Find a vulnerability
Search criteria
300 vulnerabilities by GE
VAR-201501-0439
Vulnerability from variot - Updated: 2025-11-19 23:16GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key across different customers' installations, which makes it easier for remote attackers to obtain the cleartext content of network traffic by reading this key from a firmware image and then sniffing the network. The General Electric Company is the world's largest manufacturer of electrical equipment, electrical and electronic equipment. Multiple General Electric (GE) products have security vulnerabilities that allow an attacker to exploit this vulnerability to obtain sensitive information, perform unauthorized operations, or initiate a denial of service attack. This may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0439",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "multilink ml2400",
"scope": "eq",
"trust": 1.2,
"vendor": "ge",
"version": null
},
{
"model": "multilink ml800",
"scope": "eq",
"trust": 1.2,
"vendor": "ge",
"version": null
},
{
"model": "multilink ml1600",
"scope": "eq",
"trust": 1.2,
"vendor": "ge",
"version": null
},
{
"model": "multilink ml1200",
"scope": "eq",
"trust": 1.2,
"vendor": "ge",
"version": null
},
{
"model": "multilink ml810",
"scope": "eq",
"trust": 1.2,
"vendor": "ge",
"version": null
},
{
"model": "multilink ml3100",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": "*"
},
{
"model": "multilink ml810",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "5.2.0"
},
{
"model": "multilink ml3100",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "5.2.0"
},
{
"model": "multilink ml2400",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml1600",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml1200",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml3000",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": "*"
},
{
"model": "multilink ml3000",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "5.2.0"
},
{
"model": "multilink ml800",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml1200",
"scope": "eq",
"trust": 0.8,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml3100",
"scope": "eq",
"trust": 0.8,
"vendor": "ge",
"version": "5.2.0"
},
{
"model": "multilink ml2400",
"scope": "eq",
"trust": 0.8,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml3000",
"scope": "eq",
"trust": 0.8,
"vendor": "ge",
"version": "5.2.0"
},
{
"model": "multilink ml810",
"scope": "eq",
"trust": 0.8,
"vendor": "ge",
"version": "5.2.0"
},
{
"model": "multilink ml800",
"scope": "eq",
"trust": 0.8,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml1600",
"scope": "eq",
"trust": 0.8,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml1200",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink ml1200",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "4.2.1"
},
{
"model": "multilink ml1600",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink ml1600",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "4.2.1"
},
{
"model": "multilink ml2400",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink ml2400",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "4.2.1"
},
{
"model": "multilink ml3000",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink ml3000",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "5.2.0"
},
{
"model": "multilink ml3100",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink ml3100",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "5.2.0"
},
{
"model": "multilink ml800",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink ml800",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "4.2.1"
},
{
"model": "multilink ml810",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink ml810",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "5.2.0"
},
{
"model": "electric ge multilink ml800",
"scope": null,
"trust": 0.6,
"vendor": "general",
"version": null
},
{
"model": "electric ge multilink ml1200",
"scope": null,
"trust": 0.6,
"vendor": "general",
"version": null
},
{
"model": "electric ge multilink ml1600",
"scope": null,
"trust": 0.6,
"vendor": "general",
"version": null
},
{
"model": "electric ge multilink ml2400 switches with",
"scope": "eq",
"trust": 0.6,
"vendor": "general",
"version": "4.2.1"
},
{
"model": "electric ge multilink ml810",
"scope": null,
"trust": 0.6,
"vendor": "general",
"version": null
},
{
"model": "electric ge multilink ml3000",
"scope": null,
"trust": 0.6,
"vendor": "general",
"version": null
},
{
"model": "electric ge multilink ml3100 switches with",
"scope": "eq",
"trust": 0.6,
"vendor": "general",
"version": "5.2.0"
},
{
"model": "electric multilink ml810",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "5.1"
},
{
"model": "electric multilink ml800",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "4.2"
},
{
"model": "electric multilink ml3100",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "5.1"
},
{
"model": "electric multilink ml3000",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "5.1"
},
{
"model": "electric multilink ml2400",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "4.2"
},
{
"model": "electric multilink ml1600",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "4.2"
},
{
"model": "electric multilink ml1200",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "4.2"
},
{
"model": "electric multilink ml810",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "5.2"
},
{
"model": "electric multilink ml800",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "4.2.1"
},
{
"model": "electric multilink ml3100",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "5.2"
},
{
"model": "electric multilink ml3000",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "5.2"
},
{
"model": "electric multilink ml2400",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "4.2.1"
},
{
"model": "electric multilink ml1600",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "4.2.1"
},
{
"model": "electric multilink ml1200",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "4.2.1"
},
{
"model": "multilink ml3000",
"scope": null,
"trust": 0.2,
"vendor": "ge",
"version": null
},
{
"model": "multilink ml3100",
"scope": null,
"trust": 0.2,
"vendor": "ge",
"version": null
},
{
"model": "multilink ml800/ml1200//ml1600/ml2400",
"scope": "lte",
"trust": 0.2,
"vendor": "ge",
"version": "\u003c=4.2.1"
},
{
"model": "multilink ml810/ml3000//ml3100",
"scope": "lte",
"trust": 0.2,
"vendor": "ge",
"version": "\u003c=5.2.0"
}
],
"sources": [
{
"db": "IVD",
"id": "a90487d2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00451"
},
{
"db": "BID",
"id": "72069"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-348"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007735"
},
{
"db": "NVD",
"id": "CVE-2014-5419"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:ge:multilink_ml1200",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml1200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:multilink_ml1600",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml1600_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:multilink_ml2400",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml2400_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:multilink_ml3000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml3000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:multilink_ml3100",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml3100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:multilink_ml800",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml800_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:multilink_ml810",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml810_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007735"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Eireann Leverett of IOActive",
"sources": [
{
"db": "BID",
"id": "72069"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-348"
}
],
"trust": 0.9
},
"cve": "CVE-2014-5419",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-5419",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-5419",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-00451",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "a90487d2-2351-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-73360",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2014-5419",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-5419",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-5419",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-00451",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201501-348",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "a90487d2-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-73360",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a90487d2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00451"
},
{
"db": "VULHUB",
"id": "VHN-73360"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-348"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007735"
},
{
"db": "NVD",
"id": "CVE-2014-5419"
},
{
"db": "NVD",
"id": "CVE-2014-5419"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key across different customers\u0027 installations, which makes it easier for remote attackers to obtain the cleartext content of network traffic by reading this key from a firmware image and then sniffing the network. The General Electric Company is the world\u0027s largest manufacturer of electrical equipment, electrical and electronic equipment. Multiple General Electric (GE) products have security vulnerabilities that allow an attacker to exploit this vulnerability to obtain sensitive information, perform unauthorized operations, or initiate a denial of service attack. This may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5419"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007735"
},
{
"db": "CNVD",
"id": "CNVD-2015-00451"
},
{
"db": "BID",
"id": "72069"
},
{
"db": "IVD",
"id": "a90487d2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-73360"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-5419",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-013-04",
"trust": 3.4
},
{
"db": "BID",
"id": "72069",
"trust": 1.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-013-04A",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201501-348",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-00451",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007735",
"trust": 0.8
},
{
"db": "IVD",
"id": "A90487D2-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-73360",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a90487d2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00451"
},
{
"db": "VULHUB",
"id": "VHN-73360"
},
{
"db": "BID",
"id": "72069"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-348"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007735"
},
{
"db": "NVD",
"id": "CVE-2014-5419"
}
]
},
"id": "VAR-201501-0439",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a90487d2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00451"
},
{
"db": "VULHUB",
"id": "VHN-73360"
}
],
"trust": 1.5322115600000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "a90487d2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00451"
}
]
},
"last_update_date": "2025-11-19T23:16:34.117000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RSA Private Key \u0026 DoS Vulnerabilty",
"trust": 0.8,
"url": "http://www.gedigitalenergy.com/products/support/multilink/MLSB1214.pdf"
},
{
"title": "Patches with built-in key security bypass vulnerabilities for multiple General Electric (GE) products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/54111"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00451"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007735"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
},
{
"problemtype": "CWE-321",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73360"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007735"
},
{
"db": "NVD",
"id": "CVE-2014-5419"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-013-04"
},
{
"trust": 1.7,
"url": "http://www.gedigitalenergy.com/products/support/multilink/mlsb1214.pdf"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/72069"
},
{
"trust": 1.0,
"url": "https://github.com/cisagov/csaf/blob/develop/csaf_files/ot/white/2015/icsa-15-013-04a.json"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-013-04a"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5419"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5419"
},
{
"trust": 0.3,
"url": "http://www.ge.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00451"
},
{
"db": "VULHUB",
"id": "VHN-73360"
},
{
"db": "BID",
"id": "72069"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-348"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007735"
},
{
"db": "NVD",
"id": "CVE-2014-5419"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a90487d2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00451"
},
{
"db": "VULHUB",
"id": "VHN-73360"
},
{
"db": "BID",
"id": "72069"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-348"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007735"
},
{
"db": "NVD",
"id": "CVE-2014-5419"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-21T00:00:00",
"db": "IVD",
"id": "a90487d2-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00451"
},
{
"date": "2015-01-17T00:00:00",
"db": "VULHUB",
"id": "VHN-73360"
},
{
"date": "2015-01-13T00:00:00",
"db": "BID",
"id": "72069"
},
{
"date": "2015-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-348"
},
{
"date": "2015-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007735"
},
{
"date": "2015-01-17T02:59:02.600000",
"db": "NVD",
"id": "CVE-2014-5419"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00451"
},
{
"date": "2015-01-21T00:00:00",
"db": "VULHUB",
"id": "VHN-73360"
},
{
"date": "2015-01-13T00:00:00",
"db": "BID",
"id": "72069"
},
{
"date": "2015-01-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-348"
},
{
"date": "2015-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007735"
},
{
"date": "2025-11-05T00:15:34.213000",
"db": "NVD",
"id": "CVE-2014-5419"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-348"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural GE MultiLink ML Series Switch Firmware Vulnerability to Retrieve Plain Text Content of Network Traffic",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007735"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-348"
}
],
"trust": 0.6
}
}
VAR-201501-0438
Vulnerability from variot - Updated: 2025-11-19 23:16GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier allow remote attackers to cause a denial of service (resource consumption or reboot) via crafted packets. The General Electric Company is the world's largest manufacturer of electrical equipment, electrical and electronic equipment. Multiple General Electric (GE) products have a denial of service vulnerability that allows an attacker to exploit a vulnerability to submit a special message to consume switch resources and restart the device. An attacker can exploit this issue to exhaust the switch resources and cause the device to reboot; causing denial-of-service condition. There are security vulnerabilities in several GE switches
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0438",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "multilink ml1600",
"scope": "eq",
"trust": 1.2,
"vendor": "ge",
"version": null
},
{
"model": "multilink ml2400",
"scope": "eq",
"trust": 1.2,
"vendor": "ge",
"version": null
},
{
"model": "multilink ml800",
"scope": "eq",
"trust": 1.2,
"vendor": "ge",
"version": null
},
{
"model": "multilink ml1200",
"scope": "eq",
"trust": 1.2,
"vendor": "ge",
"version": null
},
{
"model": "multilink ml810",
"scope": "eq",
"trust": 1.2,
"vendor": "ge",
"version": null
},
{
"model": "multilink ml810",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "5.2.0"
},
{
"model": "multilink ml3100",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": "*"
},
{
"model": "multilink ml3100",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "5.2.0"
},
{
"model": "multilink ml2400",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml1600",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml1200",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml3000",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": "*"
},
{
"model": "multilink ml3000",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "5.2.0"
},
{
"model": "multilink ml800",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml3100",
"scope": "eq",
"trust": 0.8,
"vendor": "ge",
"version": "5.2.0"
},
{
"model": "multilink ml1200",
"scope": "eq",
"trust": 0.8,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml1600",
"scope": "eq",
"trust": 0.8,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml2400",
"scope": "eq",
"trust": 0.8,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml3000",
"scope": "eq",
"trust": 0.8,
"vendor": "ge",
"version": "5.2.0"
},
{
"model": "multilink ml810",
"scope": "eq",
"trust": 0.8,
"vendor": "ge",
"version": "5.2.0"
},
{
"model": "multilink ml800",
"scope": "eq",
"trust": 0.8,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml1200",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink ml1200",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "4.2.1"
},
{
"model": "multilink ml1600",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink ml1600",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "4.2.1"
},
{
"model": "multilink ml2400",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink ml2400",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "4.2.1"
},
{
"model": "multilink ml3000",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink ml3000",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "5.2.0"
},
{
"model": "multilink ml3100",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink ml3100",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "5.2.0"
},
{
"model": "multilink ml800",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink ml800",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "4.2.1"
},
{
"model": "multilink ml810",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink ml810",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "5.2.0"
},
{
"model": "electric ge multilink ml800",
"scope": null,
"trust": 0.6,
"vendor": "general",
"version": null
},
{
"model": "electric ge multilink ml1200",
"scope": null,
"trust": 0.6,
"vendor": "general",
"version": null
},
{
"model": "electric ge multilink ml1600",
"scope": null,
"trust": 0.6,
"vendor": "general",
"version": null
},
{
"model": "electric ge multilink ml2400 switches with",
"scope": "eq",
"trust": 0.6,
"vendor": "general",
"version": "4.2.1"
},
{
"model": "electric ge multilink ml810",
"scope": null,
"trust": 0.6,
"vendor": "general",
"version": null
},
{
"model": "electric ge multilink ml3000",
"scope": null,
"trust": 0.6,
"vendor": "general",
"version": null
},
{
"model": "electric ge multilink ml3100 switches with",
"scope": "eq",
"trust": 0.6,
"vendor": "general",
"version": "5.2.0"
},
{
"model": "electric multilink ml810",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "5.1"
},
{
"model": "electric multilink ml800",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "4.2"
},
{
"model": "electric multilink ml3100",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "5.1"
},
{
"model": "electric multilink ml3000",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "5.1"
},
{
"model": "electric multilink ml2400",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "4.2"
},
{
"model": "electric multilink ml1600",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "4.2"
},
{
"model": "electric multilink ml1200",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "4.2"
},
{
"model": "electric multilink ml810",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "5.2"
},
{
"model": "electric multilink ml800",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "4.2.1"
},
{
"model": "electric multilink ml3100",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "5.2"
},
{
"model": "electric multilink ml3000",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "5.2"
},
{
"model": "electric multilink ml2400",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "4.2.1"
},
{
"model": "electric multilink ml1600",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "4.2.1"
},
{
"model": "electric multilink ml1200",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "4.2.1"
},
{
"model": "multilink ml3000",
"scope": null,
"trust": 0.2,
"vendor": "ge",
"version": null
},
{
"model": "multilink ml3100",
"scope": null,
"trust": 0.2,
"vendor": "ge",
"version": null
},
{
"model": "multilink ml810/ml3000//ml3100",
"scope": "lte",
"trust": 0.2,
"vendor": "ge",
"version": "\u003c=5.2.0"
},
{
"model": "multilink ml800/ml1200/ml1600/ml2400",
"scope": "lte",
"trust": 0.2,
"vendor": "ge",
"version": "\u003c=4.2.1"
}
],
"sources": [
{
"db": "IVD",
"id": "a9025e9e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00450"
},
{
"db": "BID",
"id": "72066"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007734"
},
{
"db": "NVD",
"id": "CVE-2014-5418"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:ge:multilink_ml1200",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml1200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:multilink_ml1600",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml1600_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:multilink_ml2400",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml2400_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:multilink_ml3000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml3000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:multilink_ml3100",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml3100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:multilink_ml800",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml800_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:multilink_ml810",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml810_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007734"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Eireann Leverett of IOActive",
"sources": [
{
"db": "BID",
"id": "72066"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-349"
}
],
"trust": 0.9
},
"cve": "CVE-2014-5418",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-5418",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-5418",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-00450",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "a9025e9e-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-73359",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2014-5418",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-5418",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-5418",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-00450",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201501-349",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "a9025e9e-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-73359",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a9025e9e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00450"
},
{
"db": "VULHUB",
"id": "VHN-73359"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007734"
},
{
"db": "NVD",
"id": "CVE-2014-5418"
},
{
"db": "NVD",
"id": "CVE-2014-5418"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier allow remote attackers to cause a denial of service (resource consumption or reboot) via crafted packets. The General Electric Company is the world\u0027s largest manufacturer of electrical equipment, electrical and electronic equipment. Multiple General Electric (GE) products have a denial of service vulnerability that allows an attacker to exploit a vulnerability to submit a special message to consume switch resources and restart the device. \nAn attacker can exploit this issue to exhaust the switch resources and cause the device to reboot; causing denial-of-service condition. There are security vulnerabilities in several GE switches",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5418"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007734"
},
{
"db": "CNVD",
"id": "CNVD-2015-00450"
},
{
"db": "BID",
"id": "72066"
},
{
"db": "IVD",
"id": "a9025e9e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-73359"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-5418",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-013-04",
"trust": 3.4
},
{
"db": "BID",
"id": "72066",
"trust": 1.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-013-04A",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201501-349",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-00450",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007734",
"trust": 0.8
},
{
"db": "IVD",
"id": "A9025E9E-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-73359",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a9025e9e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00450"
},
{
"db": "VULHUB",
"id": "VHN-73359"
},
{
"db": "BID",
"id": "72066"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007734"
},
{
"db": "NVD",
"id": "CVE-2014-5418"
}
]
},
"id": "VAR-201501-0438",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a9025e9e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00450"
},
{
"db": "VULHUB",
"id": "VHN-73359"
}
],
"trust": 1.5322115600000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "a9025e9e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00450"
}
]
},
"last_update_date": "2025-11-19T23:16:34.076000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RSA Private Key \u0026 DoS Vulnerabilty",
"trust": 0.8,
"url": "http://www.gedigitalenergy.com/products/support/multilink/MLSB1214.pdf"
},
{
"title": "Patches for denial of service vulnerabilities in multiple General Electric (GE) products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/54201"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00450"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007734"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
},
{
"problemtype": "CWE-400",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73359"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007734"
},
{
"db": "NVD",
"id": "CVE-2014-5418"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-013-04"
},
{
"trust": 1.7,
"url": "http://www.gedigitalenergy.com/products/support/multilink/mlsb1214.pdf"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5418"
},
{
"trust": 1.0,
"url": "https://github.com/cisagov/csaf/blob/develop/csaf_files/ot/white/2015/icsa-15-013-04a.json"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-013-04a"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5418"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/72066/"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/72066"
},
{
"trust": 0.3,
"url": "http://www.ge.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00450"
},
{
"db": "VULHUB",
