CVE-2014-2355
N/A
Summary
The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| GE | Proficy HMI/SCADA–CIMPLICITY | 0 <= 8.2 | affected |
Weaknesses
- CWE-119: CWE-119
Workarounds
In cases where upgrading is not feasible, GE advises asset owners using CIMPLICITY versions prior to 8.1 to consider using the following recommendations that may mitigate or eliminate the impact of the vulnerability:
Take steps to properly secure and protect stored CIMPLICITY screen files (.CIM).
Avoid using .CIM files received from unknown sources.
Avoid sending unprotected .CIM files over unencrypted networks or public Internet.
Consider using a strong hashing algorithm to validate integrity of created .CIM files and ensure they have not been tampered with over time.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.