cvelistv5 - CVE-2016-9360

CVE-2016-9360 (GCVE-0-2016-9360)

Vulnerability from cvelistv5 – Published: 2017-02-13 21:00 – Updated: 2024-08-06 02:50

Summary

Severity ?

No CVSS data available.

CWE

GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian retrieve user passwords

Assigner

icscert

References

URL

Tags

	http://www.securitytracker.com/id/1037809	vdb-entryx_refsource_SECTRACK
	https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A	x_refsource_MISC
	http://www.securityfocus.com/bid/95630	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian	Affected: GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:50:36.954Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1037809",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037809"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A"
          },
          {
            "name": "95630",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95630"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian"
            }
          ]
        }
      ],
      "datePublic": "2017-02-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian retrieve user passwords",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-24T12:57:01",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "name": "1037809",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037809"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A"
        },
        {
          "name": "95630",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95630"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2016-9360",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian retrieve user passwords"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1037809",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037809"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A"
            },
            {
              "name": "95630",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95630"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2016-9360",
    "datePublished": "2017-02-13T21:00:00",
    "dateReserved": "2016-11-16T00:00:00",
    "dateUpdated": "2024-08-06T02:50:36.954Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"9.0\", \"matchCriteriaId\": \"B1F646B5-A9D5-4D7A-A39E-B7393B2926B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ge:historian:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.0\", \"matchCriteriaId\": \"58D8576D-3745-47AC-AFB5-AD7BEC33E906\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ge:ifix:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.8\", \"matchCriteriaId\": \"D226196E-5F36-4919-B975-AFDAE6340855\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session.\"}, {\"lang\": \"es\", \"value\": \"Se encontr\\u00f3 un problema en General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 y versiones anteriores, Proficy HMI/SCADA CIMPLICITY Versi\\u00f3n 9.0 y versiones anteriores y Proficy Historian Versi\\u00f3n 6.0 y versiones anteriores. Un atacante puede recuperar contrase\\u00f1as de usuario si tiene acceso a una sesi\\u00f3n autenticada.\"}]",
      "id": "CVE-2016-9360",
      "lastModified": "2024-11-21T03:01:01.070",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L\", \"baseScore\": 6.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 5.3}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.4, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2017-02-13T21:59:02.050",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/95630\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1037809\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Mitigation\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/95630\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1037809\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-522\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-9360\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2017-02-13T21:59:02.050\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un problema en General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 y versiones anteriores, Proficy HMI/SCADA CIMPLICITY Versi\u00f3n 9.0 y versiones anteriores y Proficy Historian Versi\u00f3n 6.0 y versiones anteriores. Un atacante puede recuperar contrase\u00f1as de usuario si tiene acceso a una sesi\u00f3n autenticada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":0.8,\"impactScore\":5.3}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":4.4,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.0\",\"matchCriteriaId\":\"B1F646B5-A9D5-4D7A-A39E-B7393B2926B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ge:historian:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.0\",\"matchCriteriaId\":\"58D8576D-3745-47AC-AFB5-AD7BEC33E906\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ge:ifix:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.8\",\"matchCriteriaId\":\"D226196E-5F36-4919-B975-AFDAE6340855\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/95630\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037809\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/95630\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1037809\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}

VAR-201702-0859

Vulnerability from variot - Updated: 2023-12-18 13:39

An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session. GE Proficy HMI/SCADA-CIMPLICITY is a client/server based HMI/SCADA solution from General Electric (GE). The solution captures and shares real-time and historical data across all levels of the enterprise, enabling visualization of processes, equipment, and resource monitoring operations. Proficy Historian is a factory system that collects, archives and distributes a large amount of real-time data at high speed, which significantly improves operational visibility and profit and loss settlement lines. Local vulnerabilities can exploit this vulnerability to obtain sensitive information. Multiple GE products are prone to a local information-disclosure vulnerability