"id": "VHN-73359"
},
{
"db": "BID",
"id": "72066"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007734"
},
{
"db": "NVD",
"id": "CVE-2014-5418"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a9025e9e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00450"
},
{
"db": "VULHUB",
"id": "VHN-73359"
},
{
"db": "BID",
"id": "72066"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007734"
},
{
"db": "NVD",
"id": "CVE-2014-5418"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-21T00:00:00",
"db": "IVD",
"id": "a9025e9e-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00450"
},
{
"date": "2015-01-17T00:00:00",
"db": "VULHUB",
"id": "VHN-73359"
},
{
"date": "2015-01-13T00:00:00",
"db": "BID",
"id": "72066"
},
{
"date": "2015-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-349"
},
{
"date": "2015-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007734"
},
{
"date": "2015-01-17T02:59:01.223000",
"db": "NVD",
"id": "CVE-2014-5418"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00450"
},
{
"date": "2015-01-21T00:00:00",
"db": "VULHUB",
"id": "VHN-73359"
},
{
"date": "2015-01-13T00:00:00",
"db": "BID",
"id": "72066"
},
{
"date": "2015-01-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-349"
},
{
"date": "2015-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007734"
},
{
"date": "2025-11-05T00:15:34.043000",
"db": "NVD",
"id": "CVE-2014-5418"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-349"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural GE MultiLink ML Service disruption in series switch firmware (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007734"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "a9025e9e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-349"
}
],
"trust": 0.8
}
}
VAR-201503-0371
Vulnerability from variot - Updated: 2025-11-18 15:34The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values. Supplementary information : CWE Vulnerability type by CWE-330: Use of Insufficiently Random Values ( Insufficient random value used ) Has been identified. The GE Hydran M2 is a fault gas and moisture detection solution. General Electric (GE) Hydran M2 is prone to a predictable random number generator weakness
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201503-0371",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hydran m2",
"scope": null,
"trust": 1.2,
"vendor": "ge",
"version": null
},
{
"model": "hydran m2",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": "*"
},
{
"model": "hydran m2",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "electric hydran m2",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "hydran m2",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "9ca20a14-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01827"
},
{
"db": "BID",
"id": "73026"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-323"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007977"
},
{
"db": "NVD",
"id": "CVE-2014-5409"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:ge:hydran_m2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007977"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Raheem Beyah, David Formby, and San Shin Jung of Georgia Tech.",
"sources": [
{
"db": "BID",
"id": "73026"
}
],
"trust": 0.3
},
"cve": "CVE-2014-5409",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-5409",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-5409",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-01827",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "9ca20a14-2351-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2014-5409",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-5409",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-5409",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-01827",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201503-323",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "9ca20a14-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "9ca20a14-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01827"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-323"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007977"
},
{
"db": "NVD",
"id": "CVE-2014-5409"
},
{
"db": "NVD",
"id": "CVE-2014-5409"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values. Supplementary information : CWE Vulnerability type by CWE-330: Use of Insufficiently Random Values ( Insufficient random value used ) Has been identified. The GE Hydran M2 is a fault gas and moisture detection solution. General Electric (GE) Hydran M2 is prone to a predictable random number generator weakness",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5409"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007977"
},
{
"db": "CNVD",
"id": "CNVD-2015-01827"
},
{
"db": "BID",
"id": "73026"
},
{
"db": "IVD",
"id": "9ca20a14-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-5409",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-15-041-02",
"trust": 3.3
},
{
"db": "BID",
"id": "73026",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-01827",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201503-323",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007977",
"trust": 0.8
},
{
"db": "IVD",
"id": "9CA20A14-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "9ca20a14-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01827"
},
{
"db": "BID",
"id": "73026"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-323"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007977"
},
{
"db": "NVD",
"id": "CVE-2014-5409"
}
]
},
"id": "VAR-201503-0371",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "9ca20a14-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01827"
}
],
"trust": 1.425
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "9ca20a14-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01827"
}
]
},
"last_update_date": "2025-11-18T15:34:02.847000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Hydran M2",
"trust": 0.8,
"url": "https://www.gedigitalenergy.com/md/catalog/hydranm2.htm"
},
{
"title": "GE Hydran M2 can guess patches for TCP initialization sequence vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/56375"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01827"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007977"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-343",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007977"
},
{
"db": "NVD",
"id": "CVE-2014-5409"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-041-02"
},
{
"trust": 1.6,
"url": "http://libraries.ge.com/download?fileid=642886573101\u0026entity_id=31955841101\u0026sid=101"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-041-02"
},
{
"trust": 1.0,
"url": "https://github.com/cisagov/csaf/blob/develop/csaf_files/ot/white/2015/icsa-15-041-02.json"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5409"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5409"
},
{
"trust": 0.3,
"url": "http://www.ge.com/"
},
{
"trust": 0.3,
"url": "https://www.gedigitalenergy.com/md/catalog/hydranm2.htm"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01827"
},
{
"db": "BID",
"id": "73026"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-323"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007977"
},
{
"db": "NVD",
"id": "CVE-2014-5409"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "9ca20a14-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01827"
},
{
"db": "BID",
"id": "73026"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-323"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007977"
},
{
"db": "NVD",
"id": "CVE-2014-5409"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-19T00:00:00",
"db": "IVD",
"id": "9ca20a14-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-03-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01827"
},
{
"date": "2015-03-10T00:00:00",
"db": "BID",
"id": "73026"
},
{
"date": "2015-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-323"
},
{
"date": "2015-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007977"
},
{
"date": "2015-03-14T01:59:00.067000",
"db": "NVD",
"id": "CVE-2014-5409"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01827"
},
{
"date": "2015-03-10T00:00:00",
"db": "BID",
"id": "73026"
},
{
"date": "2015-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-323"
},
{
"date": "2015-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007977"
},
{
"date": "2025-11-03T19:15:39.013000",
"db": "NVD",
"id": "CVE-2014-5409"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201503-323"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Digital Energy Hydran M2 for 17046 Ethernet Vulnerability in a packet being spoofed",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007977"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "73026"
}
],
"trust": 0.3
}
}
VAR-201708-0289
Vulnerability from variot - Updated: 2025-11-18 15:22Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier. A remote attacker can exploit the vulnerability to inject arbitrary web scripts or HTML
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0289",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "multilink ml1200",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml800",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml810",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "5.2.0"
},
{
"model": "multilink ml2400",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml1600",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml3100",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "5.2.0"
},
{
"model": "multilink ml3000",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "5.2.0"
},
{
"model": "multilink ml1200",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "4.2.1"
},
{
"model": "multilink ml1600",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "4.2.1"
},
{
"model": "multilink ml2400",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "4.2.1"
},
{
"model": "multilink ml3000",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "5.2.0"
},
{
"model": "multilink ml3100",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "5.2.0"
},
{
"model": "multilink ml800",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "4.2.1"
},
{
"model": "multilink ml810",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "5.2.0"
},
{
"model": "multilink ml800",
"scope": "lte",
"trust": 0.6,
"vendor": "general electric",
"version": "\u003c=4.2.1"
},
{
"model": "multilink ml1200",
"scope": "lte",
"trust": 0.6,
"vendor": "general electric",
"version": "\u003c=4.2.1"
},
{
"model": "multilink ml1600",
"scope": "lte",
"trust": 0.6,
"vendor": "general electric",
"version": "\u003c=4.2.1"
},
{
"model": "multilink ml2400",
"scope": "lte",
"trust": 0.6,
"vendor": "general electric",
"version": "\u003c=4.2.1"
},
{
"model": "multilink ml810",
"scope": "lte",
"trust": 0.6,
"vendor": "general electric",
"version": "\u003c=5.2.0"
},
{
"model": "multilink ml3000",
"scope": "lte",
"trust": 0.6,
"vendor": "general electric",
"version": "\u003c=5.2.0"
},
{
"model": "multilink ml3100",
"scope": "lte",
"trust": 0.6,
"vendor": "general electric",
"version": "\u003c=5.2.0"
},
{
"model": "multilink ml3000",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "5.2.0"
},
{
"model": "multilink ml3100",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "5.2.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07693"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-286"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007815"
},
{
"db": "NVD",
"id": "CVE-2015-3976"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:ge:multilink_ml1200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml1600_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml2400_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml3000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml3100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml800_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml810_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007815"
}
]
},
"cve": "CVE-2015-3976",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2015-3976",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2015-3976",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2015-07693",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-81937",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2015-3976",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2015-3976",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2015-3976",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-3976",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-07693",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201511-286",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-81937",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07693"
},
{
"db": "VULHUB",
"id": "VHN-81937"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-286"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007815"
},
{
"db": "NVD",
"id": "CVE-2015-3976"
},
{
"db": "NVD",
"id": "CVE-2015-3976"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier. A remote attacker can exploit the vulnerability to inject arbitrary web scripts or HTML",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3976"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007815"
},
{
"db": "CNVD",
"id": "CNVD-2015-07693"
},
{
"db": "VULHUB",
"id": "VHN-81937"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-15-013-04A",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2015-3976",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007815",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201511-286",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-07693",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-81937",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07693"
},
{
"db": "VULHUB",
"id": "VHN-81937"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-286"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007815"
},
{
"db": "NVD",
"id": "CVE-2015-3976"
}
]
},
"id": "VAR-201708-0289",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07693"
},
{
"db": "VULHUB",
"id": "VHN-81937"
}
],
"trust": 1.31538464
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07693"
}
]
},
"last_update_date": "2025-11-18T15:22:25.336000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GET-20024",
"trust": 0.8,
"url": "http://www.gegridsolutions.com/products/support/multilink/MLSB0415.pdf"
},
{
"title": "Patches for multiple GE switch cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/67000"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07693"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007815"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81937"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007815"
},
{
"db": "NVD",
"id": "CVE-2015-3976"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-013-04a"
},
{
"trust": 1.2,
"url": "http://www.gegridsolutions.com/products/support/multilink/mlsb0415.pdf"
},
{
"trust": 1.0,
"url": "http://www.gedigitalenergy.com/products/support/multilink/mlsb1214.pdf"
},
{
"trust": 1.0,
"url": "https://github.com/cisagov/csaf/blob/develop/csaf_files/ot/white/2015/icsa-15-013-04a.json"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-013-04a"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3976"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3976"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07693"
},
{
"db": "VULHUB",
"id": "VHN-81937"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-286"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007815"
},
{
"db": "NVD",
"id": "CVE-2015-3976"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-07693"
},
{
"db": "VULHUB",
"id": "VHN-81937"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-286"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007815"
},
{
"db": "NVD",
"id": "CVE-2015-3976"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07693"
},
{
"date": "2017-08-28T00:00:00",
"db": "VULHUB",
"id": "VHN-81937"
},
{
"date": "2015-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-286"
},
{
"date": "2017-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007815"
},
{
"date": "2017-08-28T15:29:01.453000",
"db": "NVD",
"id": "CVE-2015-3976"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07693"
},
{
"date": "2017-09-06T00:00:00",
"db": "VULHUB",
"id": "VHN-81937"
},
{
"date": "2017-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-286"
},
{
"date": "2017-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007815"
},
{
"date": "2025-11-05T00:15:34.387000",
"db": "NVD",
"id": "CVE-2015-3976"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-286"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural GE Multilink ML Cross-site scripting vulnerability in switches",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007815"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-286"
}
],
"trust": 0.6
}
}
VAR-201501-0149
Vulnerability from variot - Updated: 2025-10-04 23:32The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file. GE Intelligent Platforms Proficy HMI/SCADA\342\200\223iFIX is the world's leading industrial automation software solution that provides process visualization, data acquisition and data monitoring for production operations. GE Proficy HMI/SCADA-CIMPLICITY has multiple local buffer overflow vulnerabilities that allow a local attacker to exploit this vulnerability to execute arbitrary code in the context of an application. Failed exploit attempts may result in a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0149",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "8.2"
},
{
"model": "proficy hmi/scada - cimplicity",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "8.2"
},
{
"model": "proficy hmi/scada-cimplicity",
"scope": "eq",
"trust": 0.6,
"vendor": "general electric",
"version": "8.2"
},
{
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "8.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi scada cimplicity",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a8fff370-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00443"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-366"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007733"
},
{
"db": "NVD",
"id": "CVE-2014-2355"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ge:intelligent_platforms_proficy_hmi%2Fscada_cimplicity",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007733"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Said Arfi",
"sources": [
{
"db": "BID",
"id": "72096"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2355",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2014-2355",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 2.7,
"id": "CVE-2014-2355",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2015-00443",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "a8fff370-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2014-2355",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-2355",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-2355",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-00443",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201501-366",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "a8fff370-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a8fff370-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00443"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-366"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007733"
},
{
"db": "NVD",
"id": "CVE-2014-2355"
},
{
"db": "NVD",
"id": "CVE-2014-2355"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file. GE Intelligent Platforms Proficy HMI/SCADA\\342\\200\\223iFIX is the world\u0027s leading industrial automation software solution that provides process visualization, data acquisition and data monitoring for production operations. GE Proficy HMI/SCADA-CIMPLICITY has multiple local buffer overflow vulnerabilities that allow a local attacker to exploit this vulnerability to execute arbitrary code in the context of an application. Failed exploit attempts may result in a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2355"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007733"
},
{
"db": "CNVD",
"id": "CNVD-2015-00443"
},
{
"db": "BID",
"id": "72096"
},
{
"db": "IVD",
"id": "a8fff370-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2355",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-14-289-02",
"trust": 2.4
},
{
"db": "BID",
"id": "72096",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-00443",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201501-366",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007733",
"trust": 0.8
},
{
"db": "IVD",
"id": "A8FFF370-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a8fff370-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00443"
},
{
"db": "BID",
"id": "72096"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-366"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007733"
},
{
"db": "NVD",
"id": "CVE-2014-2355"
}
]
},
"id": "VAR-201501-0149",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a8fff370-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00443"
}
],
"trust": 1.5051282000000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "a8fff370-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00443"
}
]
},
"last_update_date": "2025-10-04T23:32:31.290000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Proficy HMI/SCADA CIMPLICITY",
"trust": 0.8,
"url": "http://www.ge-ip.com/jp/products/proficy-hmi-scada-cimplicity/"
},
{
"title": "GE Proficy HMI/SCADA-CIMPLICITY has multiple patches for local buffer overflow vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/54206"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00443"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007733"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007733"
},
{
"db": "NVD",
"id": "CVE-2014-2355"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-289-02"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2355"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-289-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2355"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/72096"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00443"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-366"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007733"
},
{
"db": "NVD",
"id": "CVE-2014-2355"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a8fff370-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00443"
},
{
"db": "BID",
"id": "72096"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-366"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007733"
},
{
"db": "NVD",
"id": "CVE-2014-2355"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-21T00:00:00",
"db": "IVD",
"id": "a8fff370-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00443"
},
{
"date": "2014-10-16T00:00:00",
"db": "BID",
"id": "72096"
},
{
"date": "2015-01-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-366"
},
{
"date": "2015-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007733"
},
{
"date": "2015-01-17T02:59:00.067000",
"db": "NVD",
"id": "CVE-2014-2355"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00443"
},
{
"date": "2015-01-21T00:01:00",
"db": "BID",
"id": "72096"
},
{
"date": "2015-01-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-366"
},
{
"date": "2015-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007733"
},
{
"date": "2025-10-03T17:15:45.633000",
"db": "NVD",
"id": "CVE-2014-2355"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "72096"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-366"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Proficy HMI/SCADA-CIMPLICITY Vulnerability gained in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007733"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "a8fff370-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-366"
}
],
"trust": 0.8
}
}
VAR-201401-0365
Vulnerability from variot - Updated: 2025-08-24 23:08The CIMPLICITY Web-based access component, CimWebServer, does not check the location of shell files being loaded into the system. By modifying the source location, an attacker could send shell code to the CimWebServer which would deploy the nefarious files as part of any SCADA project. This could allow the attacker to execute arbitrary code. GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and Proficy Process Systems with CIMPLICITY of CimWebServer.exe ( alias WebView component ) Contains a directory traversal vulnerability. Zero Day Initiative Is vulnerable to this vulnerability ZDI-CAN-1623 Was numbered.By a third party TCP port 10212 Arbitrary code could be executed via a crafted message to. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CimWebServer component. This component performs insufficient parameter validation on the szScreen field. GE Proficy CIMPLICITY is a monitoring software developed by GE and one of the industry's leading HMI/SCADA software. The following products are affected: Proficy HMI/SCADA - CIMPLICITY 4.01 through versions 8.2 Proficy Process Systems with CIMPLICITY
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "7.5"
},
{
"_id": null,
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "8.0"
},
{
"_id": null,
"model": "intelligent platforms proficy process systems with cimplicity",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": null
},
{
"_id": null,
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "4.01"
},
{
"_id": null,
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "8.2"
},
{
"_id": null,
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "8.1"
},
{
"_id": null,
"model": "intelligent platforms proficy hmi\\%2fscada cimplicity",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "8.2"
},
{
"_id": null,
"model": "proficy hmi/scada - cimplicity",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": "4.01 to 8.2"
},
{
"_id": null,
"model": "proficy process systems with cimplicity",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"_id": null,
"model": "proficy cimplicity",
"scope": null,
"trust": 0.7,
"vendor": "ge",
"version": null
},
{
"_id": null,
"model": "electric proficy process systems with cimplicity",
"scope": null,
"trust": 0.6,
"vendor": "general",
"version": null
},
{
"_id": null,
"model": "electric proficy hmi/scada \\342\\200\\223 cimplicity",
"scope": "eq",
"trust": 0.6,
"vendor": "general",
"version": "4.01-8.2"
},
{
"_id": null,
"model": "intelligent platforms proficy hmi\\%2fscada cimplicity",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "8.2"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi 2fscada cimplicity",
"version": "*"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi scada cimplicity",
"version": "4.01"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi scada cimplicity",
"version": "7.5"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi scada cimplicity",
