "bently nevada 3500/22m",
            "scope": null,
            "trust": 1.6,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": "bently nevada 3500\\/22m usb",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": null
          },
          {
            "model": "bently nevada 3500\\/22m serial",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": null
          },
          {
            "model": "bently nevada 3500/22m",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "5.0"
          },
          {
            "model": "bently nevada 3500/22m",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": "electric bently nevada 3500/22m",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "general",
            "version": "5.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-08614"
          },
          {
            "db": "BID",
            "id": "93452"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-005963"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5788"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-027"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:ge:bently_nevada_3500\\/22m_usb_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:ge:bently_nevada_3500\\/22m_usb:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:ge:bently_nevada_3500\\/22m_serial_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:ge:bently_nevada_3500\\/22m_serial:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-5788"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported this issue.",
        "sources": [
          {
            "db": "BID",
            "id": "93452"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2016-5788",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2016-5788",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2016-08614",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-94607",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 10.0,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 10.0,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2016-5788",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2016-5788",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-08614",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201610-027",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-94607",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2016-5788",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-08614"
          },
          {
            "db": "VULHUB",
            "id": "VHN-94607"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-5788"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-005963"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5788"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-027"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote attackers to obtain privileged access via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) ,and CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. https://cwe.mitre.org/data/definitions/254.html https://cwe.mitre.org/data/definitions/284.htmlA remote attacker could gain privileged access. GE Bently Nevada 3500 / 22M is a vibration monitoring system. \n\nGE Bently Nevada 3500 / 22M has a security bypass vulnerability. Allows an attacker to perform unauthorized operations. This may lead to other attacks. \nThe following products are vulnerable:\nGE Bently Nevada 3500/22M (USB version) prior to firmware Version 5.0 are vulnerable. USB and Serial are 2 versions of it",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-5788"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-005963"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-08614"
          },
          {
            "db": "BID",
            "id": "93452"
          },
          {
            "db": "VULHUB",
            "id": "VHN-94607"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-5788"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-5788",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-16-252-01",
            "trust": 2.9
          },
          {
            "db": "BID",
            "id": "93452",
            "trust": 2.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-005963",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-027",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-08614",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-94607",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-5788",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-08614"
          },
          {
            "db": "VULHUB",
            "id": "VHN-94607"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-5788"
          },
          {
            "db": "BID",
            "id": "93452"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-005963"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5788"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-027"
          }
        ]
      },
      "id": "VAR-201611-0263",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-94607"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T13:29:26.945000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Bently Nevada \u88fd\u54c1\u30b5\u30dd\u30fc\u30c8",
            "trust": 0.8,
            "url": "http://site.ge-energy.com/prod_serv/products/oc/ja/tech_prodsupport.htm"
          },
          {
            "title": "Patch for GE Bently Nevada 3500 / 22M Security Bypass Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/82166"
          },
          {
            "title": "GE Bently Nevada 3500/22M Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=64467"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-08614"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-005963"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-027"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-254",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-285",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-94607"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-005963"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5788"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-252-01"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/93452"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5788"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5788"
          },
          {
            "trust": 0.3,
            "url": "https://www.gemeasurement.com"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/254.html"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/285.html"
          },
          {
            "trust": 0.1,
            "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49219"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-08614"
          },
          {
            "db": "VULHUB",
            "id": "VHN-94607"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-5788"
          },
          {
            "db": "BID",
            "id": "93452"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-005963"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5788"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-027"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-08614"
          },
          {
            "db": "VULHUB",
            "id": "VHN-94607"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-5788"
          },
          {
            "db": "BID",
            "id": "93452"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-005963"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5788"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-027"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-10-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-08614"
          },
          {
            "date": "2016-11-25T00:00:00",
            "db": "VULHUB",
            "id": "VHN-94607"
          },
          {
            "date": "2016-11-25T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-5788"
          },
          {
            "date": "2016-10-06T00:00:00",
            "db": "BID",
            "id": "93452"
          },
          {
            "date": "2016-11-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-005963"
          },
          {
            "date": "2016-11-25T03:59:08.720000",
            "db": "NVD",
            "id": "CVE-2016-5788"
          },
          {
            "date": "2016-10-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201610-027"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-10-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-08614"
          },
          {
            "date": "2016-11-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-94607"
          },
          {
            "date": "2016-11-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-5788"
          },
          {
            "date": "2016-10-10T00:13:00",
            "db": "BID",
            "id": "93452"
          },
          {
            "date": "2016-11-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-005963"
          },
          {
            "date": "2016-11-28T20:29:28.080000",
            "db": "NVD",
            "id": "CVE-2016-5788"
          },
          {
            "date": "2016-11-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201610-027"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-027"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "General Electric Bently Nevada 3500/22M of  USB Vulnerability gained in privileged access in the serial port version",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-005963"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201610-027"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201708-0289

    Vulnerability from variot - Updated: 2023-12-18 13:29

    Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier. A remote attacker can exploit the vulnerability to inject arbitrary web scripts or HTML

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201708-0289",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "multilink ml2400",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "4.2.1"
          },
          {
            "model": "multilink ml1200",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "4.2.1"
          },
          {
            "model": "multilink ml1600",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "4.2.1"
          },
          {
            "model": "multilink ml800",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "4.2.1"
          },
          {
            "model": "multilink ml810",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "5.2.0"
          },
          {
            "model": "multilink ml3100",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ge",
            "version": "5.2.0"
          },
          {
            "model": "multilink ml3000",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ge",
            "version": "5.2.0"
          },
          {
            "model": "multilink ml1200",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "4.2.1"
          },
          {
            "model": "multilink ml1600",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "4.2.1"
          },
          {
            "model": "multilink ml2400",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "4.2.1"
          },
          {
            "model": "multilink ml3000",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "5.2.0"
          },
          {
            "model": "multilink ml3100",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "5.2.0"
          },
          {
            "model": "multilink ml800",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "4.2.1"
          },
          {
            "model": "multilink ml810",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "5.2.0"
          },
          {
            "model": "multilink ml800",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "general electric",
            "version": "\u003c=4.2.1"
          },
          {
            "model": "multilink ml1200",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "general electric",
            "version": "\u003c=4.2.1"
          },
          {
            "model": "multilink ml1600",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "general electric",
            "version": "\u003c=4.2.1"
          },
          {
            "model": "multilink ml2400",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "general electric",
            "version": "\u003c=4.2.1"
          },
          {
            "model": "multilink ml810",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "general electric",
            "version": "\u003c=5.2.0"
          },
          {
            "model": "multilink ml3000",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "general electric",
            "version": "\u003c=5.2.0"
          },
          {
            "model": "multilink ml3100",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "general electric",
            "version": "\u003c=5.2.0"
          },
          {
            "model": "multilink ml3000",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge",
            "version": "5.2.0"
          },
          {
            "model": "multilink ml3100",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge",
            "version": "5.2.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-07693"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007815"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3976"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-286"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:ge:multilink_ml810_firmware:5.2.0:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:ge:multilink_ml810:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:ge:multilink_ml3000_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "5.2.0",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:ge:multilink_ml3000:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:ge:multilink_ml3100_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "5.2.0",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:ge:multilink_ml3100:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:ge:multilink_ml800_firmware:4.2.1:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:ge:multilink_ml800:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:ge:multilink_ml1200_firmware:4.2.1:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:ge:multilink_ml1200:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:ge:multilink_ml1600_firmware:4.2.1:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:ge:multilink_ml1600:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:ge:multilink_ml2400_firmware:4.2.1:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:ge:multilink_ml2400:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-3976"
          }
        ]
      },
      "cve": "CVE-2015-3976",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "LOW",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 3.5,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2015-3976",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2015-07693",
                "impactScore": 6.9,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.8,
                "id": "VHN-81937",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "LOW",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.3,
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.4,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2015-3976",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2015-3976",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-07693",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201511-286",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "VULHUB",
                "id": "VHN-81937",
                "trust": 0.1,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-07693"
          },
          {
            "db": "VULHUB",
            "id": "VHN-81937"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007815"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3976"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-286"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier. A remote attacker can exploit the vulnerability to inject arbitrary web scripts or HTML",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-3976"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007815"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-07693"
          },
          {
            "db": "VULHUB",
            "id": "VHN-81937"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ICS CERT",
            "id": "ICSA-15-013-04A",
            "trust": 3.1
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3976",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007815",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-286",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-07693",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-81937",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-07693"
          },
          {
            "db": "VULHUB",
            "id": "VHN-81937"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007815"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3976"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-286"
          }
        ]
      },
      "id": "VAR-201708-0289",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-07693"
          },
          {
            "db": "VULHUB",
            "id": "VHN-81937"
          }
        ],
        "trust": 1.31538464
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-07693"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:29:14.780000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "GET-20024",
            "trust": 0.8,
            "url": "http://www.gegridsolutions.com/products/support/multilink/mlsb0415.pdf"
          },
          {
            "title": "Patches for multiple GE switch cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/67000"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-07693"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007815"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-81937"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007815"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3976"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-013-04a"
          },
          {
            "trust": 1.2,
            "url": "http://www.gegridsolutions.com/products/support/multilink/mlsb0415.pdf"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3976"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3976"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-07693"
          },
          {
            "db": "VULHUB",
            "id": "VHN-81937"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007815"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3976"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-286"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-07693"
          },
          {
            "db": "VULHUB",
            "id": "VHN-81937"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007815"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-3976"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-286"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-11-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-07693"
          },
          {
            "date": "2017-08-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-81937"
          },
          {
            "date": "2017-09-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-007815"
          },
          {
            "date": "2017-08-28T15:29:01.453000",
            "db": "NVD",
            "id": "CVE-2015-3976"
          },
          {
            "date": "2015-01-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201511-286"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-11-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-07693"
          },
          {
            "date": "2017-09-06T00:00:00",
            "db": "VULHUB",
            "id": "VHN-81937"
          },
          {
            "date": "2017-09-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-007815"
          },
          {
            "date": "2017-09-06T15:01:03.897000",
            "db": "NVD",
            "id": "CVE-2015-3976"
          },
          {
            "date": "2017-08-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201511-286"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-286"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  GE Multilink ML Cross-site scripting vulnerability in switches",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007815"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201511-286"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201301-0371

