Details of VAR-201301-0372

ID

VAR-201301-0372

CVE

CVE-2013-0654

TITLE

GE Proficy CIMPLICITY Command execution vulnerability

Trust: 0.8

sources: IVD: 1f537014-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-00506

DESCRIPTION

CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary commands or cause a denial of service (daemon crash) via a crafted packet. GE Intelligent Platforms is a software and hardware product, service and expertise for users in the field of automation control and embedded. GE Proficy CIMPLICITY is the PC configuration software. The CIMPLICITY component is prone to a directory-traversal vulnerability and a remote command-execution vulnerability because it fails to properly validate user-supplied data. Failed exploit attempts will result in a denial-of-service condition. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: GE Intelligent Platforms Products Two Vulnerabilities SECUNIA ADVISORY ID: SA51936 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51936/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51936 RELEASE DATE: 2013-01-24 DISCUSS ADVISORY: http://secunia.com/advisories/51936/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51936/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51936 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in GE Intelligent Platforms products, which can be exploited by malicious users to disclose certain sensitive information and compromise a vulnerable system. 1) An unspecified error exists within the WebView CimWeb component (substitute.bcl) and can be exploited to disclose arbitrary files via directory traversal attacks. 2) An unspecified error exists in CimWebServer when processing packets and can be exploited to e.g. run arbitrary commands by sending a specially-crafted packet. NOTE: CIMPLICITY built-in Web server component is not enabled by default. The vulnerabilities are reported in the following products: * Proficy HMI/SCADA \x96 CIMPLICITY version 4.01 and greater * Proficy Process Systems with CIMPLICITY SOLUTION: Apply updates (please see the vendor's advisory for details). Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: ICSA-13-022-02: http://www.us-cert.gov/control_systems/pdf/ICSA-13-022-02.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.7

sources: NVD: CVE-2013-0654 // JVNDB: JVNDB-2013-001290 // CNVD: CNVD-2013-00506 // BID: 57505 // IVD: 1f537014-2353-11e6-abef-000c29c66e3d // PACKETSTORM: 119821

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 1f537014-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-00506

AFFECTED PRODUCTS

vendor:	ge	model:	intelligent platforms proficy hmi\/scada cimplicity	scope:	eq	version:	7.5	Trust: 1.6
vendor:	ge	model:	intelligent platforms proficy hmi\/scada cimplicity	scope:	eq	version:	8.0	Trust: 1.6
vendor:	ge	model:	intelligent platforms proficy hmi\/scada cimplicity	scope:	eq	version:	4.01	Trust: 1.6
vendor:	ge	model:	intelligent platforms proficy process systems with cimplicity	scope:	eq	version:	-	Trust: 1.6
vendor:	ge	model:	intelligent platforms proficy process systems	scope:	eq	version:	-	Trust: 1.0
vendor:	general electric	model:	proficy hmi/scada - cimplicity	scope:	eq	version:	4.01 and later	Trust: 0.8
vendor:	general electric	model:	proficy process systems with cimplicity	scope:	-	version:	-	Trust: 0.8
vendor:	general	model:	electric proficy hmi/scada \342\200\223 cimplicity	scope:	lte	version:	<=4.01	Trust: 0.6
vendor:	general	model:	electric proficy process systems with cimplicity	scope:	-	version:	-	Trust: 0.6
vendor:	intelligent platforms proficy hmi scada cimplicity	model:	-	scope:	eq	version:	4.01	Trust: 0.2
vendor:	intelligent platforms proficy hmi scada cimplicity	model:	-	scope:	eq	version:	7.5	Trust: 0.2
vendor:	intelligent platforms proficy hmi scada cimplicity	model:	-	scope:	eq	version:	8.0	Trust: 0.2

sources: IVD: 1f537014-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-00506 // JVNDB: JVNDB-2013-001290 // CNNVD: CNNVD-201301-448 // NVD: CVE-2013-0654

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-0654
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-0654
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201301-448
value:	CRITICAL
Trust: 0.6
IVD:	1f537014-2353-11e6-abef-000c29c66e3d
value:	CRITICAL
Trust: 0.2

nvd@nist.gov:	CVE-2013-0654
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	1f537014-2353-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 1f537014-2353-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2013-001290 // CNNVD: CNNVD-201301-448 // NVD: CVE-2013-0654