"version": "8.0"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi scada cimplicity",
"version": "8.1"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi scada cimplicity",
"version": "8.2"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy process with cimplicity",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "4369d8b8-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-016"
},
{
"db": "CNVD",
"id": "CNVD-2014-00675"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001258"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-524"
},
{
"db": "NVD",
"id": "CVE-2014-0751"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ge:intelligent_platforms_proficy_hmi%2Fscada_cimplicity",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ge:intelligent_platforms_proficy_process_systems_with_cimplicity",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001258"
}
]
},
"credits": {
"_id": null,
"data": "ZombiE and amisto0x07",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-016"
}
],
"trust": 0.7
},
"cve": "CVE-2014-0751",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0751",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-0751",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.7,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-00675",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "4369d8b8-2352-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2014-0751",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0751",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-0751",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2014-0751",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-00675",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-524",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "4369d8b8-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "4369d8b8-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-016"
},
{
"db": "CNVD",
"id": "CNVD-2014-00675"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001258"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-524"
},
{
"db": "NVD",
"id": "CVE-2014-0751"
},
{
"db": "NVD",
"id": "CVE-2014-0751"
}
]
},
"description": {
"_id": null,
"data": "The CIMPLICITY Web-based access component, CimWebServer, does not check \nthe location of shell files being loaded into the system. By modifying \nthe source location, an attacker could send shell code to the \nCimWebServer which would deploy the nefarious files as part of any SCADA\n project. This could allow the attacker to execute arbitrary code. GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and Proficy Process Systems with CIMPLICITY of CimWebServer.exe ( alias WebView component ) Contains a directory traversal vulnerability. Zero Day Initiative Is vulnerable to this vulnerability ZDI-CAN-1623 Was numbered.By a third party TCP port 10212 Arbitrary code could be executed via a crafted message to. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CimWebServer component. This component performs insufficient parameter validation on the szScreen field. GE Proficy CIMPLICITY is a monitoring software developed by GE and one of the industry\u0027s leading HMI/SCADA software. \nThe following products are affected:\nProficy HMI/SCADA - CIMPLICITY 4.01 through versions 8.2\nProficy Process Systems with CIMPLICITY",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0751"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001258"
},
{
"db": "ZDI",
"id": "ZDI-14-016"
},
{
"db": "CNVD",
"id": "CNVD-2014-00675"
},
{
"db": "BID",
"id": "65117"
},
{
"db": "IVD",
"id": "4369d8b8-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 3.24
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2014-0751",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-14-023-01",
"trust": 3.0
},
{
"db": "BID",
"id": "65117",
"trust": 1.9
},
{
"db": "BID",
"id": "65124",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2014-00675",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-524",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001258",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1623",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-016",
"trust": 0.7
},
{
"db": "IVD",
"id": "4369D8B8-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "4369d8b8-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-016"
},
{
"db": "CNVD",
"id": "CNVD-2014-00675"
},
{
"db": "BID",
"id": "65117"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001258"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-524"
},
{
"db": "NVD",
"id": "CVE-2014-0751"
}
]
},
"id": "VAR-201401-0365",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "4369d8b8-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00675"
}
],
"trust": 1.5099878000000002
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "4369d8b8-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00675"
}
]
},
"last_update_date": "2025-08-24T23:08:30.083000Z",
"patch": {
"_id": null,
"data": [
{
"title": "KB15940",
"trust": 0.8,
"url": "http://support.ge-ip.com/support/index?page=kbchannel\u0026id=KB15940"
},
{
"title": "GE has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01"
},
{
"title": "Multiple General Electric product shell upload vulnerability patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/43199"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-016"
},
{
"db": "CNVD",
"id": "CNVD-2014-00675"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001258"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001258"
},
{
"db": "NVD",
"id": "CVE-2014-0751"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.7,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-023-01"
},
{
"trust": 1.6,
"url": "http://support.ge-ip.com/support/index?page=kbchannel\u0026id=kb15940"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/65124"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-023-01"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/65117"
},
{
"trust": 1.0,
"url": "http://support.ge-ip.com/support/index?page=kbchannel\u0026id=kb15939"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0751"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0751"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-016"
},
{
"db": "CNVD",
"id": "CNVD-2014-00675"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001258"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-524"
},
{
"db": "NVD",
"id": "CVE-2014-0751"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "4369d8b8-2352-11e6-abef-000c29c66e3d",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-14-016",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2014-00675",
"ident": null
},
{
"db": "BID",
"id": "65117",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001258",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201401-524",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2014-0751",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2014-01-28T00:00:00",
"db": "IVD",
"id": "4369d8b8-2352-11e6-abef-000c29c66e3d",
"ident": null
},
{
"date": "2014-02-13T00:00:00",
"db": "ZDI",
"id": "ZDI-14-016",
"ident": null
},
{
"date": "2014-01-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00675",
"ident": null
},
{
"date": "2014-01-23T00:00:00",
"db": "BID",
"id": "65117",
"ident": null
},
{
"date": "2014-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001258",
"ident": null
},
{
"date": "2014-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-524",
"ident": null
},
{
"date": "2014-01-25T22:55:04.583000",
"db": "NVD",
"id": "CVE-2014-0751",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2014-02-13T00:00:00",
"db": "ZDI",
"id": "ZDI-14-016",
"ident": null
},
{
"date": "2014-01-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00675",
"ident": null
},
{
"date": "2014-02-17T03:56:00",
"db": "BID",
"id": "65117",
"ident": null
},
{
"date": "2014-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001258",
"ident": null
},
{
"date": "2014-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-524",
"ident": null
},
{
"date": "2025-08-22T23:15:30.233000",
"db": "NVD",
"id": "CVE-2014-0751",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-524"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and Proficy Process Systems with CIMPLICITY Vulnerable to directory traversal",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001258"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "4369d8b8-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-524"
}
],
"trust": 0.8
}
}
VAR-201401-0364
Vulnerability from variot - Updated: 2025-08-23 23:23Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP request, aka ZDI-CAN-1622. Zero Day Initiative Is vulnerable to this vulnerability ZDI-CAN-1622 Was numbered.Skillfully crafted by a third party HTTP Arbitrary code may be executed via a request. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gefebt.exe component. This component performs insufficient parameter validation on an HTTP request. Successful exploitation will allow an attacker to upload and execute an arbitrary file on the target server. GE Proficy CIMPLICITY is a monitoring software developed by GE and one of the industry's leading HMI/SCADA software. GE Proficy CIMPLICITY CimWebServer The gefebt.exe component fails to properly check the location of shell files loaded into the system. By modifying the source location, an attacker can send shell code to CimWebServer and deploy it in a server-side script to execute arbitrary code. The following products are affected: Proficy HMI/SCADA - CIMPLICITY 4.01 through versions 8.2 Proficy Process Systems with CIMPLICITY
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "7.5"
},
{
"_id": null,
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "8.0"
},
{
"_id": null,
"model": "intelligent platforms proficy process systems with cimplicity",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": null
},
{
"_id": null,
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "4.01"
},
{
"_id": null,
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "8.2"
},
{
"_id": null,
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "8.1"
},
{
"_id": null,
"model": "intelligent platforms proficy hmi\\%2fscada cimplicity",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "8.2"
},
{
"_id": null,
"model": "proficy hmi/scada - cimplicity",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": "4.01 to 8.2"
},
{
"_id": null,
"model": "proficy process systems with cimplicity",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"_id": null,
"model": "proficy cimplicity",
"scope": null,
"trust": 0.7,
"vendor": "ge",
"version": null
},
{
"_id": null,
"model": "electric proficy process systems with cimplicity",
"scope": null,
"trust": 0.6,
"vendor": "general",
"version": null
},
{
"_id": null,
"model": "electric proficy hmi/scada \\342\\200\\223 cimplicity",
"scope": "eq",
"trust": 0.6,
"vendor": "general",
"version": "4.01-8.2"
},
{
"_id": null,
"model": "intelligent platforms proficy hmi\\%2fscada cimplicity",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "8.2"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi 2fscada cimplicity",
"version": "*"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi scada cimplicity",
"version": "4.01"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi scada cimplicity",
"version": "7.5"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi scada cimplicity",
"version": "8.0"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi scada cimplicity",
"version": "8.1"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi scada cimplicity",
"version": "8.2"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy process with cimplicity",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "4371f0a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-015"
},
{
"db": "CNVD",
"id": "CNVD-2014-00669"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001257"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-523"
},
{
"db": "NVD",
"id": "CVE-2014-0750"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ge:intelligent_platforms_proficy_hmi%2Fscada_cimplicity",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ge:intelligent_platforms_proficy_process_systems_with_cimplicity",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001257"
}
]
},
"credits": {
"_id": null,
"data": "ZombiE and amisto0x07",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-015"
}
],
"trust": 0.7
},
"cve": "CVE-2014-0750",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0750",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 3.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-00669",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "4371f0a2-2352-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2014-0750",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0750",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-0750",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2014-0750",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-00669",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-523",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "4371f0a2-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "4371f0a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-015"
},
{
"db": "CNVD",
"id": "CNVD-2014-00669"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001257"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-523"
},
{
"db": "NVD",
"id": "CVE-2014-0750"
},
{
"db": "NVD",
"id": "CVE-2014-0750"
}
]
},
"description": {
"_id": null,
"data": "Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP request, aka ZDI-CAN-1622. Zero Day Initiative Is vulnerable to this vulnerability ZDI-CAN-1622 Was numbered.Skillfully crafted by a third party HTTP Arbitrary code may be executed via a request. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gefebt.exe component. This component performs insufficient parameter validation on an HTTP request. Successful exploitation will allow an attacker to upload and execute an arbitrary file on the target server. GE Proficy CIMPLICITY is a monitoring software developed by GE and one of the industry\u0027s leading HMI/SCADA software. GE Proficy CIMPLICITY CimWebServer The gefebt.exe component fails to properly check the location of shell files loaded into the system. By modifying the source location, an attacker can send shell code to CimWebServer and deploy it in a server-side script to execute arbitrary code. \nThe following products are affected:\nProficy HMI/SCADA - CIMPLICITY 4.01 through versions 8.2\nProficy Process Systems with CIMPLICITY",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0750"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001257"
},
{
"db": "ZDI",
"id": "ZDI-14-015"
},
{
"db": "CNVD",
"id": "CNVD-2014-00669"
},
{
"db": "BID",
"id": "65124"
},
{
"db": "IVD",
"id": "4371f0a2-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 3.24
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2014-0750",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-14-023-01",
"trust": 3.0
},
{
"db": "BID",
"id": "65124",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2014-00669",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-523",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001257",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1622",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-015",
"trust": 0.7
},
{
"db": "IVD",
"id": "4371F0A2-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "4371f0a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-015"
},
{
"db": "CNVD",
"id": "CNVD-2014-00669"
},
{
"db": "BID",
"id": "65124"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001257"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-523"
},
{
"db": "NVD",
"id": "CVE-2014-0750"
}
]
},
"id": "VAR-201401-0364",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "4371f0a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00669"
}
],
"trust": 1.5099878000000002
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "4371f0a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00669"
}
]
},
"last_update_date": "2025-08-23T23:23:32.051000Z",
"patch": {
"_id": null,
"data": [
{
"title": "KB15939",
"trust": 0.8,
"url": "http://support.ge-ip.com/support/index?page=kbchannel\u0026id=KB15939"
},
{
"title": "GE has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01"
},
{
"title": "Patches for multiple Generel Electric products \u0027gefebt.exe\u0027 shell upload vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/43195"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-015"
},
{
"db": "CNVD",
"id": "CNVD-2014-00669"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001257"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001257"
},
{
"db": "NVD",
"id": "CVE-2014-0750"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.7,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-023-01"
},
{
"trust": 1.6,
"url": "http://support.ge-ip.com/support/index?page=kbchannel\u0026id=kb15939"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/65124"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-023-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0750"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0750"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-015"
},
{
"db": "CNVD",
"id": "CNVD-2014-00669"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001257"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-523"
},
{
"db": "NVD",
"id": "CVE-2014-0750"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "4371f0a2-2352-11e6-abef-000c29c66e3d",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-14-015",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2014-00669",
"ident": null
},
{
"db": "BID",
"id": "65124",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001257",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201401-523",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2014-0750",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2014-01-28T00:00:00",
"db": "IVD",
"id": "4371f0a2-2352-11e6-abef-000c29c66e3d",
"ident": null
},
{
"date": "2014-02-13T00:00:00",
"db": "ZDI",
"id": "ZDI-14-015",
"ident": null
},
{
"date": "2014-01-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00669",
"ident": null
},
{
"date": "2014-01-23T00:00:00",
"db": "BID",
"id": "65124",
"ident": null
},
{
"date": "2014-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001257",
"ident": null
},
{
"date": "2014-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-523",
"ident": null
},
{
"date": "2014-01-25T22:55:04.550000",
"db": "NVD",
"id": "CVE-2014-0750",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2014-02-13T00:00:00",
"db": "ZDI",
"id": "ZDI-14-015",
"ident": null
},
{
"date": "2014-01-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00669",
"ident": null
},
{
"date": "2015-07-15T00:14:00",
"db": "BID",
"id": "65124",
"ident": null
},
{
"date": "2014-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001257",
"ident": null
},
{
"date": "2014-02-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-523",
"ident": null
},
{
"date": "2025-08-22T23:15:29.763000",
"db": "NVD",
"id": "CVE-2014-0750",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-523"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and Proficy Process Systems with CIMPLICITY Vulnerable to directory traversal",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001257"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "4371f0a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-523"
}
],
"trust": 0.8
}
}
VAR-201706-0659
Vulnerability from variot - Updated: 2025-04-20 23:42A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands. plural General Electric (GE) The product contains cryptographic vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The GE Multilin SR Relay Protector has an unauthorized access vulnerability that allows an attacker to gain access to a user password from a front panel or Modbus command and gain unauthorized access to GE MultilinSR Series Relay Protector products. GE 750 Feeder Protection Relay and others are relay products of General Electric (GE) of the United States. Security vulnerabilities exist in several GE products due to weak passwords used by programs. An attacker could exploit this vulnerability to gain access to the system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0659",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "multilin urplus b95",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": null
},
{
"model": "multilin sr 369 motor protection relay",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": null
},
{
"model": "multilin urplus d90",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": null
},
{
"model": "multilin urplus c90",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": null
},
{
"model": "multilin sr 760 feeder protection relay",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "5.02"
},
{
"model": "multilin sr 745 transformer protection relay",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "2.85"
},
{
"model": "multilin sr 750 feeder protection relay",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "5.02"
},
{
"model": "multilin sr 489 generator protection relay",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "1.53"
},
{
"model": "multilin universal relay",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "6.0"
},
{
"model": "multilin sr 469 motor protection relay",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "2.90"
},
{
"model": "sr 369 motor protection relay",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "sr 469 motor protection relay",
"scope": "lt",
"trust": 0.8,
"vendor": "general electric",
"version": "5.23"
},
{
"model": "sr 489 generator protection relay",
"scope": "lt",
"trust": 0.8,
"vendor": "general electric",
"version": "4.06"
},
{
"model": "sr 745 transformer protection relay",
"scope": "lt",
"trust": 0.8,
"vendor": "general electric",
"version": "5.23"
},
{
"model": "sr 750 feeder protection relay",
"scope": "lt",
"trust": 0.8,
"vendor": "general electric",
"version": "7.47"
},
{
"model": "sr 760 feeder protection relay",
"scope": "lt",
"trust": 0.8,
"vendor": "general electric",
"version": "7.47"
},
{
"model": "universal relay",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "6.0"
},
{
"model": "urplus b95",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "urplus c90",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "urplus d90",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "feeder protection relay",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "750\u003c7.47"
},
{
"model": "feeder protection relay",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "760\u003c7.47"
},
{
"model": "motor protection relay",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "469\u003c5.23"
},
{
"model": "generator protection relay",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "489\u003c4.06"
},
{
"model": "transformer protection relay",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "745\u003c5.23"
},
{
"model": "feeder protection relay",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "750"
},
{
"model": "feeder protection relay",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "760"
},
{
"model": "transformer protection relay",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "745"
},
{
"model": "generator protection relay",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "489"
},
{
"model": "motor protection relay",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "469"
},
{
"model": "motor protection relay",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "369"
},
{
"model": "multilin sr 489 generator protection relay",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "1.53"
},
{
"model": "multilin sr 750 feeder protection relay",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "5.02"
},
{
"model": "multilin sr 745 transformer protection relay",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "2.85"
},
{
"model": "multilin sr 469 motor protection relay",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "2.90"
},
{
"model": "multilin universal relay",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "6.0"
},
{
"model": "multilin sr 760 feeder protection relay",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "5.02"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "multilin sr 750 feeder protection relay",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "multilin urplus b95",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "multilin sr 760 feeder protection relay",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "multilin sr 469 motor protection relay",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "multilin sr 489 generator protection relay",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "multilin sr 745 transformer protection relay",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "multilin sr 369 motor protection relay",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "multilin universal relay",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "multilin urplus d90",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "multilin urplus c90",
"version": null
},
{
"model": "feeder protection relay",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "7600"
},
{
"model": "feeder protection relay",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "7500"
},
{
"model": "transformer protection relay",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "7450"
},
{
"model": "generator protection relay",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "4890"
},
{
"model": "motor protection relay",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "4690"
},
{
"model": "motor protection relay",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "3690"
},
{
"model": "feeder protection relay",
"scope": "ne",
"trust": 0.3,
"vendor": "ge",
"version": "7607.47"
},
{
"model": "feeder protection relay",
"scope": "ne",
"trust": 0.3,
"vendor": "ge",
"version": "7507.47"
},
{
"model": "transformer protection relay",
"scope": "ne",
"trust": 0.3,
"vendor": "ge",
"version": "7455.23"
},
{
"model": "generator protection relay",
"scope": "ne",
"trust": 0.3,
"vendor": "ge",
"version": "4894.06"
},
{
"model": "motor protection relay",
"scope": "ne",
"trust": 0.3,
"vendor": "ge",
"version": "4695.23"
}
],
"sources": [
{
"db": "IVD",
"id": "5dd457b7-da91-43e9-bbcf-14025ad4cf1c"
},
{
"db": "IVD",
"id": "d9b1473e-6988-4096-86db-42efea36309a"
},
{
"db": "CNVD",
"id": "CNVD-2017-05694"
},
{
"db": "CNVD",
"id": "CNVD-2017-07261"
},
{
"db": "BID",
"id": "98063"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005682"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-173"
},
{
"db": "NVD",
