← back
CVE-2014-0750

GE Proficy HMI/SCADA Path Traversal

CVSS 7.5 EPSS 70.2%CWE-22
Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP request, aka ZDI-CAN-1622.
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected products
GE · Proficy HMI/SCADA - CIMPLICITYGE · Proficy Process Systems with CIMPLICITY
public PoCs found1
exploitdbwww.exploit-db.com/exploits/31987unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01http://support.ge-ip.com/support/index?page=kbchannel&id=KB15939https://www.cisa.gov/news-events/ics-advisories/icsa-14-023-01http://www.securityfocus.com/bid/65124