The CIMPLICITY Web-based access component, CimWebServer, does not check
the location of shell files being loaded into the system. By modifying
the source location, an attacker could send shell code to the
CimWebServer which would deploy the nefarious files as part of any SCADA
project. This could allow the attacker to execute arbitrary code.
The CIMPLICITY Web-based access component, CimWebServer, does not check
the location of shell files being loaded into the system. By modifying
the source location, an attacker could send shell code to the
CimWebServer which would deploy the nefarious files as part of any SCADA
project. This could allow the attacker to execute arbitrary code.
GE has produced an update that mitigates one vulnerability and made
configuration changes to mitigate the other. Please reference the
following GE Product Security Advisories for specific information on the
vulnerabilities.
GEIP13-05
To address this vulnerability, all copies of the gefebt.exe files
that are accessible from a Web client must be deleted or moved, so they
are inaccessible. If the production Web configuration currently relies
on gefebt.exe, changes to the server’s Web pages may also be desirable.
The GE Product Security Advisory, which provides additional guidance, is available here: http://support.ge-ip.com/support/index?page=kbchannel&id=KB15939
GEIP13-06
Download Proficy HMI/SCADA - CIMPLICITY 8.2 SIM 24 at: http://support.ge-ip.com/support/index?page=dwchannel&id=DN4128
The GE Product Security Advisory is available here: http://support.ge-ip.com/support/index?page=kbchannel&id=KB15940
Configurations
Workarounds
Exploits
Credits
finder
amisto0x07 and Z0mb1E of Zero Day Initiative (ZDI)
The CIMPLICITY Web-based access component, CimWebServer, does not check
the location of shell files being loaded into the system. By modifying
the source location, an attacker could send shell code to the
CimWebServer which would deploy the nefarious files as part of any SCADA
project. This could allow the attacker to execute arbitrary code.