{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Proficy HMI/SCADA\u2013CIMPLICITY", "vendor": "GE", "versions": [{"lessThanOrEqual": "8.2", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Said Arfi"}], "datePublic": "2015-01-13T07:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file.</p>"}], "value": "The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file."}], "metrics": [{"cvssV2_0": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-10-03T17:01:02.978Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-289-02"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>GE recommends that asset owners apply product updates to Proficy \nHMI/SCADA\u2013CIMPLICITY Versions 8.1 and 8.2. The following product updates\n address the memory access violation vulnerability:</p><p>Proficy HMI/SCADA \u2013 CIMPLICITY 8.1 SIM 29 (DN4219) available at:&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"http://support.ge-ip.com/support/index?page=dwchannel&amp;id=DN4219\">http://support.ge-ip.com/support/index?page=dwchannel&amp;id=DN4219</a></p><p>Proficy HMI/SCADA\u2013CIMPLICITY 8.2 SIM 26 (DN4197) available at:&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"http://support.ge-ip.com/support/index?page=dwchannel&amp;id=DN4197\">http://support.ge-ip.com/support/index?page=dwchannel&amp;id=DN4197</a></p>\n\n<br>"}], "value": "GE recommends that asset owners apply product updates to Proficy \nHMI/SCADA\u2013CIMPLICITY Versions 8.1 and 8.2. The following product updates\n address the memory access violation vulnerability:\n\nProficy HMI/SCADA \u2013 CIMPLICITY 8.1 SIM 29 (DN4219) available at:\u00a0 http://support.ge-ip.com/support/index?page=dwchannel&id=DN4219 \n\nProficy HMI/SCADA\u2013CIMPLICITY 8.2 SIM 26 (DN4197) available at:\u00a0 http://support.ge-ip.com/support/index?page=dwchannel&id=DN4197"}], "source": {"advisory": "ICSA-14-289-02", "discovery": "EXTERNAL"}, "title": "GE Proficy HMI/SCADA CIMPLICITY CimView", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>In cases where upgrading is not feasible, GE advises asset owners \nusing CIMPLICITY versions prior to 8.1 to consider using the following \nrecommendations that may mitigate or eliminate the impact of the \nvulnerability:</p>\n<ul>\n<li>Take steps to properly secure and protect stored CIMPLICITY screen files (.CIM).</li>\n<li>Avoid using .CIM files received from unknown sources.</li>\n<li>Avoid sending unprotected .CIM files over unencrypted networks or public Internet.</li>\n<li>Consider using a strong hashing algorithm to validate integrity of \ncreated .CIM files and ensure they have not been tampered with over \ntime.</li>\n</ul>\n\n<br>"}], "value": "In cases where upgrading is not feasible, GE advises asset owners \nusing CIMPLICITY versions prior to 8.1 to consider using the following \nrecommendations that may mitigate or eliminate the impact of the \nvulnerability:\n\n\n\n * Take steps to properly secure and protect stored CIMPLICITY screen files (.CIM).\n\n * Avoid using .CIM files received from unknown sources.\n\n * Avoid sending unprotected .CIM files over unencrypted networks or public Internet.\n\n * Consider using a strong hashing algorithm to validate integrity of \ncreated .CIM files and ensure they have not been tampered with over \ntime."}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2014-2355", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-289-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-289-02"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:14:25.389Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-289-02"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2014-2355", "datePublished": "2015-01-17T02:00:00", "dateReserved": "2014-03-13T00:00:00", "dateUpdated": "2025-10-03T17:01:02.978Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:*:*:*:*:*:*:*:*", "matchCriteriaId": "05C547A7-08D0-475E-BD24-57CC3DF2F89E", "versionEndIncluding": "8.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file."}, {"lang": "es", "value": "Los componentes (1) CimView y (2) CimEdit en GE Proficy HMI/SCADA-CIMPLICITY 8.2 y anteriores permiten a atacantes remotos ganar privilegios a trav\u00e9s de un fichero de pantalla CIMPLICITY manipulado (tambi\u00e9n conocido como .CIM)."}], "id": "CVE-2014-2355", "lastModified": "2025-10-03T17:15:45.633", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 2.7, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "ics-cert@hq.dhs.gov", "type": "Secondary", "userInteractionRequired": true}, {"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2015-01-17T02:59:00.067", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-289-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-289-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}

{}