    Vulnerability from variot - Updated: 2023-12-18 13:25

    Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to read arbitrary files via a crafted packet. GE Intelligent Platforms is a software and hardware product, service and expertise for users in the field of automation control and embedded. GE Proficy CIMPLICITY is the PC configuration software. GE Proficy CIMPLICITY WebView CimWeb component (substitute.bcl) does not properly check input variables and send malicious packets to TCP port 80. Attackers can view and download files on the server through directory traversal attacks. The CIMPLICITY component is prone to a directory-traversal vulnerability and a remote command-execution vulnerability because it fails to properly validate user-supplied data. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------

    The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/


    TITLE: GE Intelligent Platforms Products Two Vulnerabilities

    SECUNIA ADVISORY ID: SA51936

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51936/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51936

    RELEASE DATE: 2013-01-24

    DISCUSS ADVISORY: http://secunia.com/advisories/51936/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/51936/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=51936

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: Two vulnerabilities have been reported in GE Intelligent Platforms products, which can be exploited by malicious users to disclose certain sensitive information and compromise a vulnerable system.

    2) An unspecified error exists in CimWebServer when processing packets and can be exploited to e.g. run arbitrary commands by sending a specially-crafted packet.

    NOTE: CIMPLICITY built-in Web server component is not enabled by default.

    The vulnerabilities are reported in the following products: * Proficy HMI/SCADA \x96 CIMPLICITY version 4.01 and greater * Proficy Process Systems with CIMPLICITY

    SOLUTION: Apply updates (please see the vendor's advisory for details).

    Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

    ORIGINAL ADVISORY: ICSA-13-022-02: http://www.us-cert.gov/control_systems/pdf/ICSA-13-022-02.pdf

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201301-0371",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "intelligent platforms proficy hmi\\/scada cimplicity",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "8.0"
          },
          {
            "model": "intelligent platforms proficy hmi\\/scada cimplicity",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "7.5"
          },
          {
            "model": "intelligent platforms proficy process systems with cimplicity",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": null
          },
          {
            "model": "intelligent platforms proficy hmi\\/scada cimplicity",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "4.01"
          },
          {
            "model": "intelligent platforms proficy process systems",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ge",
            "version": null
          },
          {
            "model": "proficy hmi/scada - cimplicity",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "4.01 and later"
          },
          {
            "model": "proficy process systems with cimplicity",
            "scope": null,
            "trust": 0.8,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": "electric proficy hmi/scada \\342\\200\\223 cimplicity",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "general",
            "version": "\u003c=4.01"
          },
          {
            "model": "electric proficy process systems with cimplicity",
            "scope": null,
            "trust": 0.6,
            "vendor": "general",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "intelligent platforms proficy hmi scada cimplicity",
            "version": "4.01"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "intelligent platforms proficy hmi scada cimplicity",
            "version": "7.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "intelligent platforms proficy hmi scada cimplicity",
            "version": "8.0"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1f593d28-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00503"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001289"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-0653"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-447"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:4.01:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:7.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_process_systems_with_cimplicity:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:ge:intelligent_platforms_proficy_process_systems:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-0653"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Vendor reported these issues.",
        "sources": [
          {
            "db": "BID",
            "id": "57505"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2013-0653",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2013-0653",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "1f593d28-2353-11e6-abef-000c29c66e3d",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2013-0653",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201301-447",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "1f593d28-2353-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1f593d28-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001289"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-0653"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-447"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to read arbitrary files via a crafted packet. GE Intelligent Platforms is a software and hardware product, service and expertise for users in the field of automation control and embedded. GE Proficy CIMPLICITY is the PC configuration software. GE Proficy CIMPLICITY WebView CimWeb component (substitute.bcl) does not properly check input variables and send malicious packets to TCP port 80. Attackers can view and download files on the server through directory traversal attacks. The CIMPLICITY component is prone to a directory-traversal vulnerability and a remote command-execution vulnerability because it fails to properly validate user-supplied data. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nGE Intelligent Platforms Products Two Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA51936\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/51936/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51936\n\nRELEASE DATE:\n2013-01-24\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/51936/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/51936/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51936\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in GE Intelligent Platforms\nproducts, which can be exploited by malicious users to disclose\ncertain sensitive information and compromise a vulnerable system. \n\n2) An unspecified error exists in CimWebServer when processing\npackets and can be exploited to e.g. run arbitrary commands by\nsending a specially-crafted packet. \n\nNOTE: CIMPLICITY built-in Web server component is not enabled by\ndefault. \n\nThe vulnerabilities are reported in the following products:\n* Proficy HMI/SCADA \\x96 CIMPLICITY version 4.01 and greater\n* Proficy Process Systems with CIMPLICITY\n\nSOLUTION:\nApply updates (please see the vendor\u0027s advisory for details). \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nICSA-13-022-02:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-13-022-02.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-0653"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001289"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00503"
          },
          {
            "db": "BID",
            "id": "57505"
          },
          {
            "db": "IVD",
            "id": "1f593d28-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "PACKETSTORM",
            "id": "119821"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-0653",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-13-022-02",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "57505",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00503",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-447",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001289",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "51936",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "1F593D28-2353-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "119821",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1f593d28-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00503"
          },
          {
            "db": "BID",
            "id": "57505"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001289"
          },
          {
            "db": "PACKETSTORM",
            "id": "119821"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-0653"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-447"
          }
        ]
      },
      "id": "VAR-201301-0371",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "1f593d28-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00503"
          }
        ],
        "trust": 1.53748475
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1f593d28-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00503"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:25:05.104000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Proficy HMI/SCADA - CIMPLICITY",
            "trust": 0.8,
            "url": "http://www.ge-ip.com/products/proficy-hmi-scada-cimplicity/p2819"
          },
          {
            "title": "\u76e3\u8996\u5236\u5fa1\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2(SCADA) CIMPLICITY",
            "trust": 0.8,
            "url": "http://www.ge-ip.co.jp/cimpli-ta.html"
          },
          {
            "title": "GE Proficy CIMPLICITY Directory Traversal Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/31211"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-00503"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001289"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001289"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-0653"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "http://www.us-cert.gov/control_systems/pdf/icsa-13-022-02.pdf"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0653"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0653"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/51936"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/57505"
          },
          {
            "trust": 0.3,
            "url": "http://www.ge-ip.com/products/proficy-hmi-scada-cimplicity/p2819"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51936"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/51936/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_intelligence/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/51936/#comments"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/blog/325/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-00503"
          },
          {
            "db": "BID",
            "id": "57505"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001289"
          },
          {
            "db": "PACKETSTORM",
            "id": "119821"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-0653"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-447"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "1f593d28-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00503"
          },
          {
            "db": "BID",
            "id": "57505"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001289"
          },
          {
            "db": "PACKETSTORM",
            "id": "119821"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-0653"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-447"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-01-24T00:00:00",
            "db": "IVD",
            "id": "1f593d28-2353-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2013-01-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-00503"
          },
          {
            "date": "2013-01-22T00:00:00",
            "db": "BID",
            "id": "57505"
          },
          {
            "date": "2013-01-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-001289"
          },
          {
            "date": "2013-01-25T03:08:56",
            "db": "PACKETSTORM",
            "id": "119821"
          },
          {
            "date": "2013-01-27T18:55:03.460000",
            "db": "NVD",
            "id": "CVE-2013-0653"
          },
          {
            "date": "2013-01-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201301-447"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-05-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-00503"
          },
          {
            "date": "2013-01-22T00:00:00",
            "db": "BID",
            "id": "57505"
          },
          {
            "date": "2013-02-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-001289"
          },
          {
            "date": "2013-01-29T05:00:00",
            "db": "NVD",
            "id": "CVE-2013-0653"
          },
          {
            "date": "2013-01-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201301-447"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-447"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Proficy CIMPLICITY Directory Traversal Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "1f593d28-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00503"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-447"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Path traversal",
        "sources": [
          {
            "db": "IVD",
            "id": "1f593d28-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-447"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201301-0372

    Vulnerability from variot - Updated: 2023-12-18 13:25

    CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary commands or cause a denial of service (daemon crash) via a crafted packet. GE Intelligent Platforms is a software and hardware product, service and expertise for users in the field of automation control and embedded. GE Proficy CIMPLICITY is the PC configuration software. The CIMPLICITY component is prone to a directory-traversal vulnerability and a remote command-execution vulnerability because it fails to properly validate user-supplied data. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------

    The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/


    TITLE: GE Intelligent Platforms Products Two Vulnerabilities

    SECUNIA ADVISORY ID: SA51936

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51936/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51936

    RELEASE DATE: 2013-01-24

    DISCUSS ADVISORY: http://secunia.com/advisories/51936/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/51936/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=51936

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: Two vulnerabilities have been reported in GE Intelligent Platforms products, which can be exploited by malicious users to disclose certain sensitive information and compromise a vulnerable system.

    1) An unspecified error exists within the WebView CimWeb component (substitute.bcl) and can be exploited to disclose arbitrary files via directory traversal attacks.

    2) An unspecified error exists in CimWebServer when processing packets and can be exploited to e.g. run arbitrary commands by sending a specially-crafted packet.

    NOTE: CIMPLICITY built-in Web server component is not enabled by default.