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0859",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "cimplicity",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ge",
        "version": "9.0"
      },
      {
        "model": "historian",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ge",
        "version": "6.0"
      },
      {
        "model": "ifix",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ge",
        "version": "5.8"
      },
      {
        "model": "cimplicity",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "general electric",
        "version": "9.0"
      },
      {
        "model": "historian",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "general electric",
        "version": "6.0"
      },
      {
        "model": "ifix",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "general electric",
        "version": "5.8 sim 13"
      },
      {
        "model": "electric proficy historian",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "general",
        "version": "\u003c=6.0"
      },
      {
        "model": "electric proficy hmi/scada cimplicity",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "general",
        "version": "\u003c=9.0"
      },
      {
        "model": "electric proficy hmi/scada ifix sim",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "general",
        "version": "\u003c=5.813"
      },
      {
        "model": "historian",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "general electric",
        "version": "6.0"
      },
      {
        "model": "ifix",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "general electric",
        "version": "5.8"
      },
      {
        "model": "cimplicity",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "general electric",
        "version": "9.0"
      },
      {
        "model": "proficy hmi/scada ifix sim",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ge",
        "version": "5.813"
      },
      {
        "model": "proficy hmi/scada ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ge",
        "version": "5.5"
      },
      {
        "model": "proficy hmi/scada ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ge",
        "version": "5.1"
      },
      {
        "model": "proficy hmi/scada ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ge",
        "version": "5.0"
      },
      {
        "model": "proficy hmi/scada ifix",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ge",
        "version": "4.0"
      },
      {
        "model": "proficy hmi/scada cimplicity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ge",
        "version": "9.0"
      },
      {
        "model": "proficy hmi/scada cimplicity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ge",
        "version": "8.0"
      },
      {
        "model": "proficy hmi/scada cimplicity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ge",
        "version": "7.0"
      },
      {
        "model": "proficy historian",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ge",
        "version": "6.0"
      },
      {
        "model": "proficy historian",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ge",
        "version": "5.5"
      },
      {
        "model": "proficy historian",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ge",
        "version": "4.5"
      },
      {
        "model": "proficy historian",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ge",
        "version": "4.0"
      },
      {
        "model": "proficy historian",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ge",
        "version": "3.5"
      },
      {
        "model": "proficy hmi/scada ifix sim",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ge",
        "version": "5.814"
      },
      {
        "model": "proficy hmi/scada cimplicity",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ge",
        "version": "9.5"
      },
      {
        "model": "proficy historian",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "ge",
        "version": "7.0"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "cimplicity",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "historian",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "ifix",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "8e677a52-d1d3-4559-96bd-040386314b48"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-00906"
      },
      {
        "db": "BID",
        "id": "95630"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007952"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9360"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-692"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ge:historian:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ge:ifix:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.8",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-9360"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "95630"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-9360",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.4,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-9360",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 1.9,
            "id": "CNVD-2017-00906",
            "impactScore": 8.5,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:H/Au:N/C:C/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 1.9,
            "id": "8e677a52-d1d3-4559-96bd-040386314b48",
            "impactScore": 8.5,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:L/AC:H/Au:N/C:C/I:P/A:P",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "LOW",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.8,
            "impactScore": 5.3,
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "Low",
            "baseScore": 6.7,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-9360",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "High",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-9360",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-00906",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201701-692",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "8e677a52-d1d3-4559-96bd-040386314b48",
