CVE-2014-0751

The CIMPLICITY Web-based access component, CimWebServer, does not check 
the location of shell files being loaded into the system. By modifying 
the source location, an attacker could send shell code to the 
CimWebServer which would deploy the nefarious files as part of any SCADA
 project. This could allow the attacker to execute arbitrary code.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
icscertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
geintelligent_platforms_proficy_hmi\%2fscada_cimplicity
𝑥
≤ 8.2
geintelligent_platforms_proficy_hmi\/scada_cimplicity
4.01
geintelligent_platforms_proficy_hmi\/scada_cimplicity
7.5
geintelligent_platforms_proficy_hmi\/scada_cimplicity
8.0
geintelligent_platforms_proficy_hmi\/scada_cimplicity
8.1
geintelligent_platforms_proficy_hmi\/scada_cimplicity
8.2
geintelligent_platforms_proficy_process_systems_with_cimplicity
-
𝑥
= Vulnerable software versions