    The vulnerabilities are reported in the following products: * Proficy HMI/SCADA \x96 CIMPLICITY version 4.01 and greater * Proficy Process Systems with CIMPLICITY

    SOLUTION: Apply updates (please see the vendor's advisory for details).

    Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

    ORIGINAL ADVISORY: ICSA-13-022-02: http://www.us-cert.gov/control_systems/pdf/ICSA-13-022-02.pdf

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201301-0372",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "intelligent platforms proficy hmi\\/scada cimplicity",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "8.0"
          },
          {
            "model": "intelligent platforms proficy hmi\\/scada cimplicity",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "7.5"
          },
          {
            "model": "intelligent platforms proficy process systems with cimplicity",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": null
          },
          {
            "model": "intelligent platforms proficy hmi\\/scada cimplicity",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "4.01"
          },
          {
            "model": "intelligent platforms proficy process systems",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ge",
            "version": null
          },
          {
            "model": "proficy hmi/scada - cimplicity",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "4.01 and later"
          },
          {
            "model": "proficy process systems with cimplicity",
            "scope": null,
            "trust": 0.8,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": "electric proficy hmi/scada \\342\\200\\223 cimplicity",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "general",
            "version": "\u003c=4.01"
          },
          {
            "model": "electric proficy process systems with cimplicity",
            "scope": null,
            "trust": 0.6,
            "vendor": "general",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "intelligent platforms proficy hmi scada cimplicity",
            "version": "4.01"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "intelligent platforms proficy hmi scada cimplicity",
            "version": "7.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "intelligent platforms proficy hmi scada cimplicity",
            "version": "8.0"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1f537014-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00506"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001290"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-0654"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-448"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:4.01:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:7.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_process_systems_with_cimplicity:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:ge:intelligent_platforms_proficy_process_systems:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-0654"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Vendor reported these issues.",
        "sources": [
          {
            "db": "BID",
            "id": "57505"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2013-0654",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 9.3,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2013-0654",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.6,
                "id": "1f537014-2353-11e6-abef-000c29c66e3d",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2013-0654",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201301-448",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "1f537014-2353-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1f537014-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001290"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-0654"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-448"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary commands or cause a denial of service (daemon crash) via a crafted packet. GE Intelligent Platforms is a software and hardware product, service and expertise for users in the field of automation control and embedded. GE Proficy CIMPLICITY is the PC configuration software. The CIMPLICITY component is prone to a directory-traversal vulnerability and a remote command-execution vulnerability because it fails to properly validate user-supplied data. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nGE Intelligent Platforms Products Two Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA51936\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/51936/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51936\n\nRELEASE DATE:\n2013-01-24\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/51936/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/51936/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51936\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in GE Intelligent Platforms\nproducts, which can be exploited by malicious users to disclose\ncertain sensitive information and compromise a vulnerable system. \n\n1) An unspecified error exists within the WebView CimWeb component\n(substitute.bcl) and can be exploited to disclose arbitrary files via\ndirectory traversal attacks. \n\n2) An unspecified error exists in CimWebServer when processing\npackets and can be exploited to e.g. run arbitrary commands by\nsending a specially-crafted packet. \n\nNOTE: CIMPLICITY built-in Web server component is not enabled by\ndefault. \n\nThe vulnerabilities are reported in the following products:\n* Proficy HMI/SCADA \\x96 CIMPLICITY version 4.01 and greater\n* Proficy Process Systems with CIMPLICITY\n\nSOLUTION:\nApply updates (please see the vendor\u0027s advisory for details). \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nICSA-13-022-02:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-13-022-02.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2013-0654"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001290"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00506"
          },
          {
            "db": "BID",
            "id": "57505"
          },
          {
            "db": "IVD",
            "id": "1f537014-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "PACKETSTORM",
            "id": "119821"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2013-0654",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-13-022-02",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "57505",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00506",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-448",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001290",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "51936",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "1F537014-2353-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "119821",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1f537014-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00506"
          },
          {
            "db": "BID",
            "id": "57505"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001290"
          },
          {
            "db": "PACKETSTORM",
            "id": "119821"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-0654"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-448"
          }
        ]
      },
      "id": "VAR-201301-0372",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "1f537014-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00506"
          }
        ],
        "trust": 1.53748475
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1f537014-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00506"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:25:05.066000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Proficy HMI/SCADA - CIMPLICITY",
            "trust": 0.8,
            "url": "http://www.ge-ip.com/products/proficy-hmi-scada-cimplicity/p2819"
          },
          {
            "title": "\u76e3\u8996\u5236\u5fa1\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2(SCADA) CIMPLICITY",
            "trust": 0.8,
            "url": "http://www.ge-ip.co.jp/cimpli-ta.html"
          },
          {
            "title": "Patch for GE Proficy CIMPLICITY Command Execution Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/31191"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-00506"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001290"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001290"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-0654"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "http://www.us-cert.gov/control_systems/pdf/icsa-13-022-02.pdf"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0654"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0654"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/51936"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/57505"
          },
          {
            "trust": 0.3,
            "url": "http://www.ge-ip.com/products/proficy-hmi-scada-cimplicity/p2819"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51936"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/51936/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_intelligence/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/51936/#comments"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/blog/325/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2013-00506"
          },
          {
            "db": "BID",
            "id": "57505"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001290"
          },
          {
            "db": "PACKETSTORM",
            "id": "119821"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-0654"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-448"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "1f537014-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00506"
          },
          {
            "db": "BID",
            "id": "57505"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2013-001290"
          },
          {
            "db": "PACKETSTORM",
            "id": "119821"
          },
          {
            "db": "NVD",
            "id": "CVE-2013-0654"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-448"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-01-24T00:00:00",
            "db": "IVD",
            "id": "1f537014-2353-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2013-01-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-00506"
          },
          {
            "date": "2013-01-22T00:00:00",
            "db": "BID",
            "id": "57505"
          },
          {
            "date": "2013-01-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-001290"
          },
          {
            "date": "2013-01-25T03:08:56",
            "db": "PACKETSTORM",
            "id": "119821"
          },
          {
            "date": "2013-01-27T18:55:03.493000",
            "db": "NVD",
            "id": "CVE-2013-0654"
          },
          {
            "date": "2013-01-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201301-448"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2013-01-24T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2013-00506"
          },
          {
            "date": "2013-01-22T00:00:00",
            "db": "BID",
            "id": "57505"
          },
          {
            "date": "2013-02-13T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2013-001290"
          },
          {
            "date": "2013-01-29T05:00:00",
            "db": "NVD",
            "id": "CVE-2013-0654"
          },
          {
            "date": "2013-01-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201301-448"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-448"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Proficy CIMPLICITY Command execution vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "1f537014-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2013-00506"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Input validation",
        "sources": [
          {
            "db": "IVD",
            "id": "1f537014-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201301-448"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201607-0454

    Vulnerability from variot - Updated: 2023-12-18 13:24

    General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlService settings may be changed by local users. GE Proficy HMI SCADA CIMPLICITY is a client/server based HMI/SCADA solution. GE Proficy HMI SCADA CIMPLICITY has a security vulnerability that allows a local attacker to exploit this vulnerability to increase privileges. This may aid in further attacks. GE Proficy HMI SCADA CIMPLICITY 8.2 SIM 26 and prior are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201607-0454",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "cimplicity",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "ge",
            "version": "8.2"
          },
          {
            "model": "cimplicity",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ge",
            "version": "8.2"
          },
          {
            "model": "proficy hmi/scada - cimplicity",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "8.2 sim 27"
          },
          {
            "model": "cimplicity sim",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "ge",
            "version": "8.227"
          },
          {
            "model": "cimplicity",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "general electric",
            "version": "8.2"
          },
          {
            "model": "electric proficy hmi/scada cimplicity sim",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "general",
            "version": "-8.226"
          },
          {
            "model": "electric proficy hmi/scada cimplicity sim",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "general",
            "version": "-8.219"
          },
          {
            "model": "electric proficy hmi/scada cimplicity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "general",
            "version": "-8.2"
          },
          {
            "model": "electric proficy hmi/scada cimplicity sim",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "general",
            "version": "-8.227"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "cimplicity",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e48555af-f166-4a94-bc44-f644c9893996"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04901"
          },
          {
            "db": "BID",
            "id": "91727"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003795"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5787"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-339"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "8.2",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim10:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim11:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim12:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim13:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim14:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim15:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim16:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim17:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim18:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim19:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim20:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim21:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim22:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim23:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim24:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim25:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim26:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim5:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim6:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim7:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim8:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:cimplicity:8.2:sim9:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-5787"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Zhou Yu of Acorn Network Security.",
        "sources": [
          {
            "db": "BID",
            "id": "91727"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-339"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2016-5787",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": true,
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Local",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.6,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2016-5787",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2016-04901",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "e48555af-f166-4a94-bc44-f644c9893996",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "NVD",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.0,
                "impactScore": 3.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "Low",
                "baseScore": 5.7,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2016-5787",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2016-5787",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-04901",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201607-339",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "e48555af-f166-4a94-bc44-f644c9893996",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e48555af-f166-4a94-bc44-f644c9893996"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04901"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003795"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5787"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-339"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlService settings may be changed by local users. GE Proficy HMI SCADA CIMPLICITY is a client/server based HMI/SCADA solution. GE Proficy HMI SCADA CIMPLICITY has a security vulnerability that allows a local attacker to exploit this vulnerability to increase privileges. This may aid in further attacks. \nGE Proficy HMI SCADA CIMPLICITY 8.2 SIM 26 and prior are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-5787"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003795"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04901"
          },
          {
            "db": "BID",
            "id": "91727"
          },
          {
            "db": "IVD",
            "id": "e48555af-f166-4a94-bc44-f644c9893996"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-5787",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-16-194-02",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "91727",
            "trust": 2.5
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04901",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-339",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003795",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E48555AF-F166-4A94-BC44-F644C9893996",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e48555af-f166-4a94-bc44-f644c9893996"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04901"
          },
          {
            "db": "BID",
            "id": "91727"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003795"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5787"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-339"
          }
        ]
      },
      "id": "VAR-201607-0454",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e48555af-f166-4a94-bc44-f644c9893996"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04901"
          }
        ],
        "trust": 1.5849003000000002
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e48555af-f166-4a94-bc44-f644c9893996"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04901"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:24:37.702000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "GED 16-01",
            "trust": 0.8,
            "url": "https://ge-ip.force.com/communities/en_us/article/ge-digital-security-advisory-ged-16-01"
          },
          {
            "title": "Patch for GE Proficy HMI SCADA CIMPLICITY Local Elevation of Privilege Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/79099"
          },
          {
            "title": "GE Proficy HMI SCADA CIMPLICITY Remedial measures for local privilege escalation",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62916"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-04901"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003795"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-339"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-668",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003795"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5787"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-194-02"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/91727"
          },
          {
            "trust": 1.6,
            "url": "https://ge-ip.force.com/communities/en_us/article/ge-digital-security-advisory-ged-16-01"
          },
          {
            "trust": 1.4,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5787"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5787"
          },
          {
            "trust": 0.3,
            "url": "http://www.ge-ip.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-04901"
          },
          {
            "db": "BID",
            "id": "91727"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003795"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5787"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-339"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e48555af-f166-4a94-bc44-f644c9893996"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-04901"
          },
          {
            "db": "BID",
            "id": "91727"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003795"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5787"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-339"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-07-18T00:00:00",
            "db": "IVD",
            "id": "e48555af-f166-4a94-bc44-f644c9893996"
          },
          {
            "date": "2016-07-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-04901"
          },
          {
            "date": "2016-07-12T00:00:00",
            "db": "BID",
            "id": "91727"
          },
          {
            "date": "2016-07-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-003795"
          },
          {
            "date": "2016-07-15T16:59:11.423000",
            "db": "NVD",
            "id": "CVE-2016-5787"
          },
          {
            "date": "2016-07-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201607-339"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-07-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-04901"
          },
          {
            "date": "2016-07-12T00:00:00",
            "db": "BID",
            "id": "91727"
          },
          {
            "date": "2016-07-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-003795"
          },
          {
            "date": "2022-02-03T19:46:10.973000",
            "db": "NVD",
            "id": "CVE-2016-5787"
          },
          {
            "date": "2022-02-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201607-339"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "BID",
            "id": "91727"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-339"
          }
        ],
        "trust": 0.9
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "General Electric Digital Proficy HMI/SCADA - CIMPLICITY Vulnerability in changing service settings",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-003795"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-339"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201211-0177