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2013-001290 // NVD: CVE-2013-0654

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201301-448

TYPE

Input validation

Trust: 0.8

sources: IVD: 1f537014-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201301-448

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-001290

PATCH

title:	Proficy HMI/SCADA - CIMPLICITY	url:	http://www.ge-ip.com/products/proficy-hmi-scada-cimplicity/p2819	Trust: 0.8
title:	監視制御ソフトウェア(SCADA) CIMPLICITY	url:	http://www.ge-ip.co.jp/cimpli-ta.html	Trust: 0.8
title:	Patch for GE Proficy CIMPLICITY Command Execution Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/31191	Trust: 0.6

sources: CNVD: CNVD-2013-00506 // JVNDB: JVNDB-2013-001290

EXTERNAL IDS

db:	NVD	id:	CVE-2013-0654	Trust: 3.5
db:	ICS CERT	id:	ICSA-13-022-02	Trust: 3.4
db:	BID	id:	57505	Trust: 0.9
db:	CNVD	id:	CNVD-2013-00506	Trust: 0.8
db:	CNNVD	id:	CNNVD-201301-448	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-001290	Trust: 0.8
db:	SECUNIA	id:	51936	Trust: 0.8
db:	IVD	id:	1F537014-2353-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	PACKETSTORM	id:	119821	Trust: 0.1

sources: IVD: 1f537014-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-00506 // BID: 57505 // JVNDB: JVNDB-2013-001290 // PACKETSTORM: 119821 // CNNVD: CNNVD-201301-448 // NVD: CVE-2013-0654

REFERENCES

url:	http://www.us-cert.gov/control_systems/pdf/icsa-13-022-02.pdf	Trust: 3.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0654	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0654	Trust: 0.8
url:	http://secunia.com/advisories/51936	Trust: 0.6
url:	http://www.securityfocus.com/bid/57505	Trust: 0.6
url:	http://www.ge-ip.com/products/proficy-hmi-scada-cimplicity/p2819	Trust: 0.3
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=51936	Trust: 0.1
url:	http://secunia.com/advisories/51936/	Trust: 0.1
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/advisories/51936/#comments	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/blog/325/	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2013-00506 // BID: 57505 // JVNDB: JVNDB-2013-001290 // PACKETSTORM: 119821 // CNNVD: CNNVD-201301-448 // NVD: CVE-2013-0654

CREDITS

Vendor reported these issues.

Trust: 0.3

sources: BID: 57505

SOURCES

db:	IVD	id:	1f537014-2353-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2013-00506
db:	BID	id:	57505
db:	JVNDB	id:	JVNDB-2013-001290
db:	PACKETSTORM	id:	119821
db:	CNNVD	id:	CNNVD-201301-448
db:	NVD	id:	CVE-2013-0654

LAST UPDATE DATE

2024-11-23T22:27:29.675000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-00506	date:	2013-01-24T00:00:00
db:	BID	id:	57505	date:	2013-01-22T00:00:00
db:	JVNDB	id:	JVNDB-2013-001290	date:	2013-02-13T00:00:00
db:	CNNVD	id:	CNNVD-201301-448	date:	2013-01-28T00:00:00
db:	NVD	id:	CVE-2013-0654	date:	2024-11-21T01:47:57.213

SOURCES RELEASE DATE

db:	IVD	id:	1f537014-2353-11e6-abef-000c29c66e3d	date:	2013-01-24T00:00:00
db:	CNVD	id:	CNVD-2013-00506	date:	2013-01-24T00:00:00
db:	BID	id:	57505	date:	2013-01-22T00:00:00
db:	JVNDB	id:	JVNDB-2013-001290	date:	2013-01-29T00:00:00
db:	PACKETSTORM	id:	119821	date:	2013-01-25T03:08:56
db:	CNNVD	id:	CNNVD-201301-448	date:	2013-01-24T00:00:00
db:	NVD	id:	CVE-2013-0654	date:	2013-01-27T18:55:03.493