Vulnerability CVE-2013-2785


Published: 2013-07-31

Description:
Multiple buffer overflows in CimWebServer.exe in the WebView component in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.0 SIM 27, 8.1 before SIM 25, and 8.2 before SIM 19, and Proficy Process Systems with CIMPLICITY, allow remote attackers to execute arbitrary code via crafted data in packets to TCP port 10212, aka ZDI-CAN-1621 and ZDI-CAN-1624.

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
GE -> Intelligent platforms proficy hmi/scada cimplicity 
GE -> Intelligent platforms proficy process systems with cimplicity 

 References:
http://ics-cert.us-cert.gov/advisories/ICSA-13-170-01
http://support.ge-ip.com/support/index?page=kbchannel&id=KB15602

Copyright 2024, cxsecurity.com

 

Back to Top