VAR-202211-1447
Vulnerability from variot - Updated: 2023-12-18 11:55GE CIMPICITY versions 2022 and prior is
vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. General Electric Company of CIMPLICITY Exists in an uninitialized pointer access vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. GE CIMPLICITY HMI/SCADA Software is an automated industrial platform of General Electric (GE) in the United States. Provides true client-server visualization and control from a single machine to plant locations around the world, helping to manage operations and improve decision making.
There are security vulnerabilities in GE CIMPLICITY HMI/SCADA Software 2022 and earlier versions, which may be exploited by attackers to affect the confidentiality, availability, or integrity of the system. There are currently no vulnerability details. GE CIMPLICITY
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202211-1447",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cimplicity",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "2022"
},
{
"model": "cimplicity",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "2022 and earlier"
},
{
"model": "cimplicity",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "cimplicity",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "cimplicity hmi/scada software",
"scope": "lte",
"trust": 0.6,
"vendor": "ge",
"version": "\u003c=2022"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85524"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022588"
},
{
"db": "NVD",
"id": "CVE-2022-2952"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2022",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2952"
}
]
},
"cve": "CVE-2022-2952",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2022-85524",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-2952",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-2952",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-2952",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-85524",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202211-3423",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85524"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022588"
},
{
"db": "NVD",
"id": "CVE-2022-2952"
},
{
"db": "NVD",
"id": "CVE-2022-2952"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3423"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE CIMPICITY versions 2022 and prior is \n\nvulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. General Electric Company of CIMPLICITY Exists in an uninitialized pointer access vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. GE CIMPLICITY HMI/SCADA Software is an automated industrial platform of General Electric (GE) in the United States. Provides true client-server visualization and control from a single machine to plant locations around the world, helping to manage operations and improve decision making. \n\r\n\r\nThere are security vulnerabilities in GE CIMPLICITY HMI/SCADA Software 2022 and earlier versions, which may be exploited by attackers to affect the confidentiality, availability, or integrity of the system. There are currently no vulnerability details. GE CIMPLICITY",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-2952"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022588"
},
{
"db": "CNVD",
"id": "CNVD-2022-85524"
},
{
"db": "VULMON",
"id": "CVE-2022-2952"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-2952",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-22-326-04",
"trust": 2.5
},
{
"db": "AUSCERT",
"id": "ESB-2022.6117",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU95378145",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022588",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-85524",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3423",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-2952",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85524"
},
{
"db": "VULMON",
"id": "CVE-2022-2952"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022588"
},
{
"db": "NVD",
"id": "CVE-2022-2952"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3423"
}
]
},
"id": "VAR-202211-1447",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85524"
}
],
"trust": 1.1769231
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85524"
}
]
},
"last_update_date": "2023-12-18T11:55:56.849000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for GE CIMPLICITY HMI/SCADA Software has an unknown vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/364081"
},
{
"title": "GE CIMPLICITY HMI/SCADA Software Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=216703"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85524"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3423"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-824",
"trust": 1.0
},
{
"problemtype": "Accessing uninitialized pointers (CWE-824) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022588"
},
{
"db": "NVD",
"id": "CVE-2022-2952"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2952"
},
{
"trust": 1.2,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6117"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95378145/index.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-2952/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-85524"
},
{
"db": "VULMON",
"id": "CVE-2022-2952"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022588"
},
{
"db": "NVD",
"id": "CVE-2022-2952"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3423"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-85524"
},
{
"db": "VULMON",
"id": "CVE-2022-2952"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-022588"
},
{
"db": "NVD",
"id": "CVE-2022-2952"
},
{
"db": "CNNVD",
"id": "CNNVD-202211-3423"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-11-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-85524"
},
{
"date": "2023-11-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-022588"
},
{
"date": "2022-12-07T23:15:10.003000",
"db": "NVD",
"id": "CVE-2022-2952"
},
{
"date": "2022-11-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3423"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-85524"
},
{
"date": "2023-11-17T08:22:00",
"db": "JVNDB",
"id": "JVNDB-2022-022588"
},
{
"date": "2023-11-07T03:47:08.217000",
"db": "NVD",
"id": "CVE-2022-2952"
},
{
"date": "2022-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202211-3423"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3423"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "General\u00a0Electric\u00a0Company\u00a0 of \u00a0CIMPLICITY\u00a0 Vulnerability in accessing uninitialized pointers in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-022588"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202211-3423"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…