Details of VAR-201401-0365

ID

VAR-201401-0365

CVE

CVE-2014-0751

TITLE

GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and Proficy Process Systems with CIMPLICITY Vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2014-001258

DESCRIPTION

Directory traversal vulnerability in CimWebServer.exe (aka the WebView component) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted message to TCP port 10212, aka ZDI-CAN-1623. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CimWebServer component. This component performs insufficient parameter validation on the szScreen field. Successful exploitation will allow an attacker to upload and execute an arbitrary file on the target server. GE Proficy CIMPLICITY is a monitoring software developed by GE and one of the industry's leading HMI/SCADA software. GE Proficy CIMPLICITY's CimWebServer based on WEB access fails to properly check the location of shell files loaded into the system. By modifying the source location, an attacker can send shell code to CimWebServer and deploy it to any SCADA project and execute it with WEB privileges. The following products are affected: Proficy HMI/SCADA - CIMPLICITY 4.01 through versions 8.2 Proficy Process Systems with CIMPLICITY

Trust: 3.24

sources: NVD: CVE-2014-0751 // JVNDB: JVNDB-2014-001258 // ZDI: ZDI-14-016 // CNVD: CNVD-2014-00675 // BID: 65117 // IVD: 4369d8b8-2352-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 4369d8b8-2352-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-00675

AFFECTED PRODUCTS

vendor:	ge	model:	intelligent platforms proficy hmi\/scada cimplicity	scope:	eq	version:	7.5	Trust: 1.6
vendor:	ge	model:	intelligent platforms proficy hmi\/scada cimplicity	scope:	eq	version:	8.0	Trust: 1.6
vendor:	ge	model:	intelligent platforms proficy process systems with cimplicity	scope:	eq	version:	-	Trust: 1.6
vendor:	ge	model:	intelligent platforms proficy hmi\/scada cimplicity	scope:	eq	version:	4.01	Trust: 1.6
vendor:	ge	model:	intelligent platforms proficy hmi\/scada cimplicity	scope:	eq	version:	8.2	Trust: 1.6
vendor:	ge	model:	intelligent platforms proficy hmi\/scada cimplicity	scope:	eq	version:	8.1	Trust: 1.6
vendor:	ge	model:	intelligent platforms proficy hmi\%2fscada cimplicity	scope:	lte	version:	8.2	Trust: 1.0
vendor:	general electric	model:	proficy hmi/scada - cimplicity	scope:	eq	version:	4.01 to 8.2	Trust: 0.8
vendor:	general electric	model:	proficy process systems with cimplicity	scope:	-	version:	-	Trust: 0.8
vendor:	ge	model:	proficy cimplicity	scope:	-	version:	-	Trust: 0.7
vendor:	general	model:	electric proficy process systems with cimplicity	scope:	-	version:	-	Trust: 0.6
vendor:	general	model:	electric proficy hmi/scada \342\200\223 cimplicity	scope:	eq	version:	4.01-8.2	Trust: 0.6
vendor:	ge	model:	intelligent platforms proficy hmi\%2fscada cimplicity	scope:	eq	version:	8.2	Trust: 0.6
vendor:	intelligent platforms proficy hmi 2fscada cimplicity	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	intelligent platforms proficy hmi scada cimplicity	model:	-	scope:	eq	version:	4.01	Trust: 0.2
vendor:	intelligent platforms proficy hmi scada cimplicity	model:	-	scope:	eq	version:	7.5	Trust: 0.2
vendor:	intelligent platforms proficy hmi scada cimplicity	model:	-	scope:	eq	version:	8.0	Trust: 0.2
vendor:	intelligent platforms proficy hmi scada cimplicity	model:	-	scope:	eq	version:	8.1	Trust: 0.2
vendor:	intelligent platforms proficy hmi scada cimplicity	model:	-	scope:	eq	version:	8.2	Trust: 0.2
vendor:	intelligent platforms proficy process with cimplicity	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: 4369d8b8-2352-11e6-abef-000c29c66e3d // ZDI: ZDI-14-016 // CNVD: CNVD-2014-00675 // JVNDB: JVNDB-2014-001258 // CNNVD: CNNVD-201401-524 // NVD: CVE-2014-0751