"id": "CVE-2017-7905"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:ge:multilin_sr_369_motor_protection_relay_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilin_sr_469_motor_protection_relay_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilin_sr_489_generator_protection_relay_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilin_sr_745_transformer_protection_relay_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilin_sr_750_feeder_protection_relay_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilin_sr_760_feeder_protection_relay_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilin_universal_relay_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilin_urplus_b95_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilin_urplus_c90_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilin_urplus_d90_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005682"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Charalambos Konstantinou,Anastasis Keliris, Marios Sazos, and Dr. Michail (Mihalis) Maniatakos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-173"
}
],
"trust": 0.6
},
"cve": "CVE-2017-7905",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-7905",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2017-05694",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2017-07261",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "5dd457b7-da91-43e9-bbcf-14025ad4cf1c",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "d9b1473e-6988-4096-86db-42efea36309a",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-116108",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-7905",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-7905",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-7905",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-05694",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-07261",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-173",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "5dd457b7-da91-43e9-bbcf-14025ad4cf1c",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "d9b1473e-6988-4096-86db-42efea36309a",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-116108",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5dd457b7-da91-43e9-bbcf-14025ad4cf1c"
},
{
"db": "IVD",
"id": "d9b1473e-6988-4096-86db-42efea36309a"
},
{
"db": "CNVD",
"id": "CNVD-2017-05694"
},
{
"db": "CNVD",
"id": "CNVD-2017-07261"
},
{
"db": "VULHUB",
"id": "VHN-116108"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005682"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-173"
},
{
"db": "NVD",
"id": "CVE-2017-7905"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands. plural General Electric (GE) The product contains cryptographic vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The GE Multilin SR Relay Protector has an unauthorized access vulnerability that allows an attacker to gain access to a user password from a front panel or Modbus command and gain unauthorized access to GE MultilinSR Series Relay Protector products. GE 750 Feeder Protection Relay and others are relay products of General Electric (GE) of the United States. Security vulnerabilities exist in several GE products due to weak passwords used by programs. An attacker could exploit this vulnerability to gain access to the system",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7905"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005682"
},
{
"db": "CNVD",
"id": "CNVD-2017-05694"
},
{
"db": "CNVD",
"id": "CNVD-2017-07261"
},
{
"db": "BID",
"id": "98063"
},
{
"db": "IVD",
"id": "5dd457b7-da91-43e9-bbcf-14025ad4cf1c"
},
{
"db": "IVD",
"id": "d9b1473e-6988-4096-86db-42efea36309a"
},
{
"db": "VULHUB",
"id": "VHN-116108"
}
],
"trust": 3.42
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7905",
"trust": 4.4
},
{
"db": "BID",
"id": "98063",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-117-01A",
"trust": 2.3
},
{
"db": "CNNVD",
"id": "CNNVD-201705-173",
"trust": 1.1
},
{
"db": "ICS CERT",
"id": "ICSA-17-117-01",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-05694",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-07261",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-117-01B",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005682",
"trust": 0.8
},
{
"db": "IVD",
"id": "5DD457B7-DA91-43E9-BBCF-14025AD4CF1C",
"trust": 0.2
},
{
"db": "IVD",
"id": "D9B1473E-6988-4096-86DB-42EFEA36309A",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-116108",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "5dd457b7-da91-43e9-bbcf-14025ad4cf1c"
},
{
"db": "IVD",
"id": "d9b1473e-6988-4096-86db-42efea36309a"
},
{
"db": "CNVD",
"id": "CNVD-2017-05694"
},
{
"db": "CNVD",
"id": "CNVD-2017-07261"
},
{
"db": "VULHUB",
"id": "VHN-116108"
},
{
"db": "BID",
"id": "98063"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005682"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-173"
},
{
"db": "NVD",
"id": "CVE-2017-7905"
}
]
},
"id": "VAR-201706-0659",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5dd457b7-da91-43e9-bbcf-14025ad4cf1c"
},
{
"db": "IVD",
"id": "d9b1473e-6988-4096-86db-42efea36309a"
},
{
"db": "CNVD",
"id": "CNVD-2017-05694"
},
{
"db": "CNVD",
"id": "CNVD-2017-07261"
},
{
"db": "VULHUB",
"id": "VHN-116108"
}
],
"trust": 2.5333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.6
}
],
"sources": [
{
"db": "IVD",
"id": "5dd457b7-da91-43e9-bbcf-14025ad4cf1c"
},
{
"db": "IVD",
"id": "d9b1473e-6988-4096-86db-42efea36309a"
},
{
"db": "CNVD",
"id": "CNVD-2017-05694"
},
{
"db": "CNVD",
"id": "CNVD-2017-07261"
}
]
},
"last_update_date": "2025-04-20T23:42:12.599000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.gegridsolutions.com/index.htm"
},
{
"title": "GE Multilin SR Relay Protector Unauthorized Access Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/92971"
},
{
"title": "Patches for multiple GE product weak password vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/94150"
},
{
"title": "Multiple GE Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69825"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05694"
},
{
"db": "CNVD",
"id": "CNVD-2017-07261"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005682"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-173"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.1
},
{
"problemtype": "CWE-330",
"trust": 1.1
},
{
"problemtype": "CWE-522",
"trust": 1.1
},
{
"problemtype": "CWE-261",
"trust": 1.0
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116108"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005682"
},
{
"db": "NVD",
"id": "CVE-2017-7905"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/98063"
},
{
"trust": 2.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-117-01a"
},
{
"trust": 0.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-117-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7905"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-117-01b"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7905"
},
{
"trust": 0.3,
"url": "https://www.gegridsolutions.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05694"
},
{
"db": "CNVD",
"id": "CNVD-2017-07261"
},
{
"db": "VULHUB",
"id": "VHN-116108"
},
{
"db": "BID",
"id": "98063"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005682"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-173"
},
{
"db": "NVD",
"id": "CVE-2017-7905"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5dd457b7-da91-43e9-bbcf-14025ad4cf1c"
},
{
"db": "IVD",
"id": "d9b1473e-6988-4096-86db-42efea36309a"
},
{
"db": "CNVD",
"id": "CNVD-2017-05694"
},
{
"db": "CNVD",
"id": "CNVD-2017-07261"
},
{
"db": "VULHUB",
"id": "VHN-116108"
},
{
"db": "BID",
"id": "98063"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005682"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-173"
},
{
"db": "NVD",
"id": "CVE-2017-7905"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-01T00:00:00",
"db": "IVD",
"id": "5dd457b7-da91-43e9-bbcf-14025ad4cf1c"
},
{
"date": "2017-05-23T00:00:00",
"db": "IVD",
"id": "d9b1473e-6988-4096-86db-42efea36309a"
},
{
"date": "2017-05-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05694"
},
{
"date": "2017-05-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07261"
},
{
"date": "2017-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-116108"
},
{
"date": "2017-04-27T00:00:00",
"db": "BID",
"id": "98063"
},
{
"date": "2017-08-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005682"
},
{
"date": "2017-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-173"
},
{
"date": "2017-06-30T03:29:00.890000",
"db": "NVD",
"id": "CVE-2017-7905"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05694"
},
{
"date": "2017-05-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07261"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-116108"
},
{
"date": "2017-05-02T00:11:00",
"db": "BID",
"id": "98063"
},
{
"date": "2017-08-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005682"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-173"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-7905"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-173"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Multilin SR Relay Protector Unauthorized Access Vulnerability",
"sources": [
{
"db": "IVD",
"id": "5dd457b7-da91-43e9-bbcf-14025ad4cf1c"
},
{
"db": "CNVD",
"id": "CNVD-2017-05694"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-173"
}
],
"trust": 0.6
}
}
VAR-201702-0859
Vulnerability from variot - Updated: 2025-04-20 23:33An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session. GE Proficy HMI/SCADA-CIMPLICITY is a client/server based HMI/SCADA solution from General Electric (GE). The solution captures and shares real-time and historical data across all levels of the enterprise, enabling visualization of processes, equipment, and resource monitoring operations. Proficy Historian is a factory system that collects, archives and distributes a large amount of real-time data at high speed, which significantly improves operational visibility and profit and loss settlement lines. Local vulnerabilities can exploit this vulnerability to obtain sensitive information. Multiple GE products are prone to a local information-disclosure vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0859",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ifix",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "5.8"
},
{
"model": "historian",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "6.0"
},
{
"model": "cimplicity",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "9.0"
},
{
"model": "cimplicity",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "9.0"
},
{
"model": "historian",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "6.0"
},
{
"model": "ifix",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "5.8 sim 13"
},
{
"model": "electric proficy historian",
"scope": "lte",
"trust": 0.6,
"vendor": "general",
"version": "\u003c=6.0"
},
{
"model": "electric proficy hmi/scada cimplicity",
"scope": "lte",
"trust": 0.6,
"vendor": "general",
"version": "\u003c=9.0"
},
{
"model": "electric proficy hmi/scada ifix sim",
"scope": "lte",
"trust": 0.6,
"vendor": "general",
"version": "\u003c=5.813"
},
{
"model": "historian",
"scope": "eq",
"trust": 0.6,
"vendor": "general electric",
"version": "6.0"
},
{
"model": "ifix",
"scope": "eq",
"trust": 0.6,
"vendor": "general electric",
"version": "5.8"
},
{
"model": "cimplicity",
"scope": "eq",
"trust": 0.6,
"vendor": "general electric",
"version": "9.0"
},
{
"model": "proficy hmi/scada ifix sim",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "5.813"
},
{
"model": "proficy hmi/scada ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "5.5"
},
{
"model": "proficy hmi/scada ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "5.1"
},
{
"model": "proficy hmi/scada ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "5.0"
},
{
"model": "proficy hmi/scada ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "4.0"
},
{
"model": "proficy hmi/scada cimplicity",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "9.0"
},
{
"model": "proficy hmi/scada cimplicity",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "8.0"
},
{
"model": "proficy hmi/scada cimplicity",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "7.0"
},
{
"model": "proficy historian",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "6.0"
},
{
"model": "proficy historian",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "5.5"
},
{
"model": "proficy historian",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "4.5"
},
{
"model": "proficy historian",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "4.0"
},
{
"model": "proficy historian",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "3.5"
},
{
"model": "proficy hmi/scada ifix sim",
"scope": "ne",
"trust": 0.3,
"vendor": "ge",
"version": "5.814"
},
{
"model": "proficy hmi/scada cimplicity",
"scope": "ne",
"trust": 0.3,
"vendor": "ge",
"version": "9.5"
},
{
"model": "proficy historian",
"scope": "ne",
"trust": 0.3,
"vendor": "ge",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cimplicity",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "historian",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ifix",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "8e677a52-d1d3-4559-96bd-040386314b48"
},
{
"db": "CNVD",
"id": "CNVD-2017-00906"
},
{
"db": "BID",
"id": "95630"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007952"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-692"
},
{
"db": "NVD",
"id": "CVE-2016-9360"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ge:cimplicity",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ge:historian",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ge:ifix",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007952"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "95630"
}
],
"trust": 0.3
},
"cve": "CVE-2016-9360",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CVE-2016-9360",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "CNVD-2017-00906",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "8e677a52-d1d3-4559-96bd-040386314b48",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2016-9360",
"impactScore": 5.3,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 6.7,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-9360",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-9360",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-9360",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-00906",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201701-692",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "8e677a52-d1d3-4559-96bd-040386314b48",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "8e677a52-d1d3-4559-96bd-040386314b48"
},
{
"db": "CNVD",
"id": "CNVD-2017-00906"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007952"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-692"
},
{
"db": "NVD",
"id": "CVE-2016-9360"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session. GE Proficy HMI/SCADA-CIMPLICITY is a client/server based HMI/SCADA solution from General Electric (GE). The solution captures and shares real-time and historical data across all levels of the enterprise, enabling visualization of processes, equipment, and resource monitoring operations. Proficy Historian is a factory system that collects, archives and distributes a large amount of real-time data at high speed, which significantly improves operational visibility and profit and loss settlement lines. Local vulnerabilities can exploit this vulnerability to obtain sensitive information. Multiple GE products are prone to a local information-disclosure vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9360"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007952"
},
{
"db": "CNVD",
"id": "CNVD-2017-00906"
},
{
"db": "BID",
"id": "95630"
},
{
"db": "IVD",
"id": "8e677a52-d1d3-4559-96bd-040386314b48"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-9360",
"trust": 3.5
},
{
"db": "BID",
"id": "95630",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-336-05",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1037809",
"trust": 1.6
},
{
"db": "ICS CERT",
"id": "ICSA-16-336-05A",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2017-00906",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201701-692",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007952",
"trust": 0.8
},
{
"db": "IVD",
"id": "8E677A52-D1D3-4559-96BD-040386314B48",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "8e677a52-d1d3-4559-96bd-040386314b48"
},
{
"db": "CNVD",
"id": "CNVD-2017-00906"
},
{
"db": "BID",
"id": "95630"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007952"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-692"
},
{
"db": "NVD",
"id": "CVE-2016-9360"
}
]
},
"id": "VAR-201702-0859",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "8e677a52-d1d3-4559-96bd-040386314b48"
},
{
"db": "CNVD",
"id": "CNVD-2017-00906"
}
],
"trust": 1.4471789899999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "8e677a52-d1d3-4559-96bd-040386314b48"
},
{
"db": "CNVD",
"id": "CNVD-2017-00906"
}
]
},
"last_update_date": "2025-04-20T23:33:01.126000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://digitalsupport.ge.com/communities/CC_Home"
},
{
"title": "Patches for multiple GE product local information disclosure vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/88599"
},
{
"title": "Multiple GE Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67287"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-00906"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007952"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-692"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007952"
},
{
"db": "NVD",
"id": "CVE-2016-9360"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/95630"
},
{
"trust": 1.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-336-05a"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1037809"
},
{
"trust": 1.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-336-05"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9360"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9360"
},
{
"trust": 0.3,
"url": "https://www.ge.com/"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-336-05 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-00906"
},
{
"db": "BID",
"id": "95630"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007952"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-692"
},
{
"db": "NVD",
"id": "CVE-2016-9360"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "8e677a52-d1d3-4559-96bd-040386314b48"
},
{
"db": "CNVD",
"id": "CNVD-2017-00906"
},
{
"db": "BID",
"id": "95630"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007952"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-692"
},
{
"db": "NVD",
"id": "CVE-2016-9360"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-05T00:00:00",
"db": "IVD",
"id": "8e677a52-d1d3-4559-96bd-040386314b48"
},
{
"date": "2017-02-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-00906"
},
{
"date": "2017-01-17T00:00:00",
"db": "BID",
"id": "95630"
},
{
"date": "2017-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007952"
},
{
"date": "2017-01-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-692"
},
{
"date": "2017-02-13T21:59:02.050000",
"db": "NVD",
"id": "CVE-2016-9360"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-00906"
},
{
"date": "2017-01-23T03:11:00",
"db": "BID",
"id": "95630"
},
{
"date": "2017-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007952"
},
{
"date": "2022-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-692"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-9360"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "95630"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-692"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural General Electric Proficy Vulnerability to obtain user password in product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007952"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-692"
}
],
"trust": 0.6
}
}
VAR-201710-1117
Vulnerability from variot - Updated: 2025-04-20 23:15A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution. GE CIMPLICITY Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GE CIMPLICITY is an HMI software. GE CIMPLICITY has a stack buffer overflow vulnerability that allows remote attackers to exploit a vulnerability to submit a special request to crash an application or execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-1117",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "9.0"
},
{
"model": "cimplicity",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "9.0"
},
{
"model": "electric cimplicity",
"scope": "lte",
"trust": 0.6,
"vendor": "general",
"version": "\u003c=9.0"
},
{
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "9.0"
},
{
"model": "cimplicity",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "9.0"
},
{
"model": "cimplicity",
"scope": "ne",
"trust": 0.3,
"vendor": "ge",
"version": "9.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi scada cimplicity",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "0e1531b5-5828-444b-a091-2b4ac221507d"
},
{
"db": "CNVD",
"id": "CNVD-2017-29156"
},
{
"db": "BID",
"id": "101174"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008868"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-365"
},
{
"db": "NVD",
"id": "CVE-2017-12732"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ge:cimplicity",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008868"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Atch of CyberX",
"sources": [
{
"db": "BID",
"id": "101174"
}
],
"trust": 0.3
},
"cve": "CVE-2017-12732",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.4,
"id": "CVE-2017-12732",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-29156",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "0e1531b5-5828-444b-a091-2b4ac221507d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2017-12732",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-12732",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-12732",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-29156",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201710-365",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "0e1531b5-5828-444b-a091-2b4ac221507d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0e1531b5-5828-444b-a091-2b4ac221507d"
},
{
"db": "CNVD",
"id": "CNVD-2017-29156"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008868"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-365"
},
{
"db": "NVD",
"id": "CVE-2017-12732"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution. GE CIMPLICITY Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GE CIMPLICITY is an HMI software. GE CIMPLICITY has a stack buffer overflow vulnerability that allows remote attackers to exploit a vulnerability to submit a special request to crash an application or execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12732"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008868"
},
{
"db": "CNVD",
"id": "CNVD-2017-29156"
},
{
"db": "BID",
"id": "101174"
},
{
"db": "IVD",
"id": "0e1531b5-5828-444b-a091-2b4ac221507d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12732",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-278-01",
"trust": 2.5
},
{
"db": "BID",
"id": "101174",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-29156",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201710-365",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-278-01A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008868",
"trust": 0.8
},
{
"db": "IVD",
"id": "0E1531B5-5828-444B-A091-2B4AC221507D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "0e1531b5-5828-444b-a091-2b4ac221507d"
},
{
"db": "CNVD",
"id": "CNVD-2017-29156"
},
{
"db": "BID",
"id": "101174"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008868"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-365"
},
{
"db": "NVD",
"id": "CVE-2017-12732"
}
]
},
"id": "VAR-201710-1117",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0e1531b5-5828-444b-a091-2b4ac221507d"
},
{
"db": "CNVD",
"id": "CNVD-2017-29156"
}
],
"trust": 1.5777778
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "0e1531b5-5828-444b-a091-2b4ac221507d"
},
{
"db": "CNVD",
"id": "CNVD-2017-29156"
}
]
},
"last_update_date": "2025-04-20T23:15:52.813000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CIMPLICITY",
"trust": 0.8,
"url": "https://www.ge.com/digital/products/cimplicity"
},
{
"title": "Patch for GE CIMPLICITY Stack Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/103267"
},
{
"title": "GE CIMPLICITY Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75479"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-29156"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008868"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-365"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
},
{
"problemtype": "CWE-121",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008868"
},
{
"db": "NVD",
"id": "CVE-2017-12732"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-278-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/101174"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12732"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-278-01a"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12732"
},
{
"trust": 0.3,
"url": "https://www.ge.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-29156"
},
{
"db": "BID",
"id": "101174"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008868"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-365"
},
{
"db": "NVD",
"id": "CVE-2017-12732"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0e1531b5-5828-444b-a091-2b4ac221507d"
},
{
"db": "CNVD",
"id": "CNVD-2017-29156"
},
{
"db": "BID",
"id": "101174"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008868"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-365"
},
{
"db": "NVD",
"id": "CVE-2017-12732"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-09T00:00:00",
"db": "IVD",
"id": "0e1531b5-5828-444b-a091-2b4ac221507d"
},
{
"date": "2017-10-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-29156"
},
{
"date": "2017-10-05T00:00:00",
"db": "BID",
"id": "101174"
},
{
"date": "2017-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008868"
},
{
"date": "2017-10-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-365"
},
{
"date": "2017-10-05T21:29:00.193000",
"db": "NVD",
"id": "CVE-2017-12732"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-29156"
},
{
"date": "2017-10-05T00:00:00",
"db": "BID",
"id": "101174"
},
{
"date": "2017-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008868"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-365"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-12732"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-365"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE CIMPLICITY Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008868"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-365"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "0e1531b5-5828-444b-a091-2b4ac221507d"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-365"
