Page 2 of 10 results (0.004 seconds)

CVSS: 7.1EPSS: 0%CPEs: 19EXPL: 0

The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet. El driver (1) Catapult DNP3 I/O anterior a la versión 7.2.0.60 y (2) el driver GE Intelligent Platforms Proficy DNP3 I/O anterior a 7.20k, tal y como se usa en DNPDrv.exe (también conocido como servidor de estación maestro DNP) en GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY e iFIX, permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de paquetes DNP3 TCP manipulados. • http://ics-cert.us-cert.gov/advisories/ICSA-13-297-01 http://ics-cert.us-cert.gov/advisories/ICSA-13-297-02 http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15805 http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/15000/KB15805/en_US/GEIP13-04%20Security%20Advisory%20-%20Proficy%20HMI%20SCADA%20DNP3%20Driver%20from%20Catapult%20Software.pdf • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 31%CPEs: 4EXPL: 0

Multiple buffer overflows in CimWebServer.exe in the WebView component in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.0 SIM 27, 8.1 before SIM 25, and 8.2 before SIM 19, and Proficy Process Systems with CIMPLICITY, allow remote attackers to execute arbitrary code via crafted data in packets to TCP port 10212, aka ZDI-CAN-1621 and ZDI-CAN-1624. Múltiples vulnerabilidades de desbordamiento de búfer en GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY anterior a 8.0 SIM 27, 8.1 anterior a SIM 25, y 8.2 anterior a SIM 19, y Proficy Process Systems con CIMPLICITY, permite a atacantes remotos la ejecución de código arbitrario a través de datos manipulados en paquetes TCP hacia el puerto 10212. Aka ZDI-CAN-1621 y ZDI-CAN-1624. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE Proficy CIMPLICITY. Authentication is not required to exploit this vulnerability. • http://ics-cert.us-cert.gov/advisories/ICSA-13-170-01 http://support.ge-ip.com/support/index?page=kbchannel&id=KB15602 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 2%CPEs: 5EXPL: 0

Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to read arbitrary files via a crafted packet. Vulnerabilidad de salto de directorio en substitute.bcl en el subsistema WebView CimWeb en GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY v4.01 a la v8.0, y Proficy Process Systems con CIMPLICITY, permite a atacantes remotos lectura de ficheros arbitrarios a través de un paquete manipulado. • http://www.us-cert.gov/control_systems/pdf/ICSA-13-022-02.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0

CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary commands or cause a denial of service (daemon crash) via a crafted packet. CimWebServer en GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY v4.01 a la v8.0, y Proficy Process Systems con CIMPLICITY, permite a atacantes remotos ejecutar comandos arbitrarios o causar una denegación de servicio (caída del demonio) a través de un paquete manipulado. • http://www.us-cert.gov/control_systems/pdf/ICSA-13-022-02.pdf • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

Integer overflow in CimWebServer.exe in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to cause a denial of service (daemon crash) via a malformed HTTP request. Un desbordamiento de entero en CimWebServer.exe en GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY v4.01 hasta la v8.0, y Proficy Process Systems con CIMPLICITY, permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de una petición HTTP con formato incorrecto. • http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB15153 http://www.us-cert.gov/control_systems/pdf/ICSA-12-341-01.pdf • CWE-189: Numeric Errors •