Details of VAR-201301-0371

ID

VAR-201301-0371

CVE

CVE-2013-0653

TITLE

GE Proficy CIMPLICITY Directory Traversal Vulnerability

Trust: 1.4

sources: IVD: 1f593d28-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-00503 // CNNVD: CNNVD-201301-447

DESCRIPTION

Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to read arbitrary files via a crafted packet. GE Intelligent Platforms is a software and hardware product, service and expertise for users in the field of automation control and embedded. GE Proficy CIMPLICITY is the PC configuration software. GE Proficy CIMPLICITY WebView CimWeb component (substitute.bcl) does not properly check input variables and send malicious packets to TCP port 80. Attackers can view and download files on the server through directory traversal attacks. The CIMPLICITY component is prone to a directory-traversal vulnerability and a remote command-execution vulnerability because it fails to properly validate user-supplied data. Failed exploit attempts will result in a denial-of-service condition. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: GE Intelligent Platforms Products Two Vulnerabilities SECUNIA ADVISORY ID: SA51936 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51936/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51936 RELEASE DATE: 2013-01-24 DISCUSS ADVISORY: http://secunia.com/advisories/51936/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51936/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51936 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in GE Intelligent Platforms products, which can be exploited by malicious users to disclose certain sensitive information and compromise a vulnerable system. 2) An unspecified error exists in CimWebServer when processing packets and can be exploited to e.g. run arbitrary commands by sending a specially-crafted packet. NOTE: CIMPLICITY built-in Web server component is not enabled by default. The vulnerabilities are reported in the following products: * Proficy HMI/SCADA \x96 CIMPLICITY version 4.01 and greater * Proficy Process Systems with CIMPLICITY SOLUTION: Apply updates (please see the vendor's advisory for details). Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: ICSA-13-022-02: http://www.us-cert.gov/control_systems/pdf/ICSA-13-022-02.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.7

sources: NVD: CVE-2013-0653 // JVNDB: JVNDB-2013-001289 // CNVD: CNVD-2013-00503 // BID: 57505 // IVD: 1f593d28-2353-11e6-abef-000c29c66e3d // PACKETSTORM: 119821

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 1f593d28-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-00503

AFFECTED PRODUCTS

vendor:	ge	model:	intelligent platforms proficy process systems with cimplicity	scope:	eq	version:	-	Trust: 1.6
vendor:	ge	model:	intelligent platforms proficy hmi\/scada cimplicity	scope:	eq	version:	7.5	Trust: 1.6
vendor:	ge	model:	intelligent platforms proficy hmi\/scada cimplicity	scope:	eq	version:	4.01	Trust: 1.6
vendor:	ge	model:	intelligent platforms proficy hmi\/scada cimplicity	scope:	eq	version:	8.0	Trust: 1.6
vendor:	ge	model:	intelligent platforms proficy process systems	scope:	eq	version:	-	Trust: 1.0
vendor:	general electric	model:	proficy hmi/scada - cimplicity	scope:	eq	version:	4.01 and later	Trust: 0.8
vendor:	general electric	model:	proficy process systems with cimplicity	scope:	-	version:	-	Trust: 0.8
vendor:	general	model:	electric proficy hmi/scada \342\200\223 cimplicity	scope:	lte	version:	<=4.01	Trust: 0.6
vendor:	general	model:	electric proficy process systems with cimplicity	scope:	-	version:	-	Trust: 0.6
vendor:	intelligent platforms proficy hmi scada cimplicity	model:	-	scope:	eq	version:	4.01	Trust: 0.2
vendor:	intelligent platforms proficy hmi scada cimplicity	model:	-	scope:	eq	version:	7.5	Trust: 0.2
vendor:	intelligent platforms proficy hmi scada cimplicity	model:	-	scope:	eq	version:	8.0	Trust: 0.2

sources: IVD: 1f593d28-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-00503 // JVNDB: JVNDB-2013-001289 // CNNVD: CNNVD-201301-447 // NVD: CVE-2013-0653