            "trust": 0.2,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "8e677a52-d1d3-4559-96bd-040386314b48"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-00906"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007952"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9360"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-692"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session. GE Proficy HMI/SCADA-CIMPLICITY is a client/server based HMI/SCADA solution from General Electric (GE). The solution captures and shares real-time and historical data across all levels of the enterprise, enabling visualization of processes, equipment, and resource monitoring operations. Proficy Historian is a factory system that collects, archives and distributes a large amount of real-time data at high speed, which significantly improves operational visibility and profit and loss settlement lines. Local vulnerabilities can exploit this vulnerability to obtain sensitive information. Multiple GE products are prone to a local information-disclosure vulnerability",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-9360"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007952"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-00906"
      },
      {
        "db": "BID",
        "id": "95630"
      },
      {
        "db": "IVD",
        "id": "8e677a52-d1d3-4559-96bd-040386314b48"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-9360",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "95630",
        "trust": 2.5
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-16-336-05",
        "trust": 1.7
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-16-336-05A",
        "trust": 1.6
      },
      {
        "db": "SECTRACK",
        "id": "1037809",
        "trust": 1.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-00906",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-692",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007952",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "8E677A52-D1D3-4559-96BD-040386314B48",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "8e677a52-d1d3-4559-96bd-040386314b48"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-00906"
      },
      {
        "db": "BID",
        "id": "95630"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007952"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9360"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-692"
      }
    ]
  },
  "id": "VAR-201702-0859",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "8e677a52-d1d3-4559-96bd-040386314b48"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-00906"
      }
    ],
    "trust": 1.4808041200000002
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "8e677a52-d1d3-4559-96bd-040386314b48"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-00906"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:39:04.182000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://digitalsupport.ge.com/communities/cc_home"
      },
      {
        "title": "Patches for multiple GE product local information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/88599"
      },
      {
        "title": "Multiple GE Product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=67287"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-00906"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007952"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-692"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-522",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007952"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9360"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/95630"
      },
      {
        "trust": 1.6,
        "url": "http://www.securitytracker.com/id/1037809"
      },
      {
        "trust": 1.6,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-336-05a"
      },
      {
        "trust": 1.4,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-336-05"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9360"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-9360"
      },
      {
        "trust": 0.3,
        "url": "https://www.ge.com/"
      },
      {
        "trust": 0.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-336-05 "
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-00906"
      },
      {
        "db": "BID",
        "id": "95630"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007952"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9360"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-692"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "8e677a52-d1d3-4559-96bd-040386314b48"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-00906"
      },
      {
        "db": "BID",
        "id": "95630"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007952"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9360"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-692"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-02-05T00:00:00",
        "db": "IVD",
        "id": "8e677a52-d1d3-4559-96bd-040386314b48"
      },
      {
        "date": "2017-02-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-00906"
      },
      {
        "date": "2017-01-17T00:00:00",
        "db": "BID",
        "id": "95630"
      },
      {
        "date": "2017-03-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-007952"
      },
      {
        "date": "2017-02-13T21:59:02.050000",
        "db": "NVD",
        "id": "CVE-2016-9360"
      },
      {
        "date": "2017-01-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201701-692"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-02-05T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-00906"
      },
      {
        "date": "2017-01-23T03:11:00",
        "db": "BID",
        "id": "95630"
      },
      {
        "date": "2017-03-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-007952"
      },
      {
        "date": "2022-02-03T19:40:11.877000",
        "db": "NVD",
        "id": "CVE-2016-9360"
      },
      {
        "date": "2022-02-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201701-692"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "95630"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-692"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  General Electric Proficy Vulnerability to obtain user password in product",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-007952"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201701-692"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2017-00906

