CVE-2016-9360

EUVD-2016-10170
An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
Affected Products (NVD)
VendorProductVersion
gecimplicity
𝑥
≤ 9.0
gehistorian
𝑥
≤ 6.0
geifix
𝑥
≤ 5.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/95630
http://www.securitytracker.com/id/1037809
https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A
http://www.securityfocus.com/bid/95630
http://www.securitytracker.com/id/1037809
https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A