CVE-2013-2785 - OpenCVE

Multiple buffer overflows in CimWebServer.exe in the WebView component in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.0 SIM 27, 8.1 before SIM 25, and 8.2 before SIM 19, and Proficy Process Systems with CIMPLICITY, allow remote attackers to execute arbitrary code via crafted data in packets to TCP port 10212, aka ZDI-CAN-1621 and ZDI-CAN-1624.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ge	Intelligent Platforms Proficy Hmi\/scada Cimplicity Intelligent Platforms Proficy Process Systems With Cimplicity

Configuration 1 [-]

OR	cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\/scada_cimplicity:8.0:::::::*
	cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\/scada_cimplicity:8.1:::::::*
	cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\/scada_cimplicity:8.2:::::::*
	cpe:2.3:a:ge:intelligent_platforms_proficy_process_systems_with_cimplicity:-:::::::*

No data.

References

Link	Providers
http://ics-cert.us-cert.gov/advisories/ICSA-13-170-01
http://support.ge-ip.com/support/index?page=kbchannel&id=KB15602

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2013-07-31T10:00:00Z

Updated: 2024-09-16T22:24:45.426Z

Reserved: 2013-04-11T00:00:00Z

Link: CVE-2013-2785

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2013-07-31T13:20:28.707

Modified: 2013-07-31T13:20:28.707

Link: CVE-2013-2785

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in CimWebServer.exe in the WebView component in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.0 SIM 27, 8.1 before SIM 25, and 8.2 before SIM 19, and Proficy Process Systems with CIMPLICITY, allow remote attackers to execute arbitrary code via crafted data in packets to TCP port 10212, aka ZDI-CAN-1621 and ZDI-CAN-1624."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-07-31T10:00:00Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-170-01"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.ge-ip.com/support/index?page=kbchannel&id=KB15602"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2013-2785", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple buffer overflows in CimWebServer.exe in the WebView component in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.0 SIM 27, 8.1 before SIM 25, and 8.2 before SIM 19, and Proficy Process Systems with CIMPLICITY, allow remote attackers to execute arbitrary code via crafted data in packets to TCP port 10212, aka ZDI-CAN-1621 and ZDI-CAN-1624."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-170-01", "refsource": "MISC", "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-170-01"}, {"name": "http://support.ge-ip.com/support/index?page=kbchannel&id=KB15602", "refsource": "CONFIRM", "url": "http://support.ge-ip.com/support/index?page=kbchannel&id=KB15602"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:44:33.660Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-170-01"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.ge-ip.com/support/index?page=kbchannel&id=KB15602"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2013-2785", "datePublished": "2013-07-31T10:00:00Z", "dateReserved": "2013-04-11T00:00:00Z", "dateUpdated": "2024-09-16T22:24:45.426Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "90538C50-38BD-4EE5-BD30-96E2E2951FE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "CB261867-B9B1-4D3D-B2DE-3CC3164EFD06", "vulnerable": true}, {"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "559DCD7A-0745-4D4C-A77A-83240EF6C510", "vulnerable": true}, {"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_process_systems_with_cimplicity:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD9711EA-2C95-41FA-8827-01FCB0ED4B06", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in CimWebServer.exe in the WebView component in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.0 SIM 27, 8.1 before SIM 25, and 8.2 before SIM 19, and Proficy Process Systems with CIMPLICITY, allow remote attackers to execute arbitrary code via crafted data in packets to TCP port 10212, aka ZDI-CAN-1621 and ZDI-CAN-1624."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de desbordamiento de b\u00fafer en GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY anterior a 8.0 SIM 27, 8.1 anterior a SIM 25, y 8.2 anterior a SIM 19, y Proficy Process Systems con CIMPLICITY, permite a atacantes remotos la ejecuci\u00f3n de c\u00f3digo arbitrario a trav\u00e9s de datos manipulados en paquetes TCP hacia el puerto 10212. Aka ZDI-CAN-1621 y ZDI-CAN-1624."}], "id": "CVE-2013-2785", "lastModified": "2013-07-31T13:20:28.707", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-07-31T13:20:28.707", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["US Government Resource"], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-170-01"}, {"source": "ics-cert@hq.dhs.gov", "url": "http://support.ge-ip.com/support/index?page=kbchannel&id=KB15602"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}