Vulnerability from cnvd - Published: 2017-02-05

Title

多款GE产品本地信息泄露漏洞

Description

GE Proficy HMI/SCADA-CIMPLICITY是美国通用电气（GE）公司的一款基于客户端/服务器的HMI/SCADA解决方案。该方案能够在企业各个层级之间采集并共享实时和历史数据，实现过程、设备、资源监控的操作可视化。Proficy Historian一个能高速收集、归档和分配超大量实时数据的工厂系统，它显著地提高了运营的能见度以及盈亏结算线。 Proficy HMI/SCADA iFIX 5.8 SIM 13及其之前的版本，Proficy HMI/SCADA CIMPLICITY 9.0及其之前的版本和Proficy Historian 6.0及其之前的版本存在本地信息泄露漏洞。本地攻击者可利用此漏洞获取敏感信息。

Severity

中

Patch Name

多款GE产品本地信息泄露漏洞的补丁

Patch Description

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05

Impacted products

Name
['General Electric Proficy Historian <=6.0', 'General Electric Proficy HMI/SCADA CIMPLICITY <=9.0', 'General Electric Proficy HMI/SCADA iFIX <=5.8 SIM 13']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "95630"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-9360",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9360"
    }
  },
  "description": "GE Proficy HMI/SCADA-CIMPLICITY\u662f\u7f8e\u56fd\u901a\u7528\u7535\u6c14\uff08GE\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u57fa\u4e8e\u5ba2\u6237\u7aef/\u670d\u52a1\u5668\u7684HMI/SCADA\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u80fd\u591f\u5728\u4f01\u4e1a\u5404\u4e2a\u5c42\u7ea7\u4e4b\u95f4\u91c7\u96c6\u5e76\u5171\u4eab\u5b9e\u65f6\u548c\u5386\u53f2\u6570\u636e\uff0c\u5b9e\u73b0\u8fc7\u7a0b\u3001\u8bbe\u5907\u3001\u8d44\u6e90\u76d1\u63a7\u7684\u64cd\u4f5c\u53ef\u89c6\u5316\u3002Proficy Historian\u4e00\u4e2a\u80fd\u9ad8\u901f\u6536\u96c6\u3001\u5f52\u6863\u548c\u5206\u914d\u8d85\u5927\u91cf\u5b9e\u65f6\u6570\u636e\u7684\u5de5\u5382\u7cfb\u7edf\uff0c\u5b83\u663e\u8457\u5730\u63d0\u9ad8\u4e86\u8fd0\u8425\u7684\u80fd\u89c1\u5ea6\u4ee5\u53ca\u76c8\u4e8f\u7ed3\u7b97\u7ebf\u3002\r\n\r\nProficy HMI/SCADA iFIX 5.8 SIM 13\u53ca\u5176\u4e4b\u524d\u7684\u7248\u672c\uff0cProficy HMI/SCADA CIMPLICITY 9.0\u53ca\u5176\u4e4b\u524d\u7684\u7248\u672c\u548cProficy Historian 6.0\u53ca\u5176\u4e4b\u524d\u7684\u7248\u672c\u5b58\u5728\u672c\u5730\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "General Electric",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://ics-cert.us-cert.gov/advisories/ICSA-16-336-05",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-00906",
  "openTime": "2017-02-05",
  "patchDescription": "GE Proficy HMI/SCADA-CIMPLICITY\u662f\u7f8e\u56fd\u901a\u7528\u7535\u6c14\uff08GE\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u57fa\u4e8e\u5ba2\u6237\u7aef/\u670d\u52a1\u5668\u7684HMI/SCADA\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u80fd\u591f\u5728\u4f01\u4e1a\u5404\u4e2a\u5c42\u7ea7\u4e4b\u95f4\u91c7\u96c6\u5e76\u5171\u4eab\u5b9e\u65f6\u548c\u5386\u53f2\u6570\u636e\uff0c\u5b9e\u73b0\u8fc7\u7a0b\u3001\u8bbe\u5907\u3001\u8d44\u6e90\u76d1\u63a7\u7684\u64cd\u4f5c\u53ef\u89c6\u5316\u3002Proficy Historian\u4e00\u4e2a\u80fd\u9ad8\u901f\u6536\u96c6\u3001\u5f52\u6863\u548c\u5206\u914d\u8d85\u5927\u91cf\u5b9e\u65f6\u6570\u636e\u7684\u5de5\u5382\u7cfb\u7edf\uff0c\u5b83\u663e\u8457\u5730\u63d0\u9ad8\u4e86\u8fd0\u8425\u7684\u80fd\u89c1\u5ea6\u4ee5\u53ca\u76c8\u4e8f\u7ed3\u7b97\u7ebf\u3002\r\n\r\nProficy HMI/SCADA iFIX 5.8 SIM 13\u53ca\u5176\u4e4b\u524d\u7684\u7248\u672c\uff0cProficy HMI/SCADA CIMPLICITY 9.0\u53ca\u5176\u4e4b\u524d\u7684\u7248\u672c\u548cProficy Historian 6.0\u53ca\u5176\u4e4b\u524d\u7684\u7248\u672c\u5b58\u5728\u672c\u5730\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eGE\u4ea7\u54c1\u672c\u5730\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "General Electric Proficy Historian \u003c=6.0",
      "General Electric Proficy HMI/SCADA CIMPLICITY \u003c=9.0",
      "General Electric Proficy HMI/SCADA iFIX \u003c=5.8 SIM 13"
    ]
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05",
  "serverity": "\u4e2d",
  "submitTime": "2017-01-20",
  "title": "\u591a\u6b3eGE\u4ea7\u54c1\u672c\u5730\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