}
],
"trust": 0.8
}
}
VAR-201508-0152
Vulnerability from variot - Updated: 2025-04-13 23:39The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. GE Healthcare Centricity DMS is a cardiology clinical education data management system for the medical industry from General Electric (GE). An attacker could use this vulnerability to control the device. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0152",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "centricity dms",
"scope": "eq",
"trust": 1.9,
"vendor": "gehealthcare",
"version": "4.2"
},
{
"model": "centricity cardiology data management system",
"scope": "eq",
"trust": 0.8,
"vendor": "ge healthcare",
"version": "4.2"
},
{
"model": "centricity dms",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "4.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05138"
},
{
"db": "BID",
"id": "76166"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004008"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-033"
},
{
"db": "NVD",
"id": "CVE-2013-7405"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:gehealthcare:centricity_dms",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004008"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "76166"
}
],
"trust": 0.3
},
"cve": "CVE-2013-7405",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-7405",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05138",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-7405",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-7405",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05138",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-033",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2013-7405",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05138"
},
{
"db": "VULMON",
"id": "CVE-2013-7405"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004008"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-033"
},
{
"db": "NVD",
"id": "CVE-2013-7405"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a password of Never!Mind for the Administrator user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. GE Healthcare Centricity DMS is a cardiology clinical education data management system for the medical industry from General Electric (GE). An attacker could use this vulnerability to control the device. \nAttackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7405"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004008"
},
{
"db": "CNVD",
"id": "CNVD-2015-05138"
},
{
"db": "BID",
"id": "76166"
},
{
"db": "VULMON",
"id": "CVE-2013-7405"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-7405",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004008",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05138",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-033",
"trust": 0.6
},
{
"db": "BID",
"id": "76166",
"trust": 0.4
},
{
"db": "VULMON",
"id": "CVE-2013-7405",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05138"
},
{
"db": "VULMON",
"id": "CVE-2013-7405"
},
{
"db": "BID",
"id": "76166"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004008"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-033"
},
{
"db": "NVD",
"id": "CVE-2013-7405"
}
]
},
"id": "VAR-201508-0152",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05138"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05138"
}
]
},
"last_update_date": "2025-04-13T23:39:37.837000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Centricity* Cardiology Data Management System DMS Admin. - v. 4.2 Master Trainer Guide",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/0908141_DMS%204.2%20MTG.pdf?DOCCLASS=A\u0026REQ=RAC\u0026DIRECTION=0908141\u0026FILENAME=0908141_DMS+4.2+MTG.pdf\u0026FILEREV=D\u0026DOCREV_ORG=D\u0026SUBMIT=+ACCEPT+"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004008"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004008"
},
{
"db": "NVD",
"id": "CVE-2013-7405"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 1.7,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/0908141_dms+4.2+mtg.pdf?req=raa\u0026direction=0908141\u0026filename=0908141_dms%2b4.2%2bmtg.pdf\u0026filerev=d\u0026docrev_org=d"
},
{
"trust": 1.7,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7405"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7405"
},
{
"trust": 0.6,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/0908141_dms+4.2+mtg.pdf?req=raa\u0026amp;direction=0908141\u0026amp;filename=0908141_dms%2b4.2%2bmtg.pdf\u0026amp;filerev=d\u0026amp;docrev_org=d"
},
{
"trust": 0.3,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/0908141_dms%204.2%20mtg.pdf?docclass=a\u0026req=rac\u0026direction=0908141\u0026filename=0908141_dms+4.2+mtg.pdf\u0026filerev=d\u0026docrev_org=d\u0026submit=+accept+"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/76166"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05138"
},
{
"db": "VULMON",
"id": "CVE-2013-7405"
},
{
"db": "BID",
"id": "76166"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004008"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-033"
},
{
"db": "NVD",
"id": "CVE-2013-7405"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05138"
},
{
"db": "VULMON",
"id": "CVE-2013-7405"
},
{
"db": "BID",
"id": "76166"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004008"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-033"
},
{
"db": "NVD",
"id": "CVE-2013-7405"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05138"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2013-7405"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76166"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004008"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-033"
},
{
"date": "2015-08-04T14:59:22.643000",
"db": "NVD",
"id": "CVE-2013-7405"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05138"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2013-7405"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76166"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004008"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-033"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2013-7405"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-033"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Centricity DMS Ad Hoc Reporting Trust Management Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05138"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-033"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-033"
}
],
"trust": 0.6
}
}
VAR-201611-0263
Vulnerability from variot - Updated: 2025-04-13 23:39General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote attackers to obtain privileged access via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) ,and CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. https://cwe.mitre.org/data/definitions/254.html https://cwe.mitre.org/data/definitions/284.htmlA remote attacker could gain privileged access. GE Bently Nevada 3500 / 22M is a vibration monitoring system.
GE Bently Nevada 3500 / 22M has a security bypass vulnerability. Allows an attacker to perform unauthorized operations. This may lead to other attacks. The following products are vulnerable: GE Bently Nevada 3500/22M (USB version) prior to firmware Version 5.0 are vulnerable. USB and Serial are 2 versions of it
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201611-0263",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric bently nevada 3500/22m",
"scope": "eq",
"trust": 1.8,
"vendor": "general",
"version": "0"
},
{
"model": "bently nevada 3500/22m",
"scope": null,
"trust": 1.6,
"vendor": "general electric",
"version": null
},
{
"model": "bently nevada 3500\\/22m serial",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": null
},
{
"model": "bently nevada 3500\\/22m usb",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": null
},
{
"model": "bently nevada 3500/22m",
"scope": "lt",
"trust": 0.8,
"vendor": "general electric",
"version": "5.0"
},
{
"model": "bently nevada 3500/22m",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "electric bently nevada 3500/22m",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "5.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08614"
},
{
"db": "BID",
"id": "93452"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005963"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-027"
},
{
"db": "NVD",
"id": "CVE-2016-5788"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:ge:bently_nevada_3500%2F22m_usb",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:bently_nevada_3500%2F22m_usb_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:bently_nevada_3500%2F22m_serial",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:bently_nevada_3500%2F22m_serial_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005963"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "93452"
}
],
"trust": 0.3
},
"cve": "CVE-2016-5788",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5788",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-08614",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-94607",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5788",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5788",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-5788",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2016-08614",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-027",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-94607",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-5788",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08614"
},
{
"db": "VULHUB",
"id": "VHN-94607"
},
{
"db": "VULMON",
"id": "CVE-2016-5788"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005963"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-027"
},
{
"db": "NVD",
"id": "CVE-2016-5788"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote attackers to obtain privileged access via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) ,and CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. https://cwe.mitre.org/data/definitions/254.html https://cwe.mitre.org/data/definitions/284.htmlA remote attacker could gain privileged access. GE Bently Nevada 3500 / 22M is a vibration monitoring system. \n\nGE Bently Nevada 3500 / 22M has a security bypass vulnerability. Allows an attacker to perform unauthorized operations. This may lead to other attacks. \nThe following products are vulnerable:\nGE Bently Nevada 3500/22M (USB version) prior to firmware Version 5.0 are vulnerable. USB and Serial are 2 versions of it",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5788"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005963"
},
{
"db": "CNVD",
"id": "CNVD-2016-08614"
},
{
"db": "BID",
"id": "93452"
},
{
"db": "VULHUB",
"id": "VHN-94607"
},
{
"db": "VULMON",
"id": "CVE-2016-5788"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5788",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-252-01",
"trust": 2.9
},
{
"db": "BID",
"id": "93452",
"trust": 2.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005963",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-027",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-08614",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-94607",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-5788",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08614"
},
{
"db": "VULHUB",
"id": "VHN-94607"
},
{
"db": "VULMON",
"id": "CVE-2016-5788"
},
{
"db": "BID",
"id": "93452"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005963"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-027"
},
{
"db": "NVD",
"id": "CVE-2016-5788"
}
]
},
"id": "VAR-201611-0263",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94607"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:39:30.579000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bently Nevada \u88fd\u54c1\u30b5\u30dd\u30fc\u30c8",
"trust": 0.8,
"url": "http://site.ge-energy.com/prod_serv/products/oc/ja/tech_prodsupport.htm"
},
{
"title": "Patch for GE Bently Nevada 3500 / 22M Security Bypass Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/82166"
},
{
"title": "GE Bently Nevada 3500/22M Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64467"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08614"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005963"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-027"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.1
},
{
"problemtype": "CWE-285",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94607"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005963"
},
{
"db": "NVD",
"id": "CVE-2016-5788"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-252-01"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/93452"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5788"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5788"
},
{
"trust": 0.3,
"url": "https://www.gemeasurement.com"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/254.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/285.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08614"
},
{
"db": "VULHUB",
"id": "VHN-94607"
},
{
"db": "VULMON",
"id": "CVE-2016-5788"
},
{
"db": "BID",
"id": "93452"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005963"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-027"
},
{
"db": "NVD",
"id": "CVE-2016-5788"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-08614"
},
{
"db": "VULHUB",
"id": "VHN-94607"
},
{
"db": "VULMON",
"id": "CVE-2016-5788"
},
{
"db": "BID",
"id": "93452"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005963"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-027"
},
{
"db": "NVD",
"id": "CVE-2016-5788"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-08614"
},
{
"date": "2016-11-25T00:00:00",
"db": "VULHUB",
"id": "VHN-94607"
},
{
"date": "2016-11-25T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5788"
},
{
"date": "2016-10-06T00:00:00",
"db": "BID",
"id": "93452"
},
{
"date": "2016-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005963"
},
{
"date": "2016-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-027"
},
{
"date": "2016-11-25T03:59:08.720000",
"db": "NVD",
"id": "CVE-2016-5788"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-08614"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-94607"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5788"
},
{
"date": "2016-10-10T00:13:00",
"db": "BID",
"id": "93452"
},
{
"date": "2016-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005963"
},
{
"date": "2016-11-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-027"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-5788"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-027"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "General Electric Bently Nevada 3500/22M of USB Vulnerability gained in privileged access in the serial port version",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005963"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-027"
}
],
"trust": 0.6
}
}
VAR-201502-0245
Vulnerability from variot - Updated: 2025-04-13 23:27Buffer overflow in the Field Device Tool (FDT) Frame application in the HART Device Type Manager (DTM) library, as used in MACTek Bullet DTM 1.00.0, GE Vector DTM 1.00.0, GE SVi1000 Positioner DTM 1.00.0, GE SVI II AP Positioner DTM 2.00.1, and GE 12400 Level Transmitter DTM 1.00.0, allows remote attackers to cause a denial of service (DTM outage) via crafted packets. General Electric Company is a manufacturer of electrical equipment, electrical and electronic equipment. General Electric (GE) and MACTek 'HART DTM' Library have a denial of service vulnerability that an attacker can use to cause an affected system to stop responding and initiate a denial of service attack. An attacker can exploit this issue to cause the affected system to become unresponsive, resulting in a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0245",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vector device type manager",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "1.00.0"
},
{
"model": "bullet device type manager",
"scope": "eq",
"trust": 1.0,
"vendor": "mactek",
"version": "1.00.0"
},
{
"model": "12400 level transmitter device type manager",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": "1.00.0"
},
{
"model": "svi ii ap positioner device type manager",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": "2.00.1"
},
{
"model": "12400 level transmitter dtm",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": "1.00.0"
},
{
"model": "svi ii ap positioner dtm",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": "2.00.1"
},
{
"model": "svi1000 positioner dtm",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": "1.00.0"
},
{
"model": "vector dtm",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": "1.00.0"
},
{
"model": "bullet wirelesshart device type manager",
"scope": "eq",
"trust": 0.8,
"vendor": "mactek",
"version": "(dtm) 1.00.0"
},
{
"model": "electric mactek bullet dtm",
"scope": "eq",
"trust": 0.6,
"vendor": "general",
"version": "1.00.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "12400 level transmitter device type manager",
"version": "1.00.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "svi ii ap positioner device type manager",
"version": "2.00.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vector device type manager",
"version": "1.00.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bullet device type manager",
"version": "1.00.0"
}
],
"sources": [
{
"db": "IVD",
"id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00995"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007859"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-133"
},
{
"db": "NVD",
"id": "CVE-2014-9203"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ge:12400_level_transmitter_device_type_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ge:svi_ii_ap_positioner_device_type_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ge:svi1000_positione_device_type_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ge:vector_device_type_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mactek:bullet_device_type_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007859"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alexander Bolshev",
"sources": [
{
"db": "BID",
"id": "72524"
}
],
"trust": 0.3
},
"cve": "CVE-2014-9203",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-9203",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-00995",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "a3a0ad20-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-9203",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-9203",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-00995",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201502-133",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "a3a0ad20-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00995"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007859"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-133"
},
{
"db": "NVD",
"id": "CVE-2014-9203"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the Field Device Tool (FDT) Frame application in the HART Device Type Manager (DTM) library, as used in MACTek Bullet DTM 1.00.0, GE Vector DTM 1.00.0, GE SVi1000 Positioner DTM 1.00.0, GE SVI II AP Positioner DTM 2.00.1, and GE 12400 Level Transmitter DTM 1.00.0, allows remote attackers to cause a denial of service (DTM outage) via crafted packets. General Electric Company is a manufacturer of electrical equipment, electrical and electronic equipment. General Electric (GE) and MACTek \u0027HART DTM\u0027 Library have a denial of service vulnerability that an attacker can use to cause an affected system to stop responding and initiate a denial of service attack. \nAn attacker can exploit this issue to cause the affected system to become unresponsive, resulting in a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9203"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007859"
},
{
"db": "CNVD",
"id": "CNVD-2015-00995"
},
{
"db": "BID",
"id": "72524"
},
{
"db": "IVD",
"id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9203",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-15-036-01",
"trust": 2.7
},
{
"db": "BID",
"id": "72524",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-00995",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201502-133",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007859",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-15-036-01A",
"trust": 0.3
},
{
"db": "IVD",
"id": "A3A0AD20-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00995"
},
{
"db": "BID",
"id": "72524"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007859"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-133"
},
{
"db": "NVD",
"id": "CVE-2014-9203"
}
]
},
"id": "VAR-201502-0245",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00995"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00995"
}
]
},
"last_update_date": "2025-04-13T23:27:33.904000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GEOG 15-01_Security_Advisory_HART DTM",
"trust": 0.8,
"url": "http://d3qm6x350yyq59.cloudfront.net/sites/geog.dev.local/files/geog_15-01_security_advisory_hart_dtm.pdf"
},
{
"title": "Download Center",
"trust": 0.8,
"url": "http://www.ge-mcs.com/en/download.html"
},
{
"title": "Bullet_DTM_1_00_1.exe",
"trust": 0.8,
"url": "https://mactekcorp.com/downloadFiles/Bullet_DTM_1_00_1.exe"
},
{
"title": "BULLET WirelessHART Adapter",
"trust": 0.8,
"url": "https://mactekcorp.com/product6a.php"
},
{
"title": "General Electric (GE) and MACTek \u0027HART DTM\u0027 Library have patches for denial of service vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/55174"
},
{
"title": "VECTOR_DTM_Installer_V1.00.1",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53668"
},
{
"title": "SVI_II_AP_DTM_Installer_V2.10.1",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53671"
},
{
"title": "SVi1000_DTM_Installer_V1.00.1",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53670"
},
{
"title": "12400_DTM_Installer_V1.00.1",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53669"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00995"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007859"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-133"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007859"
},
{
"db": "NVD",
"id": "CVE-2014-9203"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-036-01"
},
{
"trust": 1.6,
"url": "http://www.geoilandgas.com/securityadvisory"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9203"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9203"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/72524"
},
{
"trust": 0.3,
"url": "http://www.ge.com/"
},
{
"trust": 0.3,
"url": "https://mactekcorp.com/"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-036-01a"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00995"
},
{
"db": "BID",
"id": "72524"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007859"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-133"
},
{
"db": "NVD",
"id": "CVE-2014-9203"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00995"
},
{
"db": "BID",
"id": "72524"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007859"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-133"
},
{
"db": "NVD",
"id": "CVE-2014-9203"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-10T00:00:00",
"db": "IVD",
"id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-02-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00995"
},
{
"date": "2015-02-05T00:00:00",
"db": "BID",
"id": "72524"
},
{
"date": "2015-02-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007859"
},
{
"date": "2015-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-133"
},
{
"date": "2015-02-07T15:59:00.050000",
"db": "NVD",
"id": "CVE-2014-9203"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00995"
},
{
"date": "2015-02-05T00:00:00",
"db": "BID",
"id": "72524"
},
{
"date": "2015-02-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007859"
},
{
"date": "2015-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-133"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-9203"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-133"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MACTek Bullet DTM And multiple GE DTM Used in products HART DTM Buffer overflow vulnerability in library",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007859"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-133"
}
],
"trust": 0.8
}
}
VAR-201509-0298
Vulnerability from variot - Updated: 2025-04-13 23:25GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 have hardcoded credentials for a support account, which allows remote attackers to obtain administrative access, and consequently execute arbitrary code, by leveraging knowledge of the password. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. http://cwe.mitre.org/data/definitions/798.htmlBy using password information, a third party can gain administrative access and, as a result, execute arbitrary code. Authentication is required to exploit this vulnerability but it can bypassed using static credentials. The specific flaw exists within the PulseNET web service. It contains a hidden support account, with static credentials, that gives full access. An attacker could leverage this vulnerability to execute arbitrary code under the context of SYSTEM. GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise are products of General Electric (GE). GE Digital Energy MDS PulseNET is a software application for monitoring industrial communications network equipment. MDS PulseNET Enterprise is one of the enterprise editions. Multiple GE MDS PulseNET products are prone to a directory-traversal vulnerability and a security-bypass vulnerability Attackers can exploit these issue to bypass the authentication mechanism and gain access or to read and delete arbitrary files in the context of the application. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201509-0298",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mds pulsenet",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "3.1.3"
},
{
"model": "mds pulsenet",
"scope": "lt",
"trust": 0.8,
"vendor": "general electric",
"version": "3.1.5"
},
{
"model": "mds pulsenet",
"scope": "lt",
"trust": 0.8,
"vendor": "general electric",
"version": "enterprise 3.1.5"
},
{
"model": "mds pulsenet",
"scope": null,
"trust": 0.7,
"vendor": "ge",
"version": null
},
{
"model": "mds pulsenet",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
},
{
"model": "mds pulsenet",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "3.1.3"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-440"
},
{
"db": "CNVD",
"id": "CNVD-2015-06255"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004924"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-378"
