Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2014-0751
PUBLISHED
More InfoOfficial Page
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
View Known Exploited Vulnerability (KEV) details
Published At-25 Jan, 2014 | 22:00
Updated At-22 Aug, 2025 | 22:51
Rejected At-
▼CVE Numbering Authority (CNA)
GE Proficy HMI/SCADA Path Traversal

The CIMPLICITY Web-based access component, CimWebServer, does not check the location of shell files being loaded into the system. By modifying the source location, an attacker could send shell code to the CimWebServer which would deploy the nefarious files as part of any SCADA project. This could allow the attacker to execute arbitrary code.

Affected Products
Vendor
GE
Product
Proficy HMI/SCADA - CIMPLICITY
Default Status
unaffected
Versions
Affected
  • From 4.01 before 8.2 (custom)
Vendor
GE
Product
Proficy Process Systems with CIMPLICITY
Default Status
unaffected
Versions
Affected
  • all versions
Problem Types
TypeCWE IDDescription
CWECWE-22CWE-22
Metrics
VersionBase scoreBase severityVector
2.06.8N/A
AV:N/AC:M/Au:N/C:P/I:P/A:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

GE has produced an update that mitigates one vulnerability and made configuration changes to mitigate the other. Please reference the following GE Product Security Advisories for specific information on the vulnerabilities. GEIP13-05 To address this vulnerability, all copies of the gefebt.exe files that are accessible from a Web client must be deleted or moved, so they are inaccessible. If the production Web configuration currently relies on gefebt.exe, changes to the server’s Web pages may also be desirable. The GE Product Security Advisory, which provides additional guidance, is available here:  http://support.ge-ip.com/support/index?page=kbchannel&id=KB15939 GEIP13-06 Download Proficy HMI/SCADA - CIMPLICITY 8.2 SIM 24 at:  http://support.ge-ip.com/support/index?page=dwchannel&id=DN4128 The GE Product Security Advisory is available here:  http://support.ge-ip.com/support/index?page=kbchannel&id=KB15940

Configurations
Workarounds
Exploits
Credits
finder
amisto0x07 and Z0mb1E of Zero Day Initiative (ZDI)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/news-events/ics-advisories/icsa-14-023-01
N/A
http://support.ge-ip.com/support/index?page=kbchannel&id=KB15939
x_refsource_CONFIRM
http://www.securityfocus.com/bid/65124
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01
x_refsource_MISC
x_transferred
http://support.ge-ip.com/support/index?page=kbchannel&id=KB15940
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/65117
vdb-entry
x_refsource_BID
x_transferred
Details not found