What is CVE-2016-9360?

CVE-2016-9360 is a medium-severity vulnerability in Ge Cimplicity, classified under Insufficiently Protected Credentials. CVSS score: 6.7/10. Published 2017-02-13.

How severe is CVE-2016-9360?

Medium severity. CVSS v3 base score is 6.7 out of 10.

Vulnerability in Ge Cimplicity

CVE-2016-9360

An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker m…

EPSS: 0.002 (36.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L.

Affected products

Ge Cimplicity
Ge Historian
Ge Ifix
N/a Ge Proficy Hmi/scada Ifix, Cimplicity, And Historian — versions GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian

Weakness classification (CWE)

CWE-522 — Insufficiently Protected Credentials

References

ics-cert@hq.dhs.gov (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)
ics-cert@hq.dhs.gov (US Government Resource, Third Party Advisory, x_refsource_MISC, Mitigation)
ics-cert@hq.dhs.gov (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2016-9360?: CVE-2016-9360 is a medium-severity vulnerability in Ge Cimplicity, classified under Insufficiently Protected Credentials. CVSS score: 6.7/10. Published 2017-02-13.
How severe is CVE-2016-9360?: Medium severity. CVSS v3 base score is 6.7 out of 10.