CVE-2014-0751
N/A
N/A
Summary
The CIMPLICITY Web-based access component, CimWebServer, does not check the location of shell files being loaded into the system. By modifying the source location, an attacker could send shell code to the CimWebServer which would deploy the nefarious files as part of any SCADA project. This could allow the attacker to execute arbitrary code.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| GE | Proficy HMI/SCADA - CIMPLICITY | 4.01 < 8.2 | affected |
| GE | Proficy Process Systems with CIMPLICITY | all versions | affected |
Weaknesses
- CWE-22: CWE-22
ADP Enrichment
CVE Program Container
Additional References
- http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01
- http://support.ge-ip.com/support/index?page=kbchannel&id=KB15940
- http://www.securityfocus.com/bid/65117
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-14-023-01
- http://support.ge-ip.com/support/index?page=kbchannel&id=KB15939
- http://www.securityfocus.com/bid/65124
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.