    Vulnerability from variot - Updated: 2023-12-18 13:20

    rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3010 and CVE-2012-3021. GE Proficy Real-Time Information Portal is a Proficy real-time information portal, a real-time manufacturing intelligence application for GE Intelligent Platforms. Because the service fails to properly check the input data submitted by the user, the attacker is allowed to send malicious requests for denial of service attacks. Remote attackers may exploit this issue to crash the affected application, denying service to legitimate users. Due to the nature of this issue, arbitrary code execution may be possible; this has not been confirmed. ----------------------------------------------------------------------

    The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/


    TITLE: Proficy Real-Time Information Portal Multiple Vulnerabilities

    SECUNIA ADVISORY ID: SA50962

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50962/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50962

    RELEASE DATE: 2012-10-16

    DISCUSS ADVISORY: http://secunia.com/advisories/50962/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/50962/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=50962

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: Multiple vulnerabilities have been reported in Proficy Real-Time Information Portal, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

    The vulnerabilities are reported in version 2.6, 3.0, 3.0 SP1, 3.5, and 3.5 SP1.

    SOLUTION: Reportedly patches have been released. Contact the vendor for further information.

    PROVIDED AND/OR DISCOVERED BY: Kuang-Chun Hung, Information and Communication Security Technology Center (ICST).

    ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-234-01.pdf

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201211-0177",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "intelligent platforms proficy real-time information portal",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "3.0"
          },
          {
            "model": "intelligent platforms proficy real-time information portal",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "2.6"
          },
          {
            "model": "intelligent platforms proficy real-time information portal",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "3.5"
          },
          {
            "model": "proficy real-time information portal",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "2.6 to  3.5 sp1"
          },
          {
            "model": "proficy real-time information portal",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge fanuc automation",
            "version": "2.6"
          },
          {
            "model": "proficy real-time information portal",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge fanuc automation",
            "version": "3.0"
          },
          {
            "model": "proficy real-time information portal sp1",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge fanuc automation",
            "version": "3.0"
          },
          {
            "model": "proficy real-time information portal",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge fanuc automation",
            "version": "3.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "intelligent platforms proficy real time information portal",
            "version": "3.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "intelligent platforms proficy real time information portal",
            "version": "3.5"
          },
          {
            "model": "electric proficy real-time information portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "general",
            "version": "3.5"
          },
          {
            "model": "electric proficy real-time information portal sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "general",
            "version": "3.0"
          },
          {
            "model": "electric proficy real-time information portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "general",
            "version": "3.0"
          },
          {
            "model": "electric proficy real-time information portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "general",
            "version": "2.6"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "intelligent platforms proficy real time information portal",
            "version": "2.6"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "470403da-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-5848"
          },
          {
            "db": "BID",
            "id": "55935"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005175"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-3026"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-386"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.0:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.5:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:2.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-3026"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Kuang-Chun Hung of Information and Communication Security Technology Center",
        "sources": [
          {
            "db": "BID",
            "id": "55935"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2012-3026",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2012-3026",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "470403da-2353-11e6-abef-000c29c66e3d",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2012-3026",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201210-386",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "470403da-2353-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "470403da-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005175"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-3026"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-386"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3010 and CVE-2012-3021. GE Proficy Real-Time Information Portal is a Proficy real-time information portal, a real-time manufacturing intelligence application for GE Intelligent Platforms. Because the service fails to properly check the input data submitted by the user, the attacker is allowed to send malicious requests for denial of service attacks. \nRemote attackers may exploit this issue to crash the affected application, denying service to legitimate users. Due to the nature of this issue, arbitrary code execution may be possible; this has not been confirmed. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nProficy Real-Time Information Portal Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA50962\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/50962/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50962\n\nRELEASE DATE:\n2012-10-16\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/50962/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/50962/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50962\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Proficy Real-Time\nInformation Portal, which can be exploited by malicious people to\ncause a DoS (Denial of Service) and potentially compromise a\nvulnerable system. \n\nThe vulnerabilities are reported in version 2.6, 3.0, 3.0 SP1, 3.5,\nand 3.5 SP1. \n\nSOLUTION:\nReportedly patches have been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nKuang-Chun Hung, Information and Communication Security Technology\nCenter (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-234-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-3026"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005175"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-5848"
          },
          {
            "db": "BID",
            "id": "55935"
          },
          {
            "db": "IVD",
            "id": "470403da-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "PACKETSTORM",
            "id": "117410"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2012-3026",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-12-234-01",
            "trust": 2.5
          },
          {
            "db": "SECUNIA",
            "id": "50962",
            "trust": 1.4
          },
          {
            "db": "BID",
            "id": "55935",
            "trust": 1.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-5848",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-386",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005175",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "470403DA-2353-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "117410",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "470403da-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-5848"
          },
          {
            "db": "BID",
            "id": "55935"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005175"
          },
          {
            "db": "PACKETSTORM",
            "id": "117410"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-3026"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-386"
          }
        ]
      },
      "id": "VAR-201211-0177",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "470403da-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-5848"
          }
        ],
        "trust": 1.51428573
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "470403da-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-5848"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:20:08.135000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "GEIP12-10",
            "trust": 0.8,
            "url": "http://support.ge-ip.com/support/index?page=kbchannel\u0026id=s:kb15050"
          },
          {
            "title": "Multiple vulnerabilities in Proficy Portal Remote Interface Service",
            "trust": 0.8,
            "url": "http://support.ge-ip.com/support/resources/sites/ge_fanuc_support/content/live/kb/15000/kb15050/en_us/geip12-10%20security%20advisory%20-%20proficy%20portal%20rifsrvd.pdf"
          },
          {
            "title": "Patch for GE Proficy Real-Time Information Portal Denial of Service Vulnerability (CNVD-2012-5848)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/23759"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2012-5848"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005175"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005175"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-3026"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-234-01.pdf"
          },
          {
            "trust": 1.6,
            "url": "http://support.ge-ip.com/support/index?page=kbchannel\u0026id=s:kb15050"
          },
          {
            "trust": 1.6,
            "url": "http://support.ge-ip.com/support/resources/sites/ge_fanuc_support/content/live/kb/15000/kb15050/en_us/geip12-10%20security%20advisory%20-%20proficy%20portal%20rifsrvd.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/55935"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3026"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3026"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/50962/http"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/50962"
          },
          {
            "trust": 0.3,
            "url": "http://www.ge-ip.com/products/2811"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_intelligence/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/50962/#comments"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50962"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/50962/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/blog/325/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2012-5848"
          },
          {
            "db": "BID",
            "id": "55935"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005175"
          },
          {
            "db": "PACKETSTORM",
            "id": "117410"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-3026"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-386"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "470403da-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-5848"
          },
          {
            "db": "BID",
            "id": "55935"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005175"
          },
          {
            "db": "PACKETSTORM",
            "id": "117410"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-3026"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-386"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-10-19T00:00:00",
            "db": "IVD",
            "id": "470403da-2353-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2012-10-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2012-5848"
          },
          {
            "date": "2012-10-15T00:00:00",
            "db": "BID",
            "id": "55935"
          },
          {
            "date": "2012-11-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-005175"
          },
          {
            "date": "2012-10-16T06:20:48",
            "db": "PACKETSTORM",
            "id": "117410"
          },
          {
            "date": "2012-11-01T10:44:45.497000",
            "db": "NVD",
            "id": "CVE-2012-3026"
          },
          {
            "date": "2012-10-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201210-386"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-10-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2012-5848"
          },
          {
            "date": "2012-10-15T00:00:00",
            "db": "BID",
            "id": "55935"
          },
          {
            "date": "2012-11-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-005175"
          },
          {
            "date": "2013-04-13T02:55:02.867000",
            "db": "NVD",
            "id": "CVE-2012-3026"
          },
          {
            "date": "2012-11-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201210-386"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-386"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Intelligent Platforms Proficy Real-Time Information Portal Service disruption in  (DoS) Vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005175"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Input validation",
        "sources": [
          {
            "db": "IVD",
            "id": "470403da-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-386"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201211-0176

