Vulnerability Details CVE-2014-0751
The CIMPLICITY Web-based access component, CimWebServer, does not check
the location of shell files being loaded into the system. By modifying
the source location, an attacker could send shell code to the
CimWebServer which would deploy the nefarious files as part of any SCADA
project. This could allow the attacker to execute arbitrary code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 78.9%
CVSS Severity
CVSS v2 Score 6.8
References
- http://support.ge-ip.com/support/index?page=kbchannel&id=KB15939
- http://www.securityfocus.com/bid/65124
- https://www.cisa.gov/news-events/ics-advisories/icsa-14-023-01
- http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01
- http://support.ge-ip.com/support/index?page=kbchannel&id=KB15940
- http://www.securityfocus.com/bid/65117
Products affected by CVE-2014-0751
-
cpe:2.3:a:ge:intelligent_platforms_proficy_hmi%2fscada_cimplicity:8.2
-
cpe:2.3:a:ge:intelligent_platforms_proficy_hmi/scada_cimplicity:4.01
-
cpe:2.3:a:ge:intelligent_platforms_proficy_hmi/scada_cimplicity:7.5
-
cpe:2.3:a:ge:intelligent_platforms_proficy_hmi/scada_cimplicity:8.0
-
cpe:2.3:a:ge:intelligent_platforms_proficy_hmi/scada_cimplicity:8.1
-
cpe:2.3:a:ge:intelligent_platforms_proficy_hmi/scada_cimplicity:8.2
-
cpe:2.3:a:ge:intelligent_platforms_proficy_process_systems_with_cimplicity:-