Vulnerability Details CVE-2017-12732
A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 48.0%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 4.9
References
Products affected by CVE-2017-12732
-
cpe:2.3:a:ge:intelligent_platforms_proficy_hmi/scada_cimplicity:4.01
-
cpe:2.3:a:ge:intelligent_platforms_proficy_hmi/scada_cimplicity:7.5
-
cpe:2.3:a:ge:intelligent_platforms_proficy_hmi/scada_cimplicity:8.0
-
cpe:2.3:a:ge:intelligent_platforms_proficy_hmi/scada_cimplicity:8.1
-
cpe:2.3:a:ge:intelligent_platforms_proficy_hmi/scada_cimplicity:8.2
-
cpe:2.3:a:ge:intelligent_platforms_proficy_hmi/scada_cimplicity:9.0