CVE-2017-12732 - OpenCVE

A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution.

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Adjacent Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:A/AC:M/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ge	Intelligent Platforms Proficy Hmi\/scada Cimplicity

Configuration 1 [-]

cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\/scada_cimplicity:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/101174
https://ics-cert.us-cert.gov/advisories/ICSA-17-278-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2017-10-05T21:00:00

Updated: 2024-08-05T18:43:56.655Z

Reserved: 2017-08-09T00:00:00

Link: CVE-2017-12732

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-10-05T21:29:00.193

Modified: 2019-10-09T23:23:13.263

Link: CVE-2017-12732

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "GE CIMPLICITY", "vendor": "n/a", "versions": [{"status": "affected", "version": "GE CIMPLICITY"}]}], "datePublic": "2017-10-05T00:00:00", "descriptions": [{"lang": "en", "value": "A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-10-06T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"name": "101174", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101174"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-278-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-12732", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "GE CIMPLICITY", "version": {"version_data": [{"version_value": "GE CIMPLICITY"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-121"}]}]}, "references": {"reference_data": [{"name": "101174", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101174"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-278-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-278-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:43:56.655Z"}, "title": "CVE Program Container", "references": [{"name": "101174", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/101174"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-278-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-12732", "datePublished": "2017-10-05T21:00:00", "dateReserved": "2017-08-09T00:00:00", "dateUpdated": "2024-08-05T18:43:56.655Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:*:*:*:*:*:*:*:*", "matchCriteriaId": "B564FF18-1D4F-4891-86D2-BEF68550B5B0", "versionEndIncluding": "9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution."}, {"lang": "es", "value": "Se ha descubierto un problema de desbordamiento de b\u00fafer basado en pila en GE CIMPLICITY en versiones 1.6.30.144 y anteriores. Un funci\u00f3n lee un paquete para indicar la longitud del siguiente paquete. Dicha longitud no se verifica, permitiendo que se sobrescriba el b\u00fafer provocando una ejecuci\u00f3n remota de c\u00f3digo arbitrario en consecuencia."}], "id": "CVE-2017-12732", "lastModified": "2019-10-09T23:23:13.263", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-05T21:29:00.193", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101174"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-278-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-121"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}