},
{
"db": "NVD",
"id": "CVE-2015-6456"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ge:mds_pulsenet",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004924"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrea Micalizzi (rgod)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-440"
}
],
"trust": 0.7
},
"cve": "CVE-2015-6456",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2015-6456",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 2.5,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2015-06255",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6456",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-6456",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2015-6456",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-06255",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-378",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-440"
},
{
"db": "CNVD",
"id": "CNVD-2015-06255"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004924"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-378"
},
{
"db": "NVD",
"id": "CVE-2015-6456"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 have hardcoded credentials for a support account, which allows remote attackers to obtain administrative access, and consequently execute arbitrary code, by leveraging knowledge of the password. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. http://cwe.mitre.org/data/definitions/798.htmlBy using password information, a third party can gain administrative access and, as a result, execute arbitrary code. Authentication is required to exploit this vulnerability but it can bypassed using static credentials. The specific flaw exists within the PulseNET web service. It contains a hidden support account, with static credentials, that gives full access. An attacker could leverage this vulnerability to execute arbitrary code under the context of SYSTEM. GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise are products of General Electric (GE). GE Digital Energy MDS PulseNET is a software application for monitoring industrial communications network equipment. MDS PulseNET Enterprise is one of the enterprise editions. Multiple GE MDS PulseNET products are prone to a directory-traversal vulnerability and a security-bypass vulnerability\nAttackers can exploit these issue to bypass the authentication mechanism and gain access or to read and delete arbitrary files in the context of the application. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6456"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004924"
},
{
"db": "ZDI",
"id": "ZDI-15-440"
},
{
"db": "CNVD",
"id": "CNVD-2015-06255"
},
{
"db": "BID",
"id": "76756"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6456",
"trust": 4.0
},
{
"db": "ICS CERT",
"id": "ICSA-15-258-03",
"trust": 3.0
},
{
"db": "ZDI",
"id": "ZDI-15-440",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004924",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2922",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-06255",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201509-378",
"trust": 0.6
},
{
"db": "BID",
"id": "76756",
"trust": 0.3
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-440"
},
{
"db": "CNVD",
"id": "CNVD-2015-06255"
},
{
"db": "BID",
"id": "76756"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004924"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-378"
},
{
"db": "NVD",
"id": "CVE-2015-6456"
}
]
},
"id": "VAR-201509-0298",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06255"
}
],
"trust": 1.1714286
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06255"
}
]
},
"last_update_date": "2025-04-13T23:25:12.453000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MDS PulseNet Support Documents",
"trust": 0.8,
"url": "http://www.gedigitalenergy.com/app/resources.aspx?prod=pulsenet\u0026type=9"
},
{
"title": "GE has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-258-03"
},
{
"title": "Patch for GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise Remote Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/64556"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-440"
},
{
"db": "CNVD",
"id": "CNVD-2015-06255"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004924"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004924"
},
{
"db": "NVD",
"id": "CVE-2015-6456"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-258-03"
},
{
"trust": 2.2,
"url": "http://zerodayinitiative.com/advisories/zdi-15-440/"
},
{
"trust": 1.6,
"url": "http://www.gedigitalenergy.com/app/resources.aspx?prod=pulsenet\u0026type=9"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6456"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6456"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-440"
},
{
"db": "CNVD",
"id": "CNVD-2015-06255"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004924"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-378"
},
{
"db": "NVD",
"id": "CVE-2015-6456"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-15-440"
},
{
"db": "CNVD",
"id": "CNVD-2015-06255"
},
{
"db": "BID",
"id": "76756"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004924"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-378"
},
{
"db": "NVD",
"id": "CVE-2015-6456"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-16T00:00:00",
"db": "ZDI",
"id": "ZDI-15-440"
},
{
"date": "2015-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06255"
},
{
"date": "2015-09-15T00:00:00",
"db": "BID",
"id": "76756"
},
{
"date": "2015-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004924"
},
{
"date": "2015-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-378"
},
{
"date": "2015-09-18T22:59:05.483000",
"db": "NVD",
"id": "CVE-2015-6456"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-16T00:00:00",
"db": "ZDI",
"id": "ZDI-15-440"
},
{
"date": "2015-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06255"
},
{
"date": "2015-11-03T19:14:00",
"db": "BID",
"id": "76756"
},
{
"date": "2015-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004924"
},
{
"date": "2015-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-378"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-6456"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-378"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise Vulnerabilities that gain management access",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004924"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "76756"
}
],
"trust": 0.3
}
}
VAR-201509-0299
Vulnerability from variot - Updated: 2025-04-13 23:25Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname. Authentication is not required to exploit this vulnerability.The specific flaw exists within the FileDownloadServlet. By specifying a filename including directory traversal, an attacker can read and then delete an arbitrary file on the system. The read and subsequent deletion will be performed under the context of SYSTEM. GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise are products of General Electric (GE). GE Digital Energy MDS PulseNET is a software application for monitoring industrial communications network equipment. MDS PulseNET Enterprise is one of the enterprise editions. This may aid in further attacks
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "mds pulsenet",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "3.1.3"
},
{
"_id": null,
"model": "mds pulsenet",
"scope": "lt",
"trust": 0.8,
"vendor": "general electric",
"version": "3.1.5"
},
{
"_id": null,
"model": "mds pulsenet",
"scope": "lt",
"trust": 0.8,
"vendor": "general electric",
"version": "enterprise 3.1.5"
},
{
"_id": null,
"model": "mds pulsenet",
"scope": null,
"trust": 0.7,
"vendor": "ge",
"version": null
},
{
"_id": null,
"model": "mds pulsenet",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
},
{
"_id": null,
"model": "mds pulsenet",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "3.1.3"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-439"
},
{
"db": "CNVD",
"id": "CNVD-2015-06254"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004925"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-379"
},
{
"db": "NVD",
"id": "CVE-2015-6459"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ge:mds_pulsenet",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004925"
}
]
},
"credits": {
"_id": null,
"data": "Andrea Micalizzi (rgod)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-439"
}
],
"trust": 0.7
},
"cve": "CVE-2015-6459",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-6459",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-6459",
"impactScore": 9.2,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-06254",
"impactScore": 9.2,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6459",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-6459",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2015-6459",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-06254",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-379",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-439"
},
{
"db": "CNVD",
"id": "CNVD-2015-06254"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004925"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-379"
},
{
"db": "NVD",
"id": "CVE-2015-6459"
}
]
},
"description": {
"_id": null,
"data": "Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname. Authentication is not required to exploit this vulnerability.The specific flaw exists within the FileDownloadServlet. By specifying a filename including directory traversal, an attacker can read and then delete an arbitrary file on the system. The read and subsequent deletion will be performed under the context of SYSTEM. GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise are products of General Electric (GE). GE Digital Energy MDS PulseNET is a software application for monitoring industrial communications network equipment. MDS PulseNET Enterprise is one of the enterprise editions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6459"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004925"
},
{
"db": "ZDI",
"id": "ZDI-15-439"
},
{
"db": "CNVD",
"id": "CNVD-2015-06254"
},
{
"db": "BID",
"id": "76756"
}
],
"trust": 3.06
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2015-6459",
"trust": 4.0
},
{
"db": "ICS CERT",
"id": "ICSA-15-258-03",
"trust": 3.0
},
{
"db": "ZDI",
"id": "ZDI-15-439",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004925",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2906",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-06254",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201509-379",
"trust": 0.6
},
{
"db": "BID",
"id": "76756",
"trust": 0.3
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-439"
},
{
"db": "CNVD",
"id": "CNVD-2015-06254"
},
{
"db": "BID",
"id": "76756"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004925"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-379"
},
{
"db": "NVD",
"id": "CVE-2015-6459"
}
]
},
"id": "VAR-201509-0299",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06254"
}
],
"trust": 1.1714286
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06254"
}
]
},
"last_update_date": "2025-04-13T23:25:12.417000Z",
"patch": {
"_id": null,
"data": [
{
"title": "MDS PulseNet Support Documents",
"trust": 0.8,
"url": "http://www.gedigitalenergy.com/app/resources.aspx?prod=pulsenet\u0026type=9"
},
{
"title": "GE has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-258-03"
},
{
"title": "Patch for GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise Absolute Path Traversal Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/64557"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-439"
},
{
"db": "CNVD",
"id": "CNVD-2015-06254"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004925"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004925"
},
{
"db": "NVD",
"id": "CVE-2015-6459"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-258-03"
},
{
"trust": 2.2,
"url": "http://zerodayinitiative.com/advisories/zdi-15-439/"
},
{
"trust": 1.6,
"url": "http://www.gedigitalenergy.com/app/resources.aspx?prod=pulsenet\u0026type=9"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6459"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6459"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-439"
},
{
"db": "CNVD",
"id": "CNVD-2015-06254"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004925"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-379"
},
{
"db": "NVD",
"id": "CVE-2015-6459"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-15-439",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2015-06254",
"ident": null
},
{
"db": "BID",
"id": "76756",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004925",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201509-379",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2015-6459",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2015-09-16T00:00:00",
"db": "ZDI",
"id": "ZDI-15-439",
"ident": null
},
{
"date": "2015-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06254",
"ident": null
},
{
"date": "2015-09-15T00:00:00",
"db": "BID",
"id": "76756",
"ident": null
},
{
"date": "2015-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004925",
"ident": null
},
{
"date": "2015-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-379",
"ident": null
},
{
"date": "2015-09-18T22:59:07.013000",
"db": "NVD",
"id": "CVE-2015-6459",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2015-09-16T00:00:00",
"db": "ZDI",
"id": "ZDI-15-439",
"ident": null
},
{
"date": "2015-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06254",
"ident": null
},
{
"date": "2015-11-03T19:14:00",
"db": "BID",
"id": "76756",
"ident": null
},
{
"date": "2015-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004925",
"ident": null
},
{
"date": "2015-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-379",
"ident": null
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-6459",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-379"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise Absolute Path Traversal Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06254"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-379"
}
],
"trust": 1.2
},
"type": {
"_id": null,
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-379"
}
],
"trust": 0.6
}
}
VAR-201508-0526
Vulnerability from variot - Updated: 2025-04-13 23:14GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit for the (1) SSL key manager and (2) server keystore; (3) keystore_password for the server truststore; and atna for the (4) primary storage database and (5) archive storage database, which has unspecified impact and attack vectors. An attacker could use this vulnerability to control the device. Remote attackers with knowledge of the default credentials may exploit these vulnerabilities to gain unauthorized access and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0526",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "centricity clinical archive audit trail repository",
"scope": "eq",
"trust": 1.0,
"vendor": "gehealthcare",
"version": "*"
},
{
"model": "centricity clinical archive audit trail repository",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "centricity clinical archive audit trail repository",
"scope": null,
"trust": 0.6,
"vendor": "ge",
"version": null
},
{
"model": "centricity clinical archive audit trail repository",
"scope": null,
"trust": 0.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "electric healthcare centricity clinical archive audit trail repository",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05134"
},
{
"db": "BID",
"id": "76164"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004012"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-037"
},
{
"db": "NVD",
"id": "CVE-2014-9736"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:gehealthcare:centricity_clinical_archive_audit_trail_repository",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004012"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven of Protiviti.",
"sources": [
{
"db": "BID",
"id": "76164"
}
],
"trust": 0.3
},
"cve": "CVE-2014-9736",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-9736",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05134",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-9736",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-9736",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05134",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-037",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05134"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004012"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-037"
},
{
"db": "NVD",
"id": "CVE-2014-9736"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit for the (1) SSL key manager and (2) server keystore; (3) keystore_password for the server truststore; and atna for the (4) primary storage database and (5) archive storage database, which has unspecified impact and attack vectors. An attacker could use this vulnerability to control the device. \nRemote attackers with knowledge of the default credentials may exploit these vulnerabilities to gain unauthorized access and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9736"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004012"
},
{
"db": "CNVD",
"id": "CNVD-2015-05134"
},
{
"db": "BID",
"id": "76164"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9736",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004012",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05134",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-037",
"trust": 0.6
},
{
"db": "BID",
"id": "76164",
"trust": 0.3
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05134"
},
{
"db": "BID",
"id": "76164"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004012"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-037"
},
{
"db": "NVD",
"id": "CVE-2014-9736"
}
]
},
"id": "VAR-201508-0526",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05134"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05134"
}
]
},
"last_update_date": "2025-04-13T23:14:30.581000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Audit Trail Repository Installation and Service Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/DOC1474072_ATR_InstSvcMan.pdf?REQ=RAA\u0026DIRECTION=DOC1474072\u0026FILENAME=DOC1474072_ATR_InstSvcMan.pdf\u0026FILEREV=--\u0026DOCREV_ORG=--"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004012"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004012"
},
{
"db": "NVD",
"id": "CVE-2014-9736"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 1.9,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 1.6,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/doc1474072_atr_instsvcman.pdf?req=raa\u0026direction=doc1474072\u0026filename=doc1474072_atr_instsvcman.pdf\u0026filerev=--\u0026docrev_org=--"
},
{
"trust": 1.2,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/doc1474072_atr_instsvcman.pdf?req=raa\u0026amp;direction=doc1474072\u0026amp;filename=doc1474072_atr_instsvcman.pdf\u0026amp;filerev=--\u0026amp;docrev_org=--"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9736"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9736"
},
{
"trust": 0.3,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/doc1474072_atr_instsvcman.pdf?req=raa\u0026direction=doc1474072\u0026filename=doc1474072_atr_instsvcman.pdf\u0026filerev=--\u0026docrev_org=-- "
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en/global_gateway"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05134"
},
{
"db": "BID",
"id": "76164"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004012"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-037"
},
{
"db": "NVD",
"id": "CVE-2014-9736"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05134"
},
{
"db": "BID",
"id": "76164"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004012"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-037"
},
{
"db": "NVD",
"id": "CVE-2014-9736"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05134"
},
{
"date": "2015-07-10T00:00:00",
"db": "BID",
"id": "76164"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004012"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-037"
},
{
"date": "2015-08-04T14:59:26.720000",
"db": "NVD",
"id": "CVE-2014-9736"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05134"
},
{
"date": "2015-07-10T00:00:00",
"db": "BID",
"id": "76164"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004012"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-037"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-9736"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-037"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Centricity Clinical Archive Audit Trail Repository Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004012"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-037"
}
],
"trust": 0.6
}
}
VAR-201508-0151
Vulnerability from variot - Updated: 2025-04-13 23:04GE Healthcare Discovery NM 750b has a password of 2getin for the insite account for (1) Telnet and (2) FTP, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. The GE Healthcare Discovery NM 750b is a high-end molecular mammography device for the medical industry at General Electric (GE). An attacker could exploit this vulnerability to control the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0151",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "discovery nm 750b",
"scope": "eq",
"trust": 1.0,
"vendor": "gehealthcare",
"version": "*"
},
{
"model": "discovery nm 750b",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "discovery nm 750b",
"scope": null,
"trust": 0.6,
"vendor": "ge",
"version": null
},
{
"model": "discovery nm 750b",
"scope": null,
"trust": 0.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "discovery nm 750b",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05139"
},
{
"db": "BID",
"id": "76168"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004007"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-032"
},
{
"db": "NVD",
"id": "CVE-2013-7404"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:gehealthcare:discovery_nm_750b",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004007"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "76168"
}
],
"trust": 0.3
},
"cve": "CVE-2013-7404",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-7404",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05139",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-7404",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-7404",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05139",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-032",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2013-7404",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05139"
},
{
"db": "VULMON",
"id": "CVE-2013-7404"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004007"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-032"
},
{
"db": "NVD",
"id": "CVE-2013-7404"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Discovery NM 750b has a password of 2getin for the insite account for (1) Telnet and (2) FTP, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. The GE Healthcare Discovery NM 750b is a high-end molecular mammography device for the medical industry at General Electric (GE). An attacker could exploit this vulnerability to control the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7404"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004007"
},
{
"db": "CNVD",
"id": "CNVD-2015-05139"
},
{
"db": "BID",
"id": "76168"
},
{
"db": "VULMON",
"id": "CVE-2013-7404"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-7404",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004007",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05139",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-032",
"trust": 0.6
},
{
"db": "BID",
"id": "76168",
"trust": 0.4
},
{
"db": "VULMON",
"id": "CVE-2013-7404",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05139"
},
{
"db": "VULMON",
"id": "CVE-2013-7404"
},
{
"db": "BID",
"id": "76168"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004007"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-032"
},
{
"db": "NVD",
"id": "CVE-2013-7404"
}
]
},
"id": "VAR-201508-0151",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05139"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05139"
}
]
},
"last_update_date": "2025-04-13T23:04:05.996000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Discovery NM 750b Nuclear Medicine Imaging Systems Installation Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/5411136-1EN_r3.pdf?DOCCLASS=A\u0026REQ=RAC\u0026DIRECTION=5411136-1EN\u0026FILENAME=5411136-1EN_r3.pdf\u0026FILEREV=3\u0026DOCREV_ORG=3\u0026SUBMIT=+ACCEPT+"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004007"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004007"
},
{
"db": "NVD",
"id": "CVE-2013-7404"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 2.3,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 2.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 1.7,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/5411136-1en_r3.pdf?req=raa\u0026direction=5411136-1en\u0026filename=5411136-1en_r3.pdf\u0026filerev=3\u0026docrev_org=3"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7404"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7404"
},
{
"trust": 0.3,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/0908141_dms%204.2%20mtg.pdf?docclass=a\u0026req=rac\u0026direction=0908141\u0026filename=0908141_dms+4.2+mtg.pdf\u0026filerev=d\u0026docrev_org=d\u0026submit=+accept+"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/76168"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05139"
},
{
"db": "VULMON",
"id": "CVE-2013-7404"
},
{
"db": "BID",
"id": "76168"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004007"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-032"
},
{
"db": "NVD",
"id": "CVE-2013-7404"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05139"
},
{
"db": "VULMON",
"id": "CVE-2013-7404"
},
{
"db": "BID",
"id": "76168"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004007"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-032"
},
{
"db": "NVD",
"id": "CVE-2013-7404"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05139"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2013-7404"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76168"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004007"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-032"
},
{
"date": "2015-08-04T14:59:21.673000",
"db": "NVD",
"id": "CVE-2013-7404"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05139"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULMON",
"id": "CVE-2013-7404"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76168"
},
{