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-0653
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-0653
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201301-447
value:	MEDIUM
Trust: 0.6
IVD:	1f593d28-2353-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

nvd@nist.gov:	CVE-2013-0653
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	1f593d28-2353-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 1f593d28-2353-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2013-001289 // CNNVD: CNNVD-201301-447 // NVD: CVE-2013-0653

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2013-001289 // NVD: CVE-2013-0653

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201301-447

TYPE

Path traversal

Trust: 0.8

sources: IVD: 1f593d28-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201301-447

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-001289

PATCH

title:	Proficy HMI/SCADA - CIMPLICITY	url:	http://www.ge-ip.com/products/proficy-hmi-scada-cimplicity/p2819	Trust: 0.8
title:	監視制御ソフトウェア(SCADA) CIMPLICITY	url:	http://www.ge-ip.co.jp/cimpli-ta.html	Trust: 0.8
title:	GE Proficy CIMPLICITY Directory Traversal Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/31211	Trust: 0.6

sources: CNVD: CNVD-2013-00503 // JVNDB: JVNDB-2013-001289

EXTERNAL IDS

db:	NVD	id:	CVE-2013-0653	Trust: 3.5
db:	ICS CERT	id:	ICSA-13-022-02	Trust: 3.4
db:	BID	id:	57505	Trust: 0.9
db:	CNVD	id:	CNVD-2013-00503	Trust: 0.8
db:	CNNVD	id:	CNNVD-201301-447	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-001289	Trust: 0.8
db:	SECUNIA	id:	51936	Trust: 0.8
db:	IVD	id:	1F593D28-2353-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	PACKETSTORM	id:	119821	Trust: 0.1

sources: IVD: 1f593d28-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-00503 // BID: 57505 // JVNDB: JVNDB-2013-001289 // PACKETSTORM: 119821 // CNNVD: CNNVD-201301-447 // NVD: CVE-2013-0653

REFERENCES

url:	http://www.us-cert.gov/control_systems/pdf/icsa-13-022-02.pdf	Trust: 3.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0653	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0653	Trust: 0.8
url:	http://secunia.com/advisories/51936	Trust: 0.6
url:	http://www.securityfocus.com/bid/57505	Trust: 0.6
url:	http://www.ge-ip.com/products/proficy-hmi-scada-cimplicity/p2819	Trust: 0.3
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=51936	Trust: 0.1
url:	http://secunia.com/advisories/51936/	Trust: 0.1
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/advisories/51936/#comments	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/blog/325/	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2013-00503 // BID: 57505 // JVNDB: JVNDB-2013-001289 // PACKETSTORM: 119821 // CNNVD: CNNVD-201301-447 // NVD: CVE-2013-0653

CREDITS

Vendor reported these issues.

Trust: 0.3

sources: BID: 57505

SOURCES

db:	IVD	id:	1f593d28-2353-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2013-00503
db:	BID	id:	57505
db:	JVNDB	id:	JVNDB-2013-001289
db:	PACKETSTORM	id:	119821
db:	CNNVD	id:	CNNVD-201301-447
db:	NVD	id:	CVE-2013-0653

LAST UPDATE DATE

2024-11-23T22:27:29.635000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-00503	date:	2013-05-27T00:00:00
db:	BID	id:	57505	date:	2013-01-22T00:00:00
db:	JVNDB	id:	JVNDB-2013-001289	date:	2013-02-13T00:00:00
db:	CNNVD	id:	CNNVD-201301-447	date:	2013-01-28T00:00:00
db:	NVD	id:	CVE-2013-0653	date:	2024-11-21T01:47:57.110

SOURCES RELEASE DATE

db:	IVD	id:	1f593d28-2353-11e6-abef-000c29c66e3d	date:	2013-01-24T00:00:00
db:	CNVD	id:	CNVD-2013-00503	date:	2013-01-24T00:00:00
db:	BID	id:	57505	date:	2013-01-22T00:00:00
db:	JVNDB	id:	JVNDB-2013-001289	date:	2013-01-29T00:00:00
db:	PACKETSTORM	id:	119821	date:	2013-01-25T03:08:56
db:	CNNVD	id:	CNNVD-201301-447	date:	2013-01-24T00:00:00
db:	NVD	id:	CVE-2013-0653	date:	2013-01-27T18:55:03.460