Vulnerabilities > GE > Intelligent Platforms Proficy HMI Scada Cimplicity > 7.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-05 | CVE-2017-12732 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GE Intelligent Platforms Proficy Hmi/Scada Cimplicity A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. | 4.9 |
| 2015-01-17 | CVE-2014-2355 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GE Intelligent Platforms Proficy Hmi/Scada Cimplicity The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file. | 6.9 |
| 2014-01-25 | CVE-2014-0751 | Path Traversal vulnerability in GE products Directory traversal vulnerability in CimWebServer.exe (aka the WebView component) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted message to TCP port 10212, aka ZDI-CAN-1623. | 7.5 |
| 2014-01-25 | CVE-2014-0750 | Path Traversal vulnerability in GE products Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP request, aka ZDI-CAN-1622. | 7.5 |
| 2013-11-22 | CVE-2013-2823 | Improper Input Validation vulnerability in multiple products The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line. | 4.7 |
| 2013-11-22 | CVE-2013-2811 | Improper Input Validation vulnerability in multiple products The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet. | 7.1 |
| 2013-01-27 | CVE-2013-0654 | Improper Input Validation vulnerability in GE products CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary commands or cause a denial of service (daemon crash) via a crafted packet. | 9.3 |
| 2013-01-27 | CVE-2013-0653 | Path Traversal vulnerability in GE products Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to read arbitrary files via a crafted packet. | 4.3 |
| 2013-01-17 | CVE-2012-4689 | Numeric Errors vulnerability in GE products Integer overflow in CimWebServer.exe in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to cause a denial of service (daemon crash) via a malformed HTTP request. | 4.3 |