CVSS: 4.7EPSS: 0%CPEs: 19EXPL: 0CVE-2013-2823
https://notcve.org/view.php?id=CVE-2013-2823
The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line. El driver (1) Catapult DNP3 I/O anterior a la versión 7.2.0.60 y el driver (2) GE Intelligent Platforms Proficy DNP3 I/O anterior a la versión 7.20k, tal y como se usa en DNPDrv.exe (también conocido como servidor de estación maestro DNP) en GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY y iFIX, permite físicamente a atacantes próximos provocar una denegación de servicio (bucle infinito) a través de una entrada manipulada sobre una linea de serie. • http://ics-cert.us-cert.gov/advisories/ICSA-13-297-01 http://ics-cert.us-cert.gov/advisories/ICSA-13-297-02 http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15805 http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/15000/KB15805/en_US/GEIP13-04%20Security%20Advisory%20-%20Proficy%20HMI%20SCADA%20DNP3%20Driver%20from%20Catapult%20Software.pdf • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 2%CPEs: 5EXPL: 0CVE-2013-0653 – GE Proficy Cimplicity WebView Substitute.bcl Directory Traversal
https://notcve.org/view.php?id=CVE-2013-0653
Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to read arbitrary files via a crafted packet. Vulnerabilidad de salto de directorio en substitute.bcl en el subsistema WebView CimWeb en GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY v4.01 a la v8.0, y Proficy Process Systems con CIMPLICITY, permite a atacantes remotos lectura de ficheros arbitrarios a través de un paquete manipulado. • http://www.us-cert.gov/control_systems/pdf/ICSA-13-022-02.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2013-0654
https://notcve.org/view.php?id=CVE-2013-0654
CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary commands or cause a denial of service (daemon crash) via a crafted packet. CimWebServer en GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY v4.01 a la v8.0, y Proficy Process Systems con CIMPLICITY, permite a atacantes remotos ejecutar comandos arbitrarios o causar una denegación de servicio (caída del demonio) a través de un paquete manipulado. • http://www.us-cert.gov/control_systems/pdf/ICSA-13-022-02.pdf • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2012-4689
https://notcve.org/view.php?id=CVE-2012-4689
Integer overflow in CimWebServer.exe in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to cause a denial of service (daemon crash) via a malformed HTTP request. Un desbordamiento de entero en CimWebServer.exe en GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY v4.01 hasta la v8.0, y Proficy Process Systems con CIMPLICITY, permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de una petición HTTP con formato incorrecto. • http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15153 http://www.us-cert.gov/control_systems/pdf/ICSA-12-341-01.pdf • CWE-189: Numeric Errors •