CVE-2014-0751 – GE Proficy CIMPLICITY CimWebServer File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0751
Directory traversal vulnerability in CimWebServer.exe (aka the WebView component) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted message to TCP port 10212, aka ZDI-CAN-1623. Vulnerabilidad de salto de directorio en CimWebServer.exe (también conocido como el componente WebView) en GE Intelligent Platforms Proficy HMI / SCADA - CIMPLICITY anterior a 8.2 SIM 24 y Proficy Process con CIMPLICITY, permite a atacantes remotos ejecutar código arbitrario a través de un mensaje manipulado a puerto TCP 10212 , también conocido como ZDI-CAN-1623. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE Proficy CIMPLICITY. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CimWebServer component. • http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01 http://support.ge-ip.com/support/index?page=kbchannel&id=KB15940 http://www.securityfocus.com/bid/65117 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2014-0750 – GE Proficy CIMPLICITY gefebt.exe File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0750
Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP request, aka ZDI-CAN-1622. Vulnerabilidad de recorrido de directorios en gefebt.exe en los componentes WebView CimWeb de GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY hasta 8.2 SIM 24, y Proficy Process Systems with CIMPLICITY, permite a atacantes remotos ejecutar código de forma arbitraria a través de una petición HTTP manipulada, tambien conocido como ZDI-CAN-1622. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE Proficy CIMPLICITY. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gefebt.exe component. • https://www.exploit-db.com/exploits/31987 http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01 http://support.ge-ip.com/support/index?page=kbchannel&id=KB15939 http://www.securityfocus.com/bid/65124 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2013-2785 – GE Proficy CIMPLICITY CimWebServer Broadcase/Init Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-2785
Multiple buffer overflows in CimWebServer.exe in the WebView component in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.0 SIM 27, 8.1 before SIM 25, and 8.2 before SIM 19, and Proficy Process Systems with CIMPLICITY, allow remote attackers to execute arbitrary code via crafted data in packets to TCP port 10212, aka ZDI-CAN-1621 and ZDI-CAN-1624. Múltiples vulnerabilidades de desbordamiento de búfer en GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY anterior a 8.0 SIM 27, 8.1 anterior a SIM 25, y 8.2 anterior a SIM 19, y Proficy Process Systems con CIMPLICITY, permite a atacantes remotos la ejecución de código arbitrario a través de datos manipulados en paquetes TCP hacia el puerto 10212. Aka ZDI-CAN-1621 y ZDI-CAN-1624. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE Proficy CIMPLICITY. Authentication is not required to exploit this vulnerability. • http://ics-cert.us-cert.gov/advisories/ICSA-13-170-01 http://support.ge-ip.com/support/index?page=kbchannel&id=KB15602 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-0653 – GE Proficy Cimplicity WebView Substitute.bcl Directory Traversal
https://notcve.org/view.php?id=CVE-2013-0653
Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to read arbitrary files via a crafted packet. Vulnerabilidad de salto de directorio en substitute.bcl en el subsistema WebView CimWeb en GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY v4.01 a la v8.0, y Proficy Process Systems con CIMPLICITY, permite a atacantes remotos lectura de ficheros arbitrarios a través de un paquete manipulado. • http://www.us-cert.gov/control_systems/pdf/ICSA-13-022-02.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2013-0654
https://notcve.org/view.php?id=CVE-2013-0654
CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary commands or cause a denial of service (daemon crash) via a crafted packet. CimWebServer en GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY v4.01 a la v8.0, y Proficy Process Systems con CIMPLICITY, permite a atacantes remotos ejecutar comandos arbitrarios o causar una denegación de servicio (caída del demonio) a través de un paquete manipulado. • http://www.us-cert.gov/control_systems/pdf/ICSA-13-022-02.pdf • CWE-20: Improper Input Validation •