CVE-2014-0750

{"id": "CVE-2014-0750", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-01-25T22:55:04.550", "references": [{"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01", "tags": ["US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "http://support.ge-ip.com/support/index?page=kbchannel&id=KB15939", "tags": ["Vendor Advisory"], "source": "ics-cert@hq.dhs.gov"}, {"url": "http://www.securityfocus.com/bid/65124", "source": "ics-cert@hq.dhs.gov"}, {"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://support.ge-ip.com/support/index?page=kbchannel&id=KB15939", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/65124", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP request, aka ZDI-CAN-1622."}, {"lang": "es", "value": "Vulnerabilidad de recorrido de directorios en gefebt.exe en los componentes WebView CimWeb de GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY hasta 8.2 SIM 24, y Proficy Process Systems with CIMPLICITY, permite a atacantes remotos ejecutar c\u00f3digo de forma arbitraria a trav\u00e9s de una petici\u00f3n HTTP manipulada, tambien conocido como ZDI-CAN-1622."}], "lastModified": "2024-11-21T02:02:44.483", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\%2fscada_cimplicity:*:sim24:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C5EDB9D-01CD-4843-86CD-C834B726ACF1", "versionEndIncluding": "8.2"}, {"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:4.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C0B8CA7-2161-4603-B844-DE6C079DF36F"}, {"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3BACB11-5CD3-4CA6-9C56-D71628CADF0F"}, {"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90538C50-38BD-4EE5-BD30-96E2E2951FE3"}, {"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB261867-B9B1-4D3D-B2DE-3CC3164EFD06"}, {"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "559DCD7A-0745-4D4C-A77A-83240EF6C510"}, {"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_process_systems_with_cimplicity:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD9711EA-2C95-41FA-8827-01FCB0ED4B06"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}