"date": "2018-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004007"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-032"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2013-7404"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-032"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Discovery NM 750b Trust Management Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05139"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-032"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-032"
}
],
"trust": 0.6
}
}
VAR-201508-0275
Vulnerability from variot - Updated: 2025-04-13 23:04GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of (1) CANal1 for the Administrator user and (2) iis for the IIS user, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it. (1) For admin users CANal1 password (2) IIS For users iis password It is unknown whether this password is default, hard-coded, or dependent on other systems or products that require a fixed value.It may be subject to unspecified effects and attacks. An attacker could use this vulnerability to control the device. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0275",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "centricity pacs workstation",
"scope": "eq",
"trust": 2.2,
"vendor": "gehealthcare",
"version": "4.0.1"
},
{
"model": "centricity pacs workstation",
"scope": "eq",
"trust": 2.2,
"vendor": "gehealthcare",
"version": "4.0"
},
{
"model": "centricity pacs",
"scope": "eq",
"trust": 0.8,
"vendor": "ge healthcare",
"version": "4.0"
},
{
"model": "centricity pacs",
"scope": "eq",
"trust": 0.8,
"vendor": "ge healthcare",
"version": "4.0.1"
},
{
"model": "centricity pacs workstation",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "4.0"
},
{
"model": "centricity pacs workstation",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "4.0.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05137"
},
{
"db": "BID",
"id": "76178"
},
{
"db": "BID",
"id": "76169"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004009"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-034"
},
{
"db": "NVD",
"id": "CVE-2013-7442"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:gehealthcare:centricity_pacs_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004009"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven",
"sources": [
{
"db": "BID",
"id": "76178"
},
{
"db": "BID",
"id": "76169"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-034"
}
],
"trust": 1.2
},
"cve": "CVE-2013-7442",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-7442",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05137",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-7442",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-7442",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05137",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-034",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2013-7442",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05137"
},
{
"db": "VULMON",
"id": "CVE-2013-7442"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004009"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-034"
},
{
"db": "NVD",
"id": "CVE-2013-7442"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of (1) CANal1 for the Administrator user and (2) iis for the IIS user, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it. (1) For admin users CANal1 password (2) IIS For users iis password It is unknown whether this password is default, hard-coded, or dependent on other systems or products that require a fixed value.It may be subject to unspecified effects and attacks. An attacker could use this vulnerability to control the device. \nAttackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7442"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004009"
},
{
"db": "CNVD",
"id": "CNVD-2015-05137"
},
{
"db": "BID",
"id": "76178"
},
{
"db": "BID",
"id": "76169"
},
{
"db": "VULMON",
"id": "CVE-2013-7442"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-7442",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 1.9
},
{
"db": "BID",
"id": "76169",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004009",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05137",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-034",
"trust": 0.6
},
{
"db": "BID",
"id": "76178",
"trust": 0.3
},
{
"db": "VULMON",
"id": "CVE-2013-7442",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05137"
},
{
"db": "VULMON",
"id": "CVE-2013-7442"
},
{
"db": "BID",
"id": "76178"
},
{
"db": "BID",
"id": "76169"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004009"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-034"
},
{
"db": "NVD",
"id": "CVE-2013-7442"
}
]
},
"id": "VAR-201508-0275",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05137"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05137"
}
]
},
"last_update_date": "2025-04-13T23:04:05.950000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Centricity PACS Workstation Installation and Service Manual (PACS 4.0 Release)",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA\u0026DIRECTION=2063534-001\u0026FILENAME=C40_WS_INST_SV_2063534-001r2.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
},
{
"title": "Centricity PACS Workstation Installation and Service Manual (PACS 4.0.1 Release)",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA\u0026DIRECTION=2069560-001\u0026FILENAME=C401_WS_INST_SV_2069560001r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004009"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004009"
},
{
"db": "NVD",
"id": "CVE-2013-7442"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 2.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 1.4,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/c401_ws_inst_sv_2069560001r1.pdf?req=raa\u0026direction=2069560-001\u0026filename=c401_ws_inst_sv_2069560001r1.pdf\u0026filerev=1\u0026docrev_org=1"
},
{
"trust": 1.2,
"url": "http://www3.gehealthcare.com/en"
},
{
"trust": 1.1,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 1.1,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/c40_ws_inst_sv_2063534-001r2.pdf?req=raa\u0026direction=2063534-001\u0026filename=c40_ws_inst_sv_2063534-001r2.pdf\u0026filerev=1\u0026docrev_org=1"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7442"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7442"
},
{
"trust": 0.7,
"url": "https://www.securityfocus.com/bid/76169"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05137"
},
{
"db": "VULMON",
"id": "CVE-2013-7442"
},
{
"db": "BID",
"id": "76178"
},
{
"db": "BID",
"id": "76169"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004009"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-034"
},
{
"db": "NVD",
"id": "CVE-2013-7442"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05137"
},
{
"db": "VULMON",
"id": "CVE-2013-7442"
},
{
"db": "BID",
"id": "76178"
},
{
"db": "BID",
"id": "76169"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004009"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-034"
},
{
"db": "NVD",
"id": "CVE-2013-7442"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05137"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2013-7442"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76178"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76169"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004009"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-034"
},
{
"date": "2015-08-04T14:59:23.657000",
"db": "NVD",
"id": "CVE-2013-7442"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05137"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULMON",
"id": "CVE-2013-7442"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76178"
},
{
"date": "2019-04-12T17:00:00",
"db": "BID",
"id": "76169"
},
{
"date": "2018-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004009"
},
{
"date": "2019-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-034"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2013-7442"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "76178"
},
{
"db": "BID",
"id": "76169"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Centricity PACS Workstation Trust Management Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05137"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-034"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "76178"
},
{
"db": "BID",
"id": "76169"
}
],
"trust": 0.6
}
}
VAR-201508-0020
Vulnerability from variot - Updated: 2025-04-13 23:04GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. The vulnerability stems from the ddpadmin user using 'ddpadmin' as the password. An attacker could use this vulnerability to control the device. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0020",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "centricity pacs workstation",
"scope": "eq",
"trust": 1.9,
"vendor": "gehealthcare",
"version": "4.0.1"
},
{
"model": "centricity pacs workstation",
"scope": "eq",
"trust": 1.9,
"vendor": "gehealthcare",
"version": "4.0"
},
{
"model": "centricity pacs",
"scope": "eq",
"trust": 0.8,
"vendor": "ge healthcare",
"version": "4.0"
},
{
"model": "centricity pacs",
"scope": "eq",
"trust": 0.8,
"vendor": "ge healthcare",
"version": "4.0.1"
},
{
"model": "centricity pacs workstation",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "4.0"
},
{
"model": "centricity pacs workstation",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "4.0.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05140"
},
{
"db": "BID",
"id": "76172"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004006"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-031"
},
{
"db": "NVD",
"id": "CVE-2012-6695"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:gehealthcare:centricity_pacs_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004006"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven",
"sources": [
{
"db": "BID",
"id": "76172"
}
],
"trust": 0.3
},
"cve": "CVE-2012-6695",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2012-6695",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05140",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-6695",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-6695",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05140",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-031",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05140"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004006"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-031"
},
{
"db": "NVD",
"id": "CVE-2012-6695"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. The vulnerability stems from the ddpadmin user using \u0027ddpadmin\u0027 as the password. An attacker could use this vulnerability to control the device. \nAttackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-6695"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004006"
},
{
"db": "CNVD",
"id": "CNVD-2015-05140"
},
{
"db": "BID",
"id": "76172"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-6695",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004006",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05140",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-031",
"trust": 0.6
},
{
"db": "BID",
"id": "76172",
"trust": 0.3
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05140"
},
{
"db": "BID",
"id": "76172"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004006"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-031"
},
{
"db": "NVD",
"id": "CVE-2012-6695"
}
]
},
"id": "VAR-201508-0020",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05140"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05140"
}
]
},
"last_update_date": "2025-04-13T23:04:05.845000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Centricity PACS Workstation Installation and Service Manual (PACS 4.0 Release)",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA\u0026DIRECTION=2063534-001\u0026FILENAME=C40_WS_INST_SV_2063534-001r2.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
},
{
"title": "Centricity PACS Workstation Installation and Service Manual (PACS 4.0.1 Release)",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA\u0026DIRECTION=2069560-001\u0026FILENAME=C401_WS_INST_SV_2069560001r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004006"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004006"
},
{
"db": "NVD",
"id": "CVE-2012-6695"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 2.2,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 1.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 1.6,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/c40_ws_inst_sv_2063534-001r2.pdf?req=raa\u0026direction=2063534-001\u0026filename=c40_ws_inst_sv_2063534-001r2.pdf\u0026filerev=1\u0026docrev_org=1"
},
{
"trust": 1.6,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/c401_ws_inst_sv_2069560001r1.pdf?req=raa\u0026direction=2069560-001\u0026filename=c401_ws_inst_sv_2069560001r1.pdf\u0026filerev=1\u0026docrev_org=1"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6695"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6695"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05140"
},
{
"db": "BID",
"id": "76172"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004006"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-031"
},
{
"db": "NVD",
"id": "CVE-2012-6695"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05140"
},
{
"db": "BID",
"id": "76172"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004006"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-031"
},
{
"db": "NVD",
"id": "CVE-2012-6695"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05140"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76172"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004006"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-031"
},
{
"date": "2015-08-04T14:59:20.597000",
"db": "NVD",
"id": "CVE-2012-6695"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05140"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76172"
},
{
"date": "2018-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004006"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-031"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2012-6695"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-031"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Centricity PACS Vulnerability in workstation",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004006"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-031"
}
],
"trust": 0.6
}
}
VAR-201508-0597
Vulnerability from variot - Updated: 2025-04-13 23:04GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for "Setup and Activation" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability. GE Healthcare Precision THUNIS-800+ (PT800+) is an integrated digital remote control multi-function X-ray machine (X-ray generating equipment) for the medical industry. There is a security vulnerability in GE Healthcare PT800+. An attacker could exploit this vulnerability to control the device. Remote attackers with knowledge of the default credentials may exploit these vulnerabilities to gain unauthorized access and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0597",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "precision thunis-800\\+",
"scope": "eq",
"trust": 1.0,
"vendor": "gehealthcare",
"version": "*"
},
{
"model": "precision thunis-800+",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "precision thunis-800+",
"scope": null,
"trust": 0.6,
"vendor": "ge",
"version": null
},
{
"model": "precision thunis-800\\+",
"scope": null,
"trust": 0.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "electric healthcare precision thunis-800+",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05135"
},
{
"db": "BID",
"id": "76170"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004011"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-036"
},
{
"db": "NVD",
"id": "CVE-2014-7233"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:gehealthcare:precision_thunis-800%2B",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004011"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven of Protiviti.",
"sources": [
{
"db": "BID",
"id": "76170"
}
],
"trust": 0.3
},
"cve": "CVE-2014-7233",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-7233",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05135",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-7233",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-7233",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05135",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-036",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05135"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004011"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-036"
},
{
"db": "NVD",
"id": "CVE-2014-7233"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 for the factory default System Utilities menu, (2) TH8740 for installation using TH8740_122_Setup.exe, (3) hrml for \"Setup and Activation\" using DSASetup, and (4) an empty string for Shutter Configuration, which has unspecified impact and attack vectors. NOTE: since these passwords appear to be used to access functionality during installation, this issue might not cross privilege boundaries and might not be a vulnerability. GE Healthcare Precision THUNIS-800+ (PT800+) is an integrated digital remote control multi-function X-ray machine (X-ray generating equipment) for the medical industry. There is a security vulnerability in GE Healthcare PT800+. An attacker could exploit this vulnerability to control the device. \nRemote attackers with knowledge of the default credentials may exploit these vulnerabilities to gain unauthorized access and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-7233"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004011"
},
{
"db": "CNVD",
"id": "CNVD-2015-05135"
},
{
"db": "BID",
"id": "76170"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-7233",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004011",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05135",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-036",
"trust": 0.6
},
{
"db": "BID",
"id": "76170",
"trust": 0.3
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05135"
},
{
"db": "BID",
"id": "76170"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004011"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-036"
},
{
"db": "NVD",
"id": "CVE-2014-7233"
}
]
},
"id": "VAR-201508-0597",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05135"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05135"
}
]
},
"last_update_date": "2025-04-13T23:04:05.541000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GE Healthcare Precision THUNIS-800+ R\u0026F System Service Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/5458232-1EN+r4.pdf?REQ=RAA\u0026DIRECTION=5458232-1EN\u0026FILENAME=5458232-1EN%2Br4.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004011"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004011"
},
{
"db": "NVD",
"id": "CVE-2014-7233"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 1.9,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 1.9,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/5458232-1en+r4.pdf?req=raa\u0026direction=5458232-1en\u0026filename=5458232-1en%2br4.pdf\u0026filerev=4\u0026docrev_org=4"
},
{
"trust": 1.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7233"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7233"
},
{
"trust": 0.6,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/5458232-1en+r4.pdf?req=raa\u0026amp;direction=5458232-1en\u0026amp;filename=5458232-1en%2br4.pdf\u0026amp;filerev=4\u0026amp;docrev_org=4"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en/global_gateway"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05135"
},
{
"db": "BID",
"id": "76170"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004011"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-036"
},
{
"db": "NVD",
"id": "CVE-2014-7233"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05135"
},
{
"db": "BID",
"id": "76170"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004011"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-036"
},
{
"db": "NVD",
"id": "CVE-2014-7233"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05135"
},
{
"date": "2015-08-05T00:00:00",
"db": "BID",
"id": "76170"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004011"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-036"
},
{
"date": "2015-08-04T14:59:25.720000",
"db": "NVD",
"id": "CVE-2014-7233"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05135"
},
{
"date": "2015-08-05T00:00:00",
"db": "BID",
"id": "76170"
},
{
"date": "2018-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004011"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-036"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-7233"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-036"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Precision THUNIS-800+ Trust Management Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05135"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-036"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-036"
}
],
"trust": 0.6
}
}
VAR-201508-0019
Vulnerability from variot - Updated: 2025-04-13 23:04GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server 4.0, has a password of 2charGE for the geservice account, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it. GE Healthcare Centricity PACS is an image archiving and transmission system (PACS) for the medical industry of General Electric (GE). Workstation is a PACS workstation; Server is a PACS server. The vulnerability stems from the use of ‘2charGE’ as the password for the geservice account. An attacker could use this vulnerability to control the device. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0019",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "centricity pacs workstation",
"scope": "eq",
"trust": 1.9,
"vendor": "gehealthcare",
"version": "4.0.1"
},
{
"model": "centricity pacs workstation",
"scope": "eq",
"trust": 1.9,
"vendor": "gehealthcare",
"version": "4.0"
},
{
"model": "centricity pacs server",
"scope": "eq",
"trust": 1.9,
"vendor": "gehealthcare",
"version": "4.0"
},
{
"model": "centricity pacs",
"scope": "eq",
"trust": 0.8,
"vendor": "ge healthcare",
"version": "4.0"
},
{
"model": "centricity pacs",
"scope": "eq",
"trust": 0.8,
"vendor": "ge healthcare",
"version": "4.0.1"
},
{
"model": "centricity pacs workstation",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "4.0"
},
{
"model": "centricity pacs workstation",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "4.0.1"
},
{
"model": "centricity pacs server",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "4.0"
},
{
"model": "healthcare centricity pacs workstation/server",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05141"
},
{
"db": "BID",
"id": "76175"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004005"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-030"
},
{
"db": "NVD",
"id": "CVE-2012-6694"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:gehealthcare:centricity_pacs_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004005"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "76175"
}
],
"trust": 0.3
},
"cve": "CVE-2012-6694",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2012-6694",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05141",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-6694",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-6694",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05141",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-030",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05141"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004005"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-030"
},
{
"db": "NVD",
"id": "CVE-2012-6694"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server 4.0, has a password of 2charGE for the geservice account, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires it. GE Healthcare Centricity PACS is an image archiving and transmission system (PACS) for the medical industry of General Electric (GE). Workstation is a PACS workstation; Server is a PACS server. The vulnerability stems from the use of \u20182charGE\u2019 as the password for the geservice account. An attacker could use this vulnerability to control the device. \nAttackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-6694"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004005"
},
{
"db": "CNVD",
"id": "CNVD-2015-05141"
},
{
"db": "BID",
"id": "76175"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-6694",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004005",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05141",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-030",
"trust": 0.6
},
{
"db": "BID",
"id": "76175",
"trust": 0.3
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05141"
},
{
"db": "BID",
"id": "76175"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004005"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-030"
},
{
"db": "NVD",
"id": "CVE-2012-6694"
}
]
},
"id": "VAR-201508-0019",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05141"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05141"
}
]
},
"last_update_date": "2025-04-13T23:04:05.402000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Centricity PACS Workstation Installation and Service Manual (PACS 4.0 Release)",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA\u0026DIRECTION=2063534-001\u0026FILENAME=C40_WS_INST_SV_2063534-001r2.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
},
{
"title": "Centricity PACS Workstation Installation and Service Manual (PACS 4.0.1 Release)",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA\u0026DIRECTION=2069560-001\u0026FILENAME=C401_WS_INST_SV_2069560001r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004005"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004005"
},
{
"db": "NVD",
"id": "CVE-2012-6694"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 2.2,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 1.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 1.6,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/c401_ws_inst_sv_2069560001r1.pdf?req=raa\u0026direction=2069560-001\u0026filename=c401_ws_inst_sv_2069560001r1.pdf\u0026filerev=1\u0026docrev_org=1"
},
{
"trust": 1.6,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/c40_ws_inst_sv_2063534-001r2.pdf?req=raa\u0026direction=2063534-001\u0026filename=c40_ws_inst_sv_2063534-001r2.pdf\u0026filerev=1\u0026docrev_org=1"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6694"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6694"
},
{
"trust": 0.3,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/c40_ws_inst_sv_2063534-001r2.pdf?docclass=a\u0026req=rac\u0026direction=2063534-001\u0026filename=c40_ws_inst_sv_2063534-001r2.pdf\u0026filerev=1\u0026docrev_org=1\u0026submit=+ac"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05141"