    Vulnerability from variot - Updated: 2023-12-18 13:20

    rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3010 and CVE-2012-3026. GE Proficy Real-Time Information Portal is a Proficy real-time information portal, a real-time manufacturing intelligence application for GE Intelligent Platforms. Because the service fails to properly check the input data submitted by the user, the attacker is allowed to send malicious requests for denial of service attacks. Remote attackers may exploit this issue to crash the affected application, denying service to legitimate users. Due to the nature of this issue, arbitrary code execution may be possible; this has not been confirmed. ----------------------------------------------------------------------

    The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/


    TITLE: Proficy Real-Time Information Portal Multiple Vulnerabilities

    SECUNIA ADVISORY ID: SA50962

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50962/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50962

    RELEASE DATE: 2012-10-16

    DISCUSS ADVISORY: http://secunia.com/advisories/50962/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/50962/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=50962

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: Multiple vulnerabilities have been reported in Proficy Real-Time Information Portal, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

    The vulnerabilities are reported in version 2.6, 3.0, 3.0 SP1, 3.5, and 3.5 SP1.

    SOLUTION: Reportedly patches have been released. Contact the vendor for further information.

    PROVIDED AND/OR DISCOVERED BY: Kuang-Chun Hung, Information and Communication Security Technology Center (ICST).

    ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-234-01.pdf

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201211-0176",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "intelligent platforms proficy real-time information portal",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "3.0"
          },
          {
            "model": "intelligent platforms proficy real-time information portal",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "2.6"
          },
          {
            "model": "intelligent platforms proficy real-time information portal",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "3.5"
          },
          {
            "model": "proficy real-time information portal",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "2.6 to  3.5 sp1"
          },
          {
            "model": "proficy real-time information portal",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge fanuc automation",
            "version": "2.6"
          },
          {
            "model": "proficy real-time information portal",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge fanuc automation",
            "version": "3.0"
          },
          {
            "model": "proficy real-time information portal sp1",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge fanuc automation",
            "version": "3.0"
          },
          {
            "model": "proficy real-time information portal",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge fanuc automation",
            "version": "3.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "intelligent platforms proficy real time information portal",
            "version": "3.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "intelligent platforms proficy real time information portal",
            "version": "3.5"
          },
          {
            "model": "electric proficy real-time information portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "general",
            "version": "3.5"
          },
          {
            "model": "electric proficy real-time information portal sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "general",
            "version": "3.0"
          },
          {
            "model": "electric proficy real-time information portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "general",
            "version": "3.0"
          },
          {
            "model": "electric proficy real-time information portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "general",
            "version": "2.6"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "intelligent platforms proficy real time information portal",
            "version": "2.6"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "47098e0e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-5847"
          },
          {
            "db": "BID",
            "id": "55935"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005174"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-3021"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-385"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:2.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.5:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.0:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-3021"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Kuang-Chun Hung of Information and Communication Security Technology Center",
        "sources": [
          {
            "db": "BID",
            "id": "55935"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2012-3021",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2012-3021",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "47098e0e-2353-11e6-abef-000c29c66e3d",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2012-3021",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201210-385",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "47098e0e-2353-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2012-3021",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "47098e0e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "VULMON",
            "id": "CVE-2012-3021"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005174"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-3021"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-385"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3010 and CVE-2012-3026. GE Proficy Real-Time Information Portal is a Proficy real-time information portal, a real-time manufacturing intelligence application for GE Intelligent Platforms. Because the service fails to properly check the input data submitted by the user, the attacker is allowed to send malicious requests for denial of service attacks. \nRemote attackers may exploit this issue to crash the affected application, denying service to legitimate users. Due to the nature of this issue, arbitrary code execution may be possible; this has not been confirmed. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nProficy Real-Time Information Portal Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA50962\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/50962/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50962\n\nRELEASE DATE:\n2012-10-16\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/50962/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/50962/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50962\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Proficy Real-Time\nInformation Portal, which can be exploited by malicious people to\ncause a DoS (Denial of Service) and potentially compromise a\nvulnerable system. \n\nThe vulnerabilities are reported in version 2.6, 3.0, 3.0 SP1, 3.5,\nand 3.5 SP1. \n\nSOLUTION:\nReportedly patches have been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nKuang-Chun Hung, Information and Communication Security Technology\nCenter (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-234-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-3021"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005174"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-5847"
          },
          {
            "db": "BID",
            "id": "55935"
          },
          {
            "db": "IVD",
            "id": "47098e0e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "VULMON",
            "id": "CVE-2012-3021"
          },
          {
            "db": "PACKETSTORM",
            "id": "117410"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2012-3021",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-12-234-01",
            "trust": 2.6
          },
          {
            "db": "SECUNIA",
            "id": "50962",
            "trust": 1.4
          },
          {
            "db": "BID",
            "id": "55935",
            "trust": 1.4
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-5847",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-385",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005174",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "47098E0E-2353-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "VULMON",
            "id": "CVE-2012-3021",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "117410",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "47098e0e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-5847"
          },
          {
            "db": "VULMON",
            "id": "CVE-2012-3021"
          },
          {
            "db": "BID",
            "id": "55935"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005174"
          },
          {
            "db": "PACKETSTORM",
            "id": "117410"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-3021"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-385"
          }
        ]
      },
      "id": "VAR-201211-0176",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "47098e0e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-5847"
          }
        ],
        "trust": 1.51428573
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "47098e0e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-5847"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:20:08.092000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "GEIP12-10",
            "trust": 0.8,
            "url": "http://support.ge-ip.com/support/index?page=kbchannel\u0026id=s:kb15050"
          },
          {
            "title": "Multiple vulnerabilities in Proficy Portal Remote Interface Service",
            "trust": 0.8,
            "url": "http://support.ge-ip.com/support/resources/sites/ge_fanuc_support/content/live/kb/15000/kb15050/en_us/geip12-10%20security%20advisory%20-%20proficy%20portal%20rifsrvd.pdf"
          },
          {
            "title": "Patch for GE Proficy Real-Time Information Portal Denial of Service Vulnerability (CNVD-2012-5847)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/23757"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2012-5847"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005174"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005174"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-3021"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-234-01.pdf"
          },
          {
            "trust": 1.7,
            "url": "http://support.ge-ip.com/support/resources/sites/ge_fanuc_support/content/live/kb/15000/kb15050/en_us/geip12-10%20security%20advisory%20-%20proficy%20portal%20rifsrvd.pdf"
          },
          {
            "trust": 1.7,
            "url": "http://support.ge-ip.com/support/index?page=kbchannel\u0026id=s:kb15050"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/bid/55935"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3021"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3021"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/50962/http"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/50962"
          },
          {
            "trust": 0.3,
            "url": "http://www.ge-ip.com/products/2811"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/20.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=27198"
          },
          {
            "trust": 0.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-12-234-01"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_intelligence/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/50962/#comments"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50962"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/50962/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/blog/325/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2012-5847"
          },
          {
            "db": "VULMON",
            "id": "CVE-2012-3021"
          },
          {
            "db": "BID",
            "id": "55935"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005174"
          },
          {
            "db": "PACKETSTORM",
            "id": "117410"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-3021"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-385"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "47098e0e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-5847"
          },
          {
            "db": "VULMON",
            "id": "CVE-2012-3021"
          },
          {
            "db": "BID",
            "id": "55935"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005174"
          },
          {
            "db": "PACKETSTORM",
            "id": "117410"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-3021"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-385"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-10-19T00:00:00",
            "db": "IVD",
            "id": "47098e0e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2012-10-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2012-5847"
          },
          {
            "date": "2012-11-01T00:00:00",
            "db": "VULMON",
            "id": "CVE-2012-3021"
          },
          {
            "date": "2012-10-15T00:00:00",
            "db": "BID",
            "id": "55935"
          },
          {
            "date": "2012-11-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-005174"
          },
          {
            "date": "2012-10-16T06:20:48",
            "db": "PACKETSTORM",
            "id": "117410"
          },
          {
            "date": "2012-11-01T10:44:45.420000",
            "db": "NVD",
            "id": "CVE-2012-3021"
          },
          {
            "date": "2012-10-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201210-385"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-10-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2012-5847"
          },
          {
            "date": "2013-04-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2012-3021"
          },
          {
            "date": "2012-10-15T00:00:00",
            "db": "BID",
            "id": "55935"
          },
          {
            "date": "2012-11-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-005174"
          },
          {
            "date": "2013-04-13T02:55:02.667000",
            "db": "NVD",
            "id": "CVE-2012-3021"
          },
          {
            "date": "2012-11-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201210-385"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-385"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Intelligent Platforms Proficy Real-Time Information Portal Service disruption in  (DoS) Vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005174"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Input validation",
        "sources": [
          {
            "db": "IVD",
            "id": "47098e0e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-385"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201211-0175

    Vulnerability from variot - Updated: 2023-12-18 13:20

    rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3021 and CVE-2012-3026. GE Proficy Real-Time Information Portal is a Proficy real-time information portal, a real-time manufacturing intelligence application for GE Intelligent Platforms. Because the service fails to properly check the input data submitted by the user, the attacker is allowed to send malicious requests for denial of service attacks. Remote attackers may exploit this issue to crash the affected application, denying service to legitimate users. Due to the nature of this issue, arbitrary code execution may be possible; this has not been confirmed. ----------------------------------------------------------------------

    The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/


    TITLE: Proficy Real-Time Information Portal Multiple Vulnerabilities

    SECUNIA ADVISORY ID: SA50962

    VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50962/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50962

    RELEASE DATE: 2012-10-16

    DISCUSS ADVISORY: http://secunia.com/advisories/50962/#comments

    AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

    http://secunia.com/advisories/50962/

    ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

    https://ca.secunia.com/?page=viewadvisory&vuln_id=50962

    ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

    http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

    DESCRIPTION: Multiple vulnerabilities have been reported in Proficy Real-Time Information Portal, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

    The vulnerabilities are reported in version 2.6, 3.0, 3.0 SP1, 3.5, and 3.5 SP1.