GSD-2016-9360

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-9360

Aliases

CVE-2016-9360

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-9360",
    "description": "An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session.",
    "id": "GSD-2016-9360"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-9360"
      ],
      "details": "An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session.",
      "id": "GSD-2016-9360",
      "modified": "2023-12-13T01:21:21.276819Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2016-9360",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian retrieve user passwords"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1037809",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1037809"
          },
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A"
          },
          {
            "name": "95630",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/95630"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "9.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ge:historian:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ge:ifix:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.8",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2016-9360"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-522"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A",
              "refsource": "MISC",
              "tags": [
                "Mitigation",
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A"
            },
            {
              "name": "95630",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/95630"
            },
            {
              "name": "1037809",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1037809"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
            "version": "3.1"
          },
          "exploitabilityScore": 0.8,
          "impactScore": 5.3
        }
      },
      "lastModifiedDate": "2022-02-03T19:40Z",
      "publishedDate": "2017-02-13T21:59Z"
    }
  }
}

FKIE_CVE-2016-9360

Vulnerability from fkie_nvd - Published: 2017-02-13 21:59 - Updated: 2025-04-20 01:37

Severity ?

6.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/95630	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	http://www.securitytracker.com/id/1037809	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A	Mitigation, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/95630	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037809	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A	Mitigation, Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
ge	cimplicity	*
ge	historian	*
ge	ifix	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1F646B5-A9D5-4D7A-A39E-B7393B2926B8",
              "versionEndIncluding": "9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:historian:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "58D8576D-3745-47AC-AFB5-AD7BEC33E906",
              "versionEndIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:ifix:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D226196E-5F36-4919-B975-AFDAE6340855",
              "versionEndIncluding": "5.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 un problema en General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 y versiones anteriores, Proficy HMI/SCADA CIMPLICITY Versi\u00f3n 9.0 y versiones anteriores y Proficy Historian Versi\u00f3n 6.0 y versiones anteriores. Un atacante puede recuperar contrase\u00f1as de usuario si tiene acceso a una sesi\u00f3n autenticada."
    }
  ],
  "id": "CVE-2016-9360",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.3,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-13T21:59:02.050",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95630"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1037809"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Mitigation",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95630"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1037809"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-M2CQ-36CR-QCCV

Vulnerability from github – Published: 2022-05-13 01:04 – Updated: 2022-05-13 01:04

Details

Severity ?

6.7 (Medium)


                  
                    CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-9360"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-522"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-02-13T21:59:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session.",
  "id": "GHSA-m2cq-36cr-qccv",
  "modified": "2022-05-13T01:04:01Z",
  "published": "2022-05-13T01:04:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9360"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95630"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037809"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-9360 (GCVE-0-2016-9360)

VAR-201702-0859

CNVD-2017-00906

GSD-2016-9360

FKIE_CVE-2016-9360

GHSA-M2CQ-36CR-QCCV

Tags

Sightings

Nomenclature