CVE-2014-0751

The CIMPLICITY Web-based access component, CimWebServer, does not check 
the location of shell files being loaded into the system. By modifying 
the source location, an attacker could send shell code to the 
CimWebServer which would deploy the nefarious files as part of any SCADA
 project. This could allow the attacker to execute arbitrary code.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
icscertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
VendorProductVersion
geintelligent_platforms_proficy_hmi\%2fscada_cimplicity
𝑥
≤ 8.2
geintelligent_platforms_proficy_hmi\/scada_cimplicity
4.01
geintelligent_platforms_proficy_hmi\/scada_cimplicity
7.5
geintelligent_platforms_proficy_hmi\/scada_cimplicity
8.0
geintelligent_platforms_proficy_hmi\/scada_cimplicity
8.1
geintelligent_platforms_proficy_hmi\/scada_cimplicity
8.2
geintelligent_platforms_proficy_process_systems_with_cimplicity
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://support.ge-ip.com/support/index?page=kbchannel&id=KB15939
http://www.securityfocus.com/bid/65124
https://www.cisa.gov/news-events/ics-advisories/icsa-14-023-01
http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01
http://support.ge-ip.com/support/index?page=kbchannel&id=KB15940
http://www.securityfocus.com/bid/65117