Path Traversal in Ge Intelligent_platforms_proficy_hmi\%2fscada_cimplicity

CVE-2014-0751

The CIMPLICITY Web-based access component, CimWebServer, does not check the location of shell files being loaded into the system. By modifying the source location, an attacker could send shell code to the CimWebServer which would deploy…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.031 (85.9th percentile) — read the EPSS interpretation.

Affected products

Ge Intelligent_platforms_proficy_hmi\%2fscada_cimplicity
Ge Intelligent_platforms_proficy_hmi\/scada_cimplicity — versions 4.01, 7.5, 8.0
Ge Intelligent_platforms_proficy_process_systems_with_cimplicity
Ge Proficy Hmi/scada - Cimplicity — versions 4.01
Ge Proficy Process Systems With Cimplicity — versions all versions

Weakness classification (CWE)

CWE-22 — Path Traversal

References

ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov (x_refsource_CONFIRM)
65124 (vdb-entry, x_refsource_BID)
af854a3a-2127-422b-91ae-364da2661108
af854a3a-2127-422b-91ae-364da2661108 (Vendor Advisory)
af854a3a-2127-422b-91ae-364da2661108