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0751
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-0751
value:	HIGH
Trust: 0.8
ZDI:	CVE-2014-0751
value:	MEDIUM
Trust: 0.7
CNVD:	CNVD-2014-00675
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201401-524
value:	HIGH
Trust: 0.6
IVD:	4369d8b8-2352-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2014-0751
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ZDI:	CVE-2014-0751
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
CNVD:	CNVD-2014-00675
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	4369d8b8-2352-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 4369d8b8-2352-11e6-abef-000c29c66e3d // ZDI: ZDI-14-016 // CNVD: CNVD-2014-00675 // JVNDB: JVNDB-2014-001258 // CNNVD: CNNVD-201401-524 // NVD: CVE-2014-0751

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2014-001258 // NVD: CVE-2014-0751

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-524

TYPE

Path traversal

Trust: 0.8

sources: IVD: 4369d8b8-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201401-524

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001258

PATCH

title:	KB15940	url:	http://support.ge-ip.com/support/index?page=kbchannel&id=KB15940	Trust: 0.8
title:	GE has issued an update to correct this vulnerability.	url:	http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01	Trust: 0.7
title:	Multiple General Electric product shell upload vulnerability patches	url:	https://www.cnvd.org.cn/patchInfo/show/43199	Trust: 0.6

sources: ZDI: ZDI-14-016 // CNVD: CNVD-2014-00675 // JVNDB: JVNDB-2014-001258

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0751	Trust: 4.2
db:	ICS CERT	id:	ICSA-14-023-01	Trust: 3.0
db:	BID	id:	65117	Trust: 1.9
db:	CNVD	id:	CNVD-2014-00675	Trust: 0.8
db:	CNNVD	id:	CNNVD-201401-524	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-001258	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-1623	Trust: 0.7
db:	ZDI	id:	ZDI-14-016	Trust: 0.7
db:	IVD	id:	4369D8B8-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 4369d8b8-2352-11e6-abef-000c29c66e3d // ZDI: ZDI-14-016 // CNVD: CNVD-2014-00675 // BID: 65117 // JVNDB: JVNDB-2014-001258 // CNNVD: CNNVD-201401-524 // NVD: CVE-2014-0751

REFERENCES

url:	http://ics-cert.us-cert.gov/advisories/icsa-14-023-01	Trust: 3.7
url:	http://support.ge-ip.com/support/index?page=kbchannel&id=kb15940	Trust: 1.6
url:	http://www.securityfocus.com/bid/65117	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0751	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0751	Trust: 0.8

sources: ZDI: ZDI-14-016 // CNVD: CNVD-2014-00675 // JVNDB: JVNDB-2014-001258 // CNNVD: CNNVD-201401-524 // NVD: CVE-2014-0751

CREDITS

ZombiE and amisto0x07

Trust: 0.7

sources: ZDI: ZDI-14-016

SOURCES

db:	IVD	id:	4369d8b8-2352-11e6-abef-000c29c66e3d
db:	ZDI	id:	ZDI-14-016
db:	CNVD	id:	CNVD-2014-00675
db:	BID	id:	65117
db:	JVNDB	id:	JVNDB-2014-001258
db:	CNNVD	id:	CNNVD-201401-524
db:	NVD	id:	CVE-2014-0751

LAST UPDATE DATE

2024-11-23T22:46:08.386000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-14-016	date:	2014-02-13T00:00:00
db:	CNVD	id:	CNVD-2014-00675	date:	2014-01-28T00:00:00
db:	BID	id:	65117	date:	2014-02-17T03:56:00
db:	JVNDB	id:	JVNDB-2014-001258	date:	2014-01-28T00:00:00
db:	CNNVD	id:	CNNVD-201401-524	date:	2014-01-28T00:00:00
db:	NVD	id:	CVE-2014-0751	date:	2024-11-21T02:02:44.600

SOURCES RELEASE DATE

db:	IVD	id:	4369d8b8-2352-11e6-abef-000c29c66e3d	date:	2014-01-28T00:00:00
db:	ZDI	id:	ZDI-14-016	date:	2014-02-13T00:00:00
db:	CNVD	id:	CNVD-2014-00675	date:	2014-01-28T00:00:00
db:	BID	id:	65117	date:	2014-01-23T00:00:00
db:	JVNDB	id:	JVNDB-2014-001258	date:	2014-01-28T00:00:00
db:	CNNVD	id:	CNNVD-201401-524	date:	2014-01-28T00:00:00
db:	NVD	id:	CVE-2014-0751	date:	2014-01-25T22:55:04.583