Vulnerabilities > GE > Intelligent Platforms Proficy HMI Scada Cimplicity

DATE CVE VULNERABILITY TITLE RISK
2017-10-05 CVE-2017-12732 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GE Intelligent Platforms Proficy Hmi/Scada Cimplicity
A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior.
4.9
2015-01-17 CVE-2014-2355 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GE Intelligent Platforms Proficy Hmi/Scada Cimplicity
The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file.
local
ge CWE-119
6.9
2014-01-25 CVE-2014-0751 Path Traversal vulnerability in GE products
Directory traversal vulnerability in CimWebServer.exe (aka the WebView component) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted message to TCP port 10212, aka ZDI-CAN-1623.
network
low complexity
ge CWE-22
7.5
2014-01-25 CVE-2014-0750 Path Traversal vulnerability in GE products
Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP request, aka ZDI-CAN-1622.
network
low complexity
ge CWE-22
7.5
2013-11-22 CVE-2013-2823 Improper Input Validation vulnerability in multiple products
The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line.
4.7
2013-11-22 CVE-2013-2811 Improper Input Validation vulnerability in multiple products
The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet.
7.1
2013-07-31 CVE-2013-2785 Buffer Errors vulnerability in GE products
Multiple buffer overflows in CimWebServer.exe in the WebView component in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.0 SIM 27, 8.1 before SIM 25, and 8.2 before SIM 19, and Proficy Process Systems with CIMPLICITY, allow remote attackers to execute arbitrary code via crafted data in packets to TCP port 10212, aka ZDI-CAN-1621 and ZDI-CAN-1624.
network
ge CWE-119
critical
9.3
2013-01-27 CVE-2013-0654 Improper Input Validation vulnerability in GE products
CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary commands or cause a denial of service (daemon crash) via a crafted packet.
network
ge CWE-20
critical
9.3
2013-01-27 CVE-2013-0653 Path Traversal vulnerability in GE products
Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to read arbitrary files via a crafted packet.
network
ge CWE-22
4.3
2013-01-17 CVE-2012-4689 Numeric Errors vulnerability in GE products
Integer overflow in CimWebServer.exe in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to cause a denial of service (daemon crash) via a malformed HTTP request.
network
ge CWE-189
4.3