CVE-2016-9360

An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.7 MEDIUM
LOCAL
HIGH
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L
icscertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
gecimplicity
𝑥
≤ 9.0
gehistorian
𝑥
≤ 6.0
geifix
𝑥
≤ 5.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/95630
http://www.securitytracker.com/id/1037809
https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A
http://www.securityfocus.com/bid/95630
http://www.securitytracker.com/id/1037809
https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A