VAR-202202-0307
Vulnerability from variot - Updated: 2023-12-21 22:02The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the system. GE Digital Provided by the company HMI and SCADA Is a platform Proficy CIMPLICITY There is a vulnerability in plaintext communication of sensitive information ( CWE-319 , CVE-2022-21798 ) Exists. CIMPLICITY Authentication information is communicated in clear text on the network.Authentication information sent in clear text may be stolen and the device may be manipulated illegally. GE CIMPLICITY is a client (server)-based HMI (SCADA) solution from General Electric (GE) in the United States. The solution can collect and share real-time and historical data between all levels of the enterprise, realizing process, equipment, Operational visualization of resource monitoring.
There is an information leakage vulnerability in GEProficy CIMPLICITY. An attacker can use this vulnerability to log in to the system and perform unauthorized operations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0307",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cimplicity",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": "*"
},
{
"model": "proficy cimplicity",
"scope": "eq",
"trust": 0.8,
"vendor": "ge \u30c7\u30b8\u30bf\u30eb",
"version": "all s"
},
{
"model": "proficy cimplicity",
"scope": "eq",
"trust": 0.8,
"vendor": "ge \u30c7\u30b8\u30bf\u30eb",
"version": null
},
{
"model": "proficy cimplicity",
"scope": null,
"trust": 0.6,
"vendor": "ge",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-98795"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001376"
},
{
"db": "NVD",
"id": "CVE-2022-21798"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21798"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Users are advised to refer to the",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1761"
}
],
"trust": 0.6
},
"cve": "CVE-2022-21798",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-98795",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-001376",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-21798",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-21798",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2022-001376",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2023-98795",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-1761",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-98795"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001376"
},
{
"db": "NVD",
"id": "CVE-2022-21798"
},
{
"db": "NVD",
"id": "CVE-2022-21798"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1761"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the system. GE Digital Provided by the company HMI and SCADA Is a platform Proficy CIMPLICITY There is a vulnerability in plaintext communication of sensitive information ( CWE-319 , CVE-2022-21798 ) Exists. CIMPLICITY Authentication information is communicated in clear text on the network.Authentication information sent in clear text may be stolen and the device may be manipulated illegally. GE CIMPLICITY is a client (server)-based HMI (SCADA) solution from General Electric (GE) in the United States. The solution can collect and share real-time and historical data between all levels of the enterprise, realizing process, equipment, Operational visualization of resource monitoring. \n\r\n\r\nThere is an information leakage vulnerability in GEProficy CIMPLICITY. An attacker can use this vulnerability to log in to the system and perform unauthorized operations",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-21798"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001376"
},
{
"db": "CNVD",
"id": "CNVD-2023-98795"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-21798",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-22-053-02",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU96846804",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001376",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-98795",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0787",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022305",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1761",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-98795"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001376"
},
{
"db": "NVD",
"id": "CVE-2022-21798"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1761"
}
]
},
"id": "VAR-202202-0307",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-98795"
}
],
"trust": 1.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-98795"
}
]
},
"last_update_date": "2023-12-21T22:02:59.477000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Secure\u00a0Deployment\u00a0Guide (Login required) GE\u00a0Digital",
"trust": 0.8,
"url": "https://digitalsupport.ge.com/communities/cc_login?starturl=%2fen_us%2fdocumentation%2fifix-secure-deployment-guide"
},
{
"title": "Patch for GE Proficy CIMPLICITY information leakage vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/358056"
},
{
"title": "General Electric Proficy Cimplicity Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=185279"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-98795"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001376"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1761"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.0
},
{
"problemtype": "Sending important information in clear text (CWE-319) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001376"
},
{
"db": "NVD",
"id": "CVE-2022-21798"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-053-02"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21798"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu96846804/"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-21798/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022305"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0787"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-053-02"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-98795"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001376"
},
{
"db": "NVD",
"id": "CVE-2022-21798"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1761"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-98795"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001376"
},
{
"db": "NVD",
"id": "CVE-2022-21798"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1761"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-98795"
},
{
"date": "2022-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-001376"
},
{
"date": "2022-02-25T19:15:23.723000",
"db": "NVD",
"id": "CVE-2022-21798"
},
{
"date": "2022-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1761"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-98795"
},
{
"date": "2022-02-28T07:33:00",
"db": "JVNDB",
"id": "JVNDB-2022-001376"
},
{
"date": "2022-03-08T15:38:39.317000",
"db": "NVD",
"id": "CVE-2022-21798"
},
{
"date": "2022-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1761"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1761"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE\u00a0Digital\u00a0 Made \u00a0Proficy\u00a0CIMPLICITY\u00a0 Vulnerability of plaintext communication of sensitive information in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001376"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1761"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…