    SOLUTION: Reportedly patches have been released. Contact the vendor for further information.

    PROVIDED AND/OR DISCOVERED BY: Kuang-Chun Hung, Information and Communication Security Technology Center (ICST).

    ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-12-234-01.pdf

    OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

    EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


    About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/advisories/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201211-0175",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "intelligent platforms proficy real-time information portal",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "3.0"
          },
          {
            "model": "intelligent platforms proficy real-time information portal",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "2.6"
          },
          {
            "model": "intelligent platforms proficy real-time information portal",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "3.5"
          },
          {
            "model": "proficy real-time information portal",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "2.6 to  3.5 sp1"
          },
          {
            "model": "proficy real-time information portal",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge fanuc automation",
            "version": "2.6"
          },
          {
            "model": "proficy real-time information portal",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge fanuc automation",
            "version": "3.0"
          },
          {
            "model": "proficy real-time information portal sp1",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge fanuc automation",
            "version": "3.0"
          },
          {
            "model": "proficy real-time information portal",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge fanuc automation",
            "version": "3.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "intelligent platforms proficy real time information portal",
            "version": "3.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.4,
            "vendor": "intelligent platforms proficy real time information portal",
            "version": "3.5"
          },
          {
            "model": "electric proficy real-time information portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "general",
            "version": "3.5"
          },
          {
            "model": "electric proficy real-time information portal sp1",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "general",
            "version": "3.0"
          },
          {
            "model": "electric proficy real-time information portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "general",
            "version": "3.0"
          },
          {
            "model": "electric proficy real-time information portal",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "general",
            "version": "2.6"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "intelligent platforms proficy real time information portal",
            "version": "2.6"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "470f709e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-5850"
          },
          {
            "db": "BID",
            "id": "55935"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005173"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-3010"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-384"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.5:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:2.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_real-time_information_portal:3.0:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-3010"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Kuang-Chun Hung",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-384"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2012-3010",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2012-3010",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "470f709e-2353-11e6-abef-000c29c66e3d",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2012-3010",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201210-384",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "470f709e-2353-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "470f709e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005173"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-3010"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-384"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3021 and CVE-2012-3026. GE Proficy Real-Time Information Portal is a Proficy real-time information portal, a real-time manufacturing intelligence application for GE Intelligent Platforms. Because the service fails to properly check the input data submitted by the user, the attacker is allowed to send malicious requests for denial of service attacks. \nRemote attackers may exploit this issue to crash the affected application, denying service to legitimate users. Due to the nature of this issue, arbitrary code execution may be possible; this has not been confirmed. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nProficy Real-Time Information Portal Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA50962\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/50962/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50962\n\nRELEASE DATE:\n2012-10-16\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/50962/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/50962/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50962\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Proficy Real-Time\nInformation Portal, which can be exploited by malicious people to\ncause a DoS (Denial of Service) and potentially compromise a\nvulnerable system. \n\nThe vulnerabilities are reported in version 2.6, 3.0, 3.0 SP1, 3.5,\nand 3.5 SP1. \n\nSOLUTION:\nReportedly patches have been released. Contact the vendor for further\ninformation. \n\nPROVIDED AND/OR DISCOVERED BY:\nKuang-Chun Hung, Information and Communication Security Technology\nCenter (ICST). \n\nORIGINAL ADVISORY:\nICS-CERT:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-234-01.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2012-3010"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005173"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-5850"
          },
          {
            "db": "BID",
            "id": "55935"
          },
          {
            "db": "IVD",
            "id": "470f709e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "PACKETSTORM",
            "id": "117410"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2012-3010",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-12-234-01",
            "trust": 1.9
          },
          {
            "db": "BID",
            "id": "55935",
            "trust": 1.3
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-5850",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-384",
            "trust": 0.8
          },
          {
            "db": "SECUNIA",
            "id": "50962",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005173",
            "trust": 0.8
          },
          {
            "db": "NSFOCUS",
            "id": "47141",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "470F709E-2353-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "117410",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "470f709e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-5850"
          },
          {
            "db": "BID",
            "id": "55935"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005173"
          },
          {
            "db": "PACKETSTORM",
            "id": "117410"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-3010"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-384"
          }
        ]
      },
      "id": "VAR-201211-0175",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "470f709e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-5850"
          }
        ],
        "trust": 1.51428573
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "470f709e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-5850"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:20:08.054000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "GEIP12-10",
            "trust": 0.8,
            "url": "http://support.ge-ip.com/support/index?page=kbchannel\u0026id=s:kb15050"
          },
          {
            "title": "Multiple vulnerabilities in Proficy Portal Remote Interface Service",
            "trust": 0.8,
            "url": "http://support.ge-ip.com/support/resources/sites/ge_fanuc_support/content/live/kb/15000/kb15050/en_us/geip12-10%20security%20advisory%20-%20proficy%20portal%20rifsrvd.pdf"
          },
          {
            "title": "Patch for GE Proficy Real-Time Information Portal Denial of Service Vulnerability (CNVD-2012-5850)",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/23760"
          },
          {
            "title": "GE Proficy Real-Time Information Portal Enter the fix for the verification error vulnerability",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=123576"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2012-5850"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005173"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-384"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005173"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-3010"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.9,
            "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-234-01.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://support.ge-ip.com/support/index?page=kbchannel\u0026id=s:kb15050"
          },
          {
            "trust": 1.0,
            "url": "http://support.ge-ip.com/support/resources/sites/ge_fanuc_support/content/live/kb/15000/kb15050/en_us/geip12-10%20security%20advisory%20-%20proficy%20portal%20rifsrvd.pdf"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/55935"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3010"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3010"
          },
          {
            "trust": 0.6,
            "url": "http://secunia.com/advisories/50962/http"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/47141"
          },
          {
            "trust": 0.3,
            "url": "http://www.ge-ip.com/products/2811"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_intelligence/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/50962/#comments"
          },
          {
            "trust": 0.1,
            "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=50962"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/50962/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/vulnerability_scanning/personal/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/blog/325/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/advisories/about_secunia_advisories/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2012-5850"
          },
          {
            "db": "BID",
            "id": "55935"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005173"
          },
          {
            "db": "PACKETSTORM",
            "id": "117410"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-3010"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-384"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "470f709e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2012-5850"
          },
          {
            "db": "BID",
            "id": "55935"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005173"
          },
          {
            "db": "PACKETSTORM",
            "id": "117410"
          },
          {
            "db": "NVD",
            "id": "CVE-2012-3010"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-384"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-10-19T00:00:00",
            "db": "IVD",
            "id": "470f709e-2353-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2012-10-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2012-5850"
          },
          {
            "date": "2012-10-15T00:00:00",
            "db": "BID",
            "id": "55935"
          },
          {
            "date": "2012-11-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-005173"
          },
          {
            "date": "2012-10-16T06:20:48",
            "db": "PACKETSTORM",
            "id": "117410"
          },
          {
            "date": "2012-11-01T10:44:45.327000",
            "db": "NVD",
            "id": "CVE-2012-3010"
          },
          {
            "date": "2012-10-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201210-384"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2012-10-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2012-5850"
          },
          {
            "date": "2012-10-15T00:00:00",
            "db": "BID",
            "id": "55935"
          },
          {
            "date": "2012-11-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2012-005173"
          },
          {
            "date": "2013-04-13T02:55:01.983000",
            "db": "NVD",
            "id": "CVE-2012-3010"
          },
          {
            "date": "2020-07-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201210-384"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-384"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE Intelligent Platforms Proficy Real-Time Information Portal Service disruption in  (DoS) Vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2012-005173"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Input Validation Error",
        "sources": [
          {
            "db": "BID",
            "id": "55935"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201210-384"
          }
        ],
        "trust": 0.9
      }
    }

    VAR-201502-0245

    Vulnerability from variot - Updated: 2023-12-18 13:19

    Buffer overflow in the Field Device Tool (FDT) Frame application in the HART Device Type Manager (DTM) library, as used in MACTek Bullet DTM 1.00.0, GE Vector DTM 1.00.0, GE SVi1000 Positioner DTM 1.00.0, GE SVI II AP Positioner DTM 2.00.1, and GE 12400 Level Transmitter DTM 1.00.0, allows remote attackers to cause a denial of service (DTM outage) via crafted packets. General Electric Company is a manufacturer of electrical equipment, electrical and electronic equipment. General Electric (GE) and MACTek 'HART DTM' Library have a denial of service vulnerability that an attacker can use to cause an affected system to stop responding and initiate a denial of service attack. An attacker can exploit this issue to cause the affected system to become unresponsive, resulting in a denial-of-service condition

