FKIE_CVE-2014-0751

Vulnerability from fkie_nvd - Published: 2014-01-25 22:55 - Updated: 2025-08-22 23:15
Severity ?
Summary
The CIMPLICITY Web-based access component, CimWebServer, does not check the location of shell files being loaded into the system. By modifying the source location, an attacker could send shell code to the CimWebServer which would deploy the nefarious files as part of any SCADA project. This could allow the attacker to execute arbitrary code.
References
ics-cert@hq.dhs.govhttp://support.ge-ip.com/support/index?page=kbchannel&id=KB15939
ics-cert@hq.dhs.govhttp://www.securityfocus.com/bid/65124
ics-cert@hq.dhs.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-14-023-01
af854a3a-2127-422b-91ae-364da2661108http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01
af854a3a-2127-422b-91ae-364da2661108http://support.ge-ip.com/support/index?page=kbchannel&id=KB15940Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/65117
Impacted products
Vendor Product Version
ge intelligent_platforms_proficy_hmi\%2fscada_cimplicity *
ge intelligent_platforms_proficy_hmi\/scada_cimplicity 4.01
ge intelligent_platforms_proficy_hmi\/scada_cimplicity 7.5
ge intelligent_platforms_proficy_hmi\/scada_cimplicity 8.0
ge intelligent_platforms_proficy_hmi\/scada_cimplicity 8.1
ge intelligent_platforms_proficy_hmi\/scada_cimplicity 8.2
ge intelligent_platforms_proficy_process_systems_with_cimplicity -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\%2fscada_cimplicity:*:sim24:*:*:*:*:*:*",
              "matchCriteriaId": "4C5EDB9D-01CD-4843-86CD-C834B726ACF1",
              "versionEndIncluding": "8.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:4.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C0B8CA7-2161-4603-B844-DE6C079DF36F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3BACB11-5CD3-4CA6-9C56-D71628CADF0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "90538C50-38BD-4EE5-BD30-96E2E2951FE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB261867-B9B1-4D3D-B2DE-3CC3164EFD06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "559DCD7A-0745-4D4C-A77A-83240EF6C510",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_process_systems_with_cimplicity:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD9711EA-2C95-41FA-8827-01FCB0ED4B06",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The CIMPLICITY Web-based access component, CimWebServer, does not check \nthe location of shell files being loaded into the system. By modifying \nthe source location, an attacker could send shell code to the \nCimWebServer which would deploy the nefarious files as part of any SCADA\n project. This could allow the attacker to execute arbitrary code."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en CimWebServer.exe (tambi\u00e9n conocido como el componente WebView) en GE Intelligent Platforms Proficy HMI / SCADA - CIMPLICITY anterior a  8.2 SIM  24 y Proficy Process con CIMPLICITY, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un mensaje manipulado a puerto TCP 10212  , tambi\u00e9n conocido como ZDI-CAN-1623."
    }
  ],
  "id": "CVE-2014-0751",
  "lastModified": "2025-08-22T23:15:30.233",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary",
        "userInteractionRequired": false
      },
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-01-25T22:55:04.583",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "http://support.ge-ip.com/support/index?page=kbchannel\u0026id=KB15939"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "http://www.securityfocus.com/bid/65124"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-023-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.ge-ip.com/support/index?page=kbchannel\u0026id=KB15940"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/65117"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.