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201502-0245",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "vector device type manager",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": "1.00.0"
          },
          {
            "model": "12400 level transmitter device type manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ge",
            "version": "1.00.0"
          },
          {
            "model": "bullet device type manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mactek",
            "version": "1.00.0"
          },
          {
            "model": "svi ii ap positioner device type manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ge",
            "version": "2.00.1"
          },
          {
            "model": "12400 level transmitter dtm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "1.00.0"
          },
          {
            "model": "svi ii ap positioner dtm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "2.00.1"
          },
          {
            "model": "svi1000 positioner dtm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "1.00.0"
          },
          {
            "model": "vector dtm",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "1.00.0"
          },
          {
            "model": "bullet wirelesshart device type manager",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "mactek",
            "version": "(dtm) 1.00.0"
          },
          {
            "model": "electric mactek bullet dtm",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "general",
            "version": "1.00.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "12400 level transmitter device type manager",
            "version": "1.00.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "svi ii ap positioner device type manager",
            "version": "2.00.1"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "vector device type manager",
            "version": "1.00.0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "bullet device type manager",
            "version": "1.00.0"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00995"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007859"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9203"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-133"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:12400_level_transmitter_device_type_manager:1.00.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:svi_ii_ap_positioner_device_type_manager:2.00.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:vector_device_type_manager:1.00.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:mactek:bullet_device_type_manager:1.00.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-9203"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Alexander Bolshev",
        "sources": [
          {
            "db": "BID",
            "id": "72524"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2014-9203",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2014-9203",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-00995",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "a3a0ad20-2351-11e6-abef-000c29c66e3d",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2014-9203",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-00995",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201502-133",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "a3a0ad20-2351-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00995"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007859"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9203"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-133"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow in the Field Device Tool (FDT) Frame application in the HART Device Type Manager (DTM) library, as used in MACTek Bullet DTM 1.00.0, GE Vector DTM 1.00.0, GE SVi1000 Positioner DTM 1.00.0, GE SVI II AP Positioner DTM 2.00.1, and GE 12400 Level Transmitter DTM 1.00.0, allows remote attackers to cause a denial of service (DTM outage) via crafted packets. General Electric Company is a manufacturer of electrical equipment, electrical and electronic equipment. General Electric (GE) and MACTek \u0027HART DTM\u0027 Library have a denial of service vulnerability that an attacker can use to cause an affected system to stop responding and initiate a denial of service attack. \nAn attacker can exploit this issue to cause the affected system to become unresponsive, resulting in a denial-of-service condition",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-9203"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007859"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00995"
          },
          {
            "db": "BID",
            "id": "72524"
          },
          {
            "db": "IVD",
            "id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-9203",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-15-036-01",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "72524",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00995",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-133",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007859",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-15-036-01A",
            "trust": 0.3
          },
          {
            "db": "IVD",
            "id": "A3A0AD20-2351-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00995"
          },
          {
            "db": "BID",
            "id": "72524"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007859"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9203"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-133"
          }
        ]
      },
      "id": "VAR-201502-0245",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00995"
          }
        ],
        "trust": 1.8
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00995"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:19:50.480000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "GEOG 15-01_Security_Advisory_HART DTM",
            "trust": 0.8,
            "url": "http://d3qm6x350yyq59.cloudfront.net/sites/geog.dev.local/files/geog_15-01_security_advisory_hart_dtm.pdf"
          },
          {
            "title": "Download Center",
            "trust": 0.8,
            "url": "http://www.ge-mcs.com/en/download.html"
          },
          {
            "title": "Bullet_DTM_1_00_1.exe",
            "trust": 0.8,
            "url": "https://mactekcorp.com/downloadfiles/bullet_dtm_1_00_1.exe"
          },
          {
            "title": "BULLET WirelessHART Adapter",
            "trust": 0.8,
            "url": "https://mactekcorp.com/product6a.php"
          },
          {
            "title": "General Electric (GE) and MACTek \u0027HART DTM\u0027 Library have patches for denial of service vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/55174"
          },
          {
            "title": "VECTOR_DTM_Installer_V1.00.1",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53668"
          },
          {
            "title": "SVI_II_AP_DTM_Installer_V2.10.1",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53671"
          },
          {
            "title": "SVi1000_DTM_Installer_V1.00.1",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53670"
          },
          {
            "title": "12400_DTM_Installer_V1.00.1",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53669"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-00995"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007859"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-133"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007859"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9203"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-036-01"
          },
          {
            "trust": 1.6,
            "url": "http://www.geoilandgas.com/securityadvisory"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9203"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9203"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/72524"
          },
          {
            "trust": 0.3,
            "url": "http://www.ge.com/"
          },
          {
            "trust": 0.3,
            "url": "https://mactekcorp.com/"
          },
          {
            "trust": 0.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-036-01a"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-00995"
          },
          {
            "db": "BID",
            "id": "72524"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007859"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9203"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-133"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-00995"
          },
          {
            "db": "BID",
            "id": "72524"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007859"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-9203"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-133"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-02-10T00:00:00",
            "db": "IVD",
            "id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2015-02-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-00995"
          },
          {
            "date": "2015-02-05T00:00:00",
            "db": "BID",
            "id": "72524"
          },
          {
            "date": "2015-02-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-007859"
          },
          {
            "date": "2015-02-07T15:59:00.050000",
            "db": "NVD",
            "id": "CVE-2014-9203"
          },
          {
            "date": "2015-02-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201502-133"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-02-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-00995"
          },
          {
            "date": "2015-02-05T00:00:00",
            "db": "BID",
            "id": "72524"
          },
          {
            "date": "2015-02-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-007859"
          },
          {
            "date": "2015-02-09T19:26:44.123000",
            "db": "NVD",
            "id": "CVE-2014-9203"
          },
          {
            "date": "2015-02-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201502-133"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-133"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "MACTek Bullet DTM And multiple  GE DTM Used in products  HART DTM Buffer overflow vulnerability in library",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-007859"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer overflow",
        "sources": [
          {
            "db": "IVD",
            "id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201502-133"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201710-1117

    Vulnerability from variot - Updated: 2023-12-18 13:19

    A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution. GE CIMPLICITY Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GE CIMPLICITY is an HMI software. GE CIMPLICITY has a stack buffer overflow vulnerability that allows remote attackers to exploit a vulnerability to submit a special request to crash an application or execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201710-1117",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "intelligent platforms proficy hmi\\/scada cimplicity",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ge",
            "version": "9.0"
          },
          {
            "model": "cimplicity",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "9.0"
          },
          {
            "model": "electric cimplicity",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "general",
            "version": "\u003c=9.0"
          },
          {
            "model": "intelligent platforms proficy hmi\\/scada cimplicity",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge",
            "version": "9.0"
          },
          {
            "model": "cimplicity",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "ge",
            "version": "9.0"
          },
          {
            "model": "cimplicity",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "ge",
            "version": "9.5"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "intelligent platforms proficy hmi scada cimplicity",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "0e1531b5-5828-444b-a091-2b4ac221507d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-29156"
          },
          {
            "db": "BID",
            "id": "101174"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008868"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-12732"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-365"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "9.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-12732"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "David Atch of CyberX",
        "sources": [
          {
            "db": "BID",
            "id": "101174"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-12732",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.9,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 4.4,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Adjacent Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.9,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2017-12732",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-29156",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "0e1531b5-5828-444b-a091-2b4ac221507d",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Adjacent Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 6.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2017-12732",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-12732",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-29156",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201710-365",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "0e1531b5-5828-444b-a091-2b4ac221507d",
                "trust": 0.2,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "0e1531b5-5828-444b-a091-2b4ac221507d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-29156"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008868"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-12732"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-365"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution. GE CIMPLICITY Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GE CIMPLICITY is an HMI software. GE CIMPLICITY has a stack buffer overflow vulnerability that allows remote attackers to exploit a vulnerability to submit a special request to crash an application or execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-12732"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008868"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-29156"
          },
          {
            "db": "BID",
            "id": "101174"
          },
          {
            "db": "IVD",
            "id": "0e1531b5-5828-444b-a091-2b4ac221507d"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-12732",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-278-01",
            "trust": 2.5
          },
          {
            "db": "BID",
            "id": "101174",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-29156",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-365",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-278-01A",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008868",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "0E1531B5-5828-444B-A091-2B4AC221507D",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "0e1531b5-5828-444b-a091-2b4ac221507d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-29156"
          },
          {
            "db": "BID",
            "id": "101174"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008868"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-12732"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-365"
          }
        ]
      },
      "id": "VAR-201710-1117",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "0e1531b5-5828-444b-a091-2b4ac221507d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-29156"
          }
        ],
        "trust": 1.5777778
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "0e1531b5-5828-444b-a091-2b4ac221507d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-29156"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:19:19.925000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "CIMPLICITY",
            "trust": 0.8,
            "url": "https://www.ge.com/digital/products/cimplicity"
          },
          {
            "title": "Patch for GE CIMPLICITY Stack Buffer Overflow Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/103267"
          },
          {
            "title": "GE CIMPLICITY Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=75479"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-29156"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008868"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-365"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008868"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-12732"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-278-01"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/101174"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12732"
          },
          {
            "trust": 0.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-278-01a"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12732"
          },
          {
            "trust": 0.3,
            "url": "https://www.ge.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-29156"
          },
          {
            "db": "BID",
            "id": "101174"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008868"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-12732"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-365"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "0e1531b5-5828-444b-a091-2b4ac221507d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-29156"
          },
          {
            "db": "BID",
            "id": "101174"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008868"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-12732"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-365"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-10-09T00:00:00",
            "db": "IVD",
            "id": "0e1531b5-5828-444b-a091-2b4ac221507d"
          },
          {
            "date": "2017-10-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-29156"
          },
          {
            "date": "2017-10-05T00:00:00",
            "db": "BID",
            "id": "101174"
          },
          {
            "date": "2017-10-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-008868"
          },
          {
            "date": "2017-10-05T21:29:00.193000",
            "db": "NVD",
            "id": "CVE-2017-12732"
          },
          {
            "date": "2017-10-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201710-365"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-10-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-29156"
          },
          {
            "date": "2017-10-05T00:00:00",
            "db": "BID",
            "id": "101174"
          },
          {
            "date": "2017-10-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-008868"
          },
          {
            "date": "2019-10-09T23:23:13.263000",
            "db": "NVD",
            "id": "CVE-2017-12732"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201710-365"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-365"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "GE CIMPLICITY Buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-008868"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-365"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffer error",
        "sources": [
          {
            "db": "IVD",
            "id": "0e1531b5-5828-444b-a091-2b4ac221507d"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201710-365"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201805-0946

    Vulnerability from variot - Updated: 2023-12-18 13:19

    In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystems RSTi-EP CPE 100 all versions, and PACSystems CPU320/CRU320 RXi all versions, the device does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable. plural GE The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. PACSystems RX3i CPE305/310, RX3i CPE330, RX3i CPE 400 are all GE programmable programmable controller products. GE PACSystems are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the device to reboot and change its state, denying service to legitimate users. GE PACSystems RX3i CPE305, etc. A security vulnerability exists in several GE products due to the program not properly validating input

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201805-0946",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "pacsystems rsti-ep cpe 100",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": null
          },
          {
            "model": "pacsystems rxi",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": null
          },
          {
            "model": "pacsystems cpu320",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": null
          },
          {
            "model": "pacsystems cru320",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "ge",
            "version": null
          },
          {
            "model": "rx3i cpe 400",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ge",
            "version": "9.30"
          },
          {
            "model": "rx3i cpe330",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ge",
            "version": "9.21"
          },
          {
            "model": "pacsystems rx3i cpe310",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ge",
            "version": "9.20"
          },
          {
            "model": "pacsystems rx3i cpe305",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "ge",
            "version": "9.20"
          },
          {
            "model": "pacsystems cpu320",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": "pacsystems cru320",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": "pacsystems rsti-ep cpe 100",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": "pacsystems rx3i cpe305",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "9.20"
          },
          {
            "model": "pacsystems rx3i cpe310",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "9.20"
          },
          {
            "model": "pacsystems rxi",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "general electric",
            "version": null
          },
          {
            "model": "rx3i cpe 400",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "9.30"
          },
          {
            "model": "rx3i cpe330",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "general electric",
            "version": "9.21"
          },
          {
            "model": "pacsystems rx3i cpe305/310",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "ge",
            "version": "\u003c=9.20"
          },
          {
            "model": "rx3i cpe330",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "ge",
            "version": "\u003c=9.21"
          },
          {
            "model": "rx3i cpe",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge",
            "version": "400\u003c=9.30"
          },
          {
            "model": "pacsystems rsti-ep cpe",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge",
            "version": "100"
          },
          {
            "model": "pacsystems cpu320/cru320 rxi",
            "scope": null,
            "trust": 0.6,
            "vendor": "ge",
            "version": null
          },
          {
            "model": "pacsystems rx3i cpe305",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge",
            "version": "9.20"
          },
          {
            "model": "pacsystems rx3i cpe310",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge",
            "version": "9.20"
          },
          {
            "model": "rx3i cpe 400",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge",
            "version": "9.30"
          },
          {
            "model": "rx3i cpe330",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "ge",
            "version": "9.21"
          },
          {
            "model": "electric pacsystems rxi cru320",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "general",
            "version": "0"
          },
          {
            "model": "electric pacsystems rxi cpu320",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "general",
            "version": "0"
          },
          {
            "model": "electric pacsystems rx3i cpe400",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "general",
            "version": "9.30"
          },
          {
            "model": "electric pacsystems rx3i cpe330",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "general",
            "version": "9.21"
          },
          {
            "model": "electric pacsystems rx3i cpe310",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "general",
            "version": "9.20"
          },
          {
            "model": "electric pacsystems rx3i cpe305",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "general",
            "version": "9.20"
          },
          {
            "model": "electric pacsystems rsti-ep cpe100",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "general",
            "version": "0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pacsystems rx3i cpe305",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pacsystems rx3i cpe310",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "rx3i cpe330",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "rx3i cpe 400",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pacsystems rsti ep cpe 100",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pacsystems cpu320",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pacsystems cru320",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "pacsystems rxi",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2efad9f-39ab-11e9-a104-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10002"
          },
          {
            "db": "BID",
            "id": "104241"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-005302"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-8867"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-657"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:ge:pacsystems_rx3i_cpe305_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "9.20",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:ge:pacsystems_rx3i_cpe305:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:ge:pacsystems_rx3i_cpe310_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "9.20",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:ge:pacsystems_rx3i_cpe310:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:ge:rx3i_cpe330_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "9.21",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:ge:rx3i_cpe330:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:ge:rx3i_cpe_400_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "9.30",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:ge:rx3i_cpe_400:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:ge:pacsystems_rsti-ep_cpe_100_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:ge:pacsystems_rsti-ep_cpe_100:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:ge:pacsystems_cpu320_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:ge:pacsystems_cpu320:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:ge:pacsystems_cru320_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:ge:pacsystems_cru320:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:ge:pacsystems_rxi_firmware:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:ge:pacsystems_rxi:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-8867"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Younes Dragoni of Nozomi Networks.",
        "sources": [
          {
            "db": "BID",
            "id": "104241"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-8867",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 7.8,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2018-8867",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-10002",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "e2efad9f-39ab-11e9-a104-000c29342cb1",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-138899",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2018-8867",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-8867",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-10002",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201805-657",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e2efad9f-39ab-11e9-a104-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-138899",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2efad9f-39ab-11e9-a104-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10002"
          },
          {
            "db": "VULHUB",
            "id": "VHN-138899"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-005302"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-8867"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-657"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystems RSTi-EP CPE 100 all versions, and PACSystems CPU320/CRU320 RXi all versions, the device does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable. plural GE The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. PACSystems RX3i CPE305/310, RX3i CPE330, RX3i CPE 400 are all GE programmable programmable controller products. GE PACSystems are prone to a remote denial-of-service vulnerability. \nAn attacker can exploit this issue to cause the device to reboot and change its state, denying service to legitimate users. GE PACSystems RX3i CPE305, etc. A security vulnerability exists in several GE products due to the program not properly validating input",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-8867"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-005302"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10002"
          },
          {
            "db": "BID",
            "id": "104241"
          },
          {
            "db": "IVD",
            "id": "e2efad9f-39ab-11e9-a104-000c29342cb1"
          },
          {
            "db": "VULHUB",
            "id": "VHN-138899"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-8867",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-137-01",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "104241",
            "trust": 2.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-657",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10002",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-005302",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E2EFAD9F-39AB-11E9-A104-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-98955",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-138899",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2efad9f-39ab-11e9-a104-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10002"
          },
          {
            "db": "VULHUB",
            "id": "VHN-138899"
          },
          {
            "db": "BID",
            "id": "104241"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-005302"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-8867"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-657"
          }
        ]
      },
      "id": "VAR-201805-0946",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2efad9f-39ab-11e9-a104-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10002"
          },
          {
            "db": "VULHUB",
            "id": "VHN-138899"
          }
        ],
        "trust": 1.7916666666666665
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2efad9f-39ab-11e9-a104-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10002"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:19:07.825000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.geautomation.com/"
          },
          {
            "title": "GE\u0027s various PACSystems products enter patches for verification error vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/129709"
          },
          {
            "title": "Multiple GE Product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83577"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-10002"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-005302"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-657"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-138899"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-005302"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-8867"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-137-01"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/104241"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8867"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8867"
          },
          {
            "trust": 0.3,
            "url": "http://www.ge.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-10002"
          },
          {
            "db": "VULHUB",
            "id": "VHN-138899"
          },
          {
            "db": "BID",
            "id": "104241"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-005302"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-8867"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-657"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2efad9f-39ab-11e9-a104-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10002"
          },
          {
            "db": "VULHUB",
            "id": "VHN-138899"
          },
          {
            "db": "BID",
            "id": "104241"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-005302"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-8867"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-657"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-05-22T00:00:00",
            "db": "IVD",
            "id": "e2efad9f-39ab-11e9-a104-000c29342cb1"
          },
          {
            "date": "2018-05-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-10002"
          },
          {
            "date": "2018-05-18T00:00:00",
            "db": "VULHUB",
            "id": "VHN-138899"
          },
          {
            "date": "2018-05-17T00:00:00",
            "db": "BID",
            "id": "104241"
          },
          {
            "date": "2018-07-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-005302"
          },
          {
            "date": "2018-05-18T20:29:00.323000",
            "db": "NVD",
            "id": "CVE-2018-8867"
          },
          {
            "date": "2018-05-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201805-657"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-05-22T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-10002"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-138899"
          },
          {
            "date": "2018-05-17T00:00:00",
            "db": "BID",
            "id": "104241"
          },
          {
            "date": "2018-07-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-005302"
          },
          {
            "date": "2019-10-09T23:42:59.317000",
            "db": "NVD",
            "id": "CVE-2018-8867"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201805-657"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-657"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  GE Vulnerability related to input validation in products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-005302"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Input validation error",
        "sources": [
          {
            "db": "IVD",
            "id": "e2efad9f-39ab-11e9-a104-000c29342cb1"
          },
          {
            "db": "BID",
            "id": "104241"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-657"
          }
        ],
        "trust": 1.1
      }
    }