},
{
"db": "BID",
"id": "76175"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004005"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-030"
},
{
"db": "NVD",
"id": "CVE-2012-6694"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05141"
},
{
"db": "BID",
"id": "76175"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004005"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-030"
},
{
"db": "NVD",
"id": "CVE-2012-6694"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05141"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76175"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004005"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-030"
},
{
"date": "2015-08-04T14:59:19.613000",
"db": "NVD",
"id": "CVE-2012-6694"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05141"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76175"
},
{
"date": "2018-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004005"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-030"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2012-6694"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-030"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Centricity PACS Workstation and Server Trust Management Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05141"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-030"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-030"
}
],
"trust": 0.6
}
}
VAR-201508-0596
Vulnerability from variot - Updated: 2025-04-13 23:04GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) 2getin for the insite user, (2) 4$xray for the xruser user, and (3) #superxr for the root user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value. (1) insite For users 2getin password (2) xruser For users 4$xray password (3) root For users #superxr password It is unknown whether this password is default, hard-coded, or dependent on other systems or products that require a fixed value.It may be subject to unspecified effects and attacks. An attacker could exploit this vulnerability to control the device. Multiple GE Healthcare products are prone to a security-bypass vulnerability. Successful exploits will result in the complete compromise of the affected device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0596",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "discovery xr656 g2",
"scope": "eq",
"trust": 1.0,
"vendor": "gehealthcare",
"version": "*"
},
{
"model": "discovery xr656",
"scope": "eq",
"trust": 1.0,
"vendor": "gehealthcare",
"version": "*"
},
{
"model": "discovery xr656",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "discovery xr656 g2",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "discovery xr656",
"scope": null,
"trust": 0.6,
"vendor": "ge",
"version": null
},
{
"model": "discovery xr656 g2",
"scope": null,
"trust": 0.6,
"vendor": "ge",
"version": null
},
{
"model": "discovery xr656",
"scope": null,
"trust": 0.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "discovery xr656 g2",
"scope": null,
"trust": 0.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "discovery xr656 g2",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
},
{
"model": "discovery xr656",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05136"
},
{
"db": "BID",
"id": "76167"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004010"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-035"
},
{
"db": "NVD",
"id": "CVE-2014-7232"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:gehealthcare:discovery_xr656",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:gehealthcare:discovery_xr656_g2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004010"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven",
"sources": [
{
"db": "BID",
"id": "76167"
}
],
"trust": 0.3
},
"cve": "CVE-2014-7232",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-7232",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05136",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-7232",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-7232",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05136",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-035",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2014-7232",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05136"
},
{
"db": "VULMON",
"id": "CVE-2014-7232"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004010"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-035"
},
{
"db": "NVD",
"id": "CVE-2014-7232"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) 2getin for the insite user, (2) 4$xray for the xruser user, and (3) #superxr for the root user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value. (1) insite For users 2getin password (2) xruser For users 4$xray password (3) root For users #superxr password It is unknown whether this password is default, hard-coded, or dependent on other systems or products that require a fixed value.It may be subject to unspecified effects and attacks. An attacker could exploit this vulnerability to control the device. Multiple GE Healthcare products are prone to a security-bypass vulnerability. Successful exploits will result in the complete compromise of the affected device",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-7232"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004010"
},
{
"db": "CNVD",
"id": "CNVD-2015-05136"
},
{
"db": "BID",
"id": "76167"
},
{
"db": "VULMON",
"id": "CVE-2014-7232"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-7232",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004010",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05136",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-035",
"trust": 0.6
},
{
"db": "BID",
"id": "76167",
"trust": 0.4
},
{
"db": "VULMON",
"id": "CVE-2014-7232",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05136"
},
{
"db": "VULMON",
"id": "CVE-2014-7232"
},
{
"db": "BID",
"id": "76167"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004010"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-035"
},
{
"db": "NVD",
"id": "CVE-2014-7232"
}
]
},
"id": "VAR-201508-0596",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05136"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05136"
}
]
},
"last_update_date": "2025-04-13T23:04:05.368000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Discovery XR656 Installation Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/IM-5343950-1EN.pdf?DOCCLASS=A\u0026REQ=RAC\u0026DIRECTION=5343950-1EN\u0026FILENAME=IM-5343950-1EN.pdf\u0026FILEREV=7\u0026DOCREV_ORG=7\u0026SUBMIT=+ACCEPT+"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004010"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004010"
},
{
"db": "NVD",
"id": "CVE-2014-7232"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 2.3,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 2.0,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/im-5343950-1en.pdf?docclass=a\u0026req=rac\u0026direction=5343950-1en\u0026filename=im-5343950-1en.pdf\u0026filerev=7\u0026docrev_org=7\u0026submit=+accept+"
},
{
"trust": 2.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 1.7,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/5643835-1en_r1.pdf?req=raa\u0026direction=5643835-1en\u0026filename=5643835-1en_r1.pdf\u0026filerev=1\u0026docrev_org=1"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7232"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7232"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en/global_gateway"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/76167"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05136"
},
{
"db": "VULMON",
"id": "CVE-2014-7232"
},
{
"db": "BID",
"id": "76167"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004010"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-035"
},
{
"db": "NVD",
"id": "CVE-2014-7232"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05136"
},
{
"db": "VULMON",
"id": "CVE-2014-7232"
},
{
"db": "BID",
"id": "76167"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004010"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-035"
},
{
"db": "NVD",
"id": "CVE-2014-7232"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05136"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2014-7232"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76167"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004010"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-035"
},
{
"date": "2015-08-04T14:59:24.753000",
"db": "NVD",
"id": "CVE-2014-7232"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05136"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULMON",
"id": "CVE-2014-7232"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76167"
},
{
"date": "2018-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004010"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-035"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-7232"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-035"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Discovery XR656 and XR656 G2 Trust Management Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05136"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-035"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-035"
}
],
"trust": 0.6
}
}
VAR-201602-0020
Vulnerability from variot - Updated: 2025-04-13 23:03General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors. The GE SNMP / Web Interface adapter is a Web server used by General Electric Company to display the current information of the uninterruptible power supply. SNMP/Web Interface is prone to a command-injection vulnerability and an information-disclosure vulnerability. Exploiting these issues could allow an attacker to gain access to potentially sensitive information and execute arbitrary commands in the context of the affected device. Versions prior to SNMP/Web Interface 4.8 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0020",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "snmp\\/web adapter",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "4.7"
},
{
"model": "ups snmp/web interface adapter 1024746",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "ups snmp/web interface adapter 1024747",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "ups snmp/web interface adapter 1024748",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "ups snmp/web interface adapter 1024921",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "ups snmp/web interface adapter",
"scope": "lt",
"trust": 0.8,
"vendor": "general electric",
"version": "4.8"
},
{
"model": "electric industrial solutions ups snmp/web adapter",
"scope": "lt",
"trust": 0.6,
"vendor": "general",
"version": "4.8"
},
{
"model": "snmp web adapter",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "4.7"
},
{
"model": "snmp\\/web adapter",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "4.7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00993"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001557"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-128"
},
{
"db": "NVD",
"id": "CVE-2016-0862"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:ge:snmp%2Fweb_plug-in_adapter_1024746",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:snmp%2Fweb_plug-in_adapter_1024747",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:snmp%2Fweb_plug-in_adapter_1024748",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:snmp%2Fweb_plug-in_adapter_1024921",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:ups_snmp_web_adapter_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001557"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen",
"sources": [
{
"db": "BID",
"id": "82407"
}
],
"trust": 0.3
},
"cve": "CVE-2016-0862",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2016-0862",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-00993",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-88372",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-0862",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-0862",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-0862",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-00993",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-128",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-88372",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00993"
},
{
"db": "VULHUB",
"id": "VHN-88372"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001557"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-128"
},
{
"db": "NVD",
"id": "CVE-2016-0862"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors. The GE SNMP / Web Interface adapter is a Web server used by General Electric Company to display the current information of the uninterruptible power supply. SNMP/Web Interface is prone to a command-injection vulnerability and an information-disclosure vulnerability. \nExploiting these issues could allow an attacker to gain access to potentially sensitive information and execute arbitrary commands in the context of the affected device. \nVersions prior to SNMP/Web Interface 4.8 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0862"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001557"
},
{
"db": "CNVD",
"id": "CNVD-2016-00993"
},
{
"db": "BID",
"id": "82407"
},
{
"db": "VULHUB",
"id": "VHN-88372"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-88372",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88372"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-0862",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-16-033-02",
"trust": 3.4
},
{
"db": "EXPLOIT-DB",
"id": "39408",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "135586",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001557",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201602-128",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-00993",
"trust": 0.6
},
{
"db": "BID",
"id": "82407",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-88372",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00993"
},
{
"db": "VULHUB",
"id": "VHN-88372"
},
{
"db": "BID",
"id": "82407"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001557"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-128"
},
{
"db": "NVD",
"id": "CVE-2016-0862"
}
]
},
"id": "VAR-201602-0020",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00993"
},
{
"db": "VULHUB",
"id": "VHN-88372"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00993"
}
]
},
"last_update_date": "2025-04-13T23:03:16.787000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GEIS16-01",
"trust": 0.8,
"url": "http://apps.geindustrial.com/publibrary/checkout/Application%20and%20Technical%7CGEIS_SNMP%7CPDF\u0026filename=GEIS_SNMP.pdf"
},
{
"title": "Patch for GE SNMP / Web Interface adapter Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/71373"
},
{
"title": "General Electric SNMP/Web Interface adapter Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60080"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00993"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001557"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-128"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88372"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001557"
},
{
"db": "NVD",
"id": "CVE-2016-0862"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-033-02"
},
{
"trust": 1.6,
"url": "http://apps.geindustrial.com/publibrary/checkout/application%20and%20technical%7cgeis_snmp%7cpdf\u0026filename=geis_snmp.pdf"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/39408/"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2016/feb/21"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/135586/ge-industrial-solutions-ups-snmp-adapter-command-injection.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0862"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0862"
},
{
"trust": 0.3,
"url": "http://www.ge.com/"
},
{
"trust": 0.3,
"url": "http://www.gegridsolutions.com/products/manuals/powerquality/snmp_box_new.pdf"
},
{
"trust": 0.1,
"url": "http://apps.geindustrial.com/publibrary/checkout/application%20and%20technical%7cgeis_snmp%7cpdf\u0026amp;filename=geis_snmp.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00993"
},
{
"db": "VULHUB",
"id": "VHN-88372"
},
{
"db": "BID",
"id": "82407"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001557"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-128"
},
{
"db": "NVD",
"id": "CVE-2016-0862"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-00993"
},
{
"db": "VULHUB",
"id": "VHN-88372"
},
{
"db": "BID",
"id": "82407"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001557"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-128"
},
{
"db": "NVD",
"id": "CVE-2016-0862"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00993"
},
{
"date": "2016-02-05T00:00:00",
"db": "VULHUB",
"id": "VHN-88372"
},
{
"date": "2016-02-02T00:00:00",
"db": "BID",
"id": "82407"
},
{
"date": "2016-03-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001557"
},
{
"date": "2016-02-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-128"
},
{
"date": "2016-02-05T11:59:01.173000",
"db": "NVD",
"id": "CVE-2016-0862"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00993"
},
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-88372"
},
{
"date": "2016-07-05T21:21:00",
"db": "BID",
"id": "82407"
},
{
"date": "2016-03-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001557"
},
{
"date": "2016-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-128"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-0862"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-128"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Industrial Solutions UPS SNMP/Web Vulnerability to retrieve important plain text account information in adapter device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001557"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-128"
}
],
"trust": 0.6
}
}
VAR-201602-0019
Vulnerability from variot - Updated: 2025-04-13 23:03General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. http://cwe.mitre.org/data/definitions/77.htmlAn arbitrary command may be executed by a remotely authenticated user. The GE SNMP / Web Interface adapter is a Web server used by General Electric Company to display the current information of the uninterruptible power supply. SNMP/Web Interface is prone to a command-injection vulnerability and an information-disclosure vulnerability. Exploiting these issues could allow an attacker to gain access to potentially sensitive information and execute arbitrary commands in the context of the affected device. Versions prior to SNMP/Web Interface 4.8 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0019",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ups snmp web adapter",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "4.7"
},
{
"model": "ups snmp/web interface adapter",
"scope": "lt",
"trust": 0.8,
"vendor": "general electric",
"version": "4.8"
},
{
"model": "electric industrial solutions ups snmp/web adapter",
"scope": "lt",
"trust": 0.6,
"vendor": "general",
"version": "4.8"
},
{
"model": "ups snmp web adapter",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "4.7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00996"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001464"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-127"
},
{
"db": "NVD",
"id": "CVE-2016-0861"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:ge:ups_snmp_web_adapter_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001464"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen",
"sources": [
{
"db": "BID",
"id": "82407"
}
],
"trust": 0.3
},
"cve": "CVE-2016-0861",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2016-0861",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-00996",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-88371",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-0861",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-0861",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-0861",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-00996",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-127",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-88371",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00996"
},
{
"db": "VULHUB",
"id": "VHN-88371"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001464"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-127"
},
{
"db": "NVD",
"id": "CVE-2016-0861"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. http://cwe.mitre.org/data/definitions/77.htmlAn arbitrary command may be executed by a remotely authenticated user. The GE SNMP / Web Interface adapter is a Web server used by General Electric Company to display the current information of the uninterruptible power supply. SNMP/Web Interface is prone to a command-injection vulnerability and an information-disclosure vulnerability. \nExploiting these issues could allow an attacker to gain access to potentially sensitive information and execute arbitrary commands in the context of the affected device. \nVersions prior to SNMP/Web Interface 4.8 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0861"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001464"
},
{
"db": "CNVD",
"id": "CNVD-2016-00996"
},
{
"db": "BID",
"id": "82407"
},
{
"db": "VULHUB",
"id": "VHN-88371"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-88371",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88371"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-0861",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-16-033-02",
"trust": 3.4
},
{
"db": "PACKETSTORM",
"id": "135586",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "39408",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001464",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201602-127",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-00996",
"trust": 0.6
},
{
"db": "BID",
"id": "82407",
"trust": 0.3
},
{
"db": "SEEBUG",
"id": "SSVID-91064",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-88371",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00996"
},
{
"db": "VULHUB",
"id": "VHN-88371"
},
{
"db": "BID",
"id": "82407"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001464"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-127"
},
{
"db": "NVD",
"id": "CVE-2016-0861"
}
]
},
"id": "VAR-201602-0019",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00996"
},
{
"db": "VULHUB",
"id": "VHN-88371"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00996"
}
]
},
"last_update_date": "2025-04-13T23:03:16.746000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GEIS16-01",
"trust": 0.8,
"url": "http://apps.geindustrial.com/publibrary/checkout/GEIS_SNMP?TNR=Application%20and%20Technical|GEIS_SNMP|PDF\u0026filename=GEIS_SNMP.pdf"
},
{
"title": "Patch for GE SNMP / Web Interface adapter command injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/71375"
},
{
"title": "General Electric SNMP/Web Interface Adapter Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60079"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00996"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001464"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-127"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-88371"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001464"
},
{
"db": "NVD",
"id": "CVE-2016-0861"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-033-02"
},
{
"trust": 1.6,
"url": "http://apps.geindustrial.com/publibrary/checkout/application%20and%20technical%7cgeis_snmp%7cpdf\u0026filename=geis_snmp.pdf"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/39408/"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2016/feb/21"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/135586/ge-industrial-solutions-ups-snmp-adapter-command-injection.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0861"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0861"
},
{
"trust": 0.3,
"url": "http://www.ge.com/"
},
{
"trust": 0.3,
"url": "http://www.gegridsolutions.com/products/manuals/powerquality/snmp_box_new.pdf"
},
{
"trust": 0.1,
"url": "http://apps.geindustrial.com/publibrary/checkout/application%20and%20technical%7cgeis_snmp%7cpdf\u0026amp;filename=geis_snmp.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00996"
},
{
"db": "VULHUB",
"id": "VHN-88371"
},
{
"db": "BID",
"id": "82407"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001464"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-127"
},
{
"db": "NVD",
"id": "CVE-2016-0861"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-00996"
},
{
"db": "VULHUB",
"id": "VHN-88371"
},
{
"db": "BID",
"id": "82407"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001464"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-127"
},
{
"db": "NVD",
"id": "CVE-2016-0861"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00996"
},
{
"date": "2016-02-05T00:00:00",
"db": "VULHUB",
"id": "VHN-88371"
},
{
"date": "2016-02-02T00:00:00",
"db": "BID",
"id": "82407"
},
{
"date": "2016-02-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001464"
},
{
"date": "2016-02-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-127"
},
{
"date": "2016-02-05T11:59:00.127000",
"db": "NVD",
"id": "CVE-2016-0861"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00996"
},
{
"date": "2017-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-88371"
},
{
"date": "2016-07-05T21:21:00",
"db": "BID",
"id": "82407"
},
{
"date": "2016-02-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001464"
},
{
"date": "2016-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-127"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-0861"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-127"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Industrial Solutions UPS SNMP/Web Vulnerability to execute arbitrary command in firmware of adapter device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001464"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-127"
}
],
"trust": 0.6
}
}
VAR-201606-0013
Vulnerability from variot - Updated: 2025-04-12 23:29General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. http://cwe.mitre.org/data/definitions/798.htmlBy a third party Web Configuration settings may be changed through the interface. GEML800 and others are all Ethernet switches of General Electric (GE). GE MultiLink Series Switches are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to gain unauthorized access or obtain sensitive information; this may lead to further attacks. The following products are affected : GE ML800 Switch, firmware versions prior to Version 5.5.0 GE ML810 Switch, firmware versions prior to Version 5.5.0k GE ML1200 Switch, firmware versions prior to Version 5.5.0 GE ML1600 Switch, firmware versions prior to Version 5.5.0 GE ML2400 Switch, firmware versions prior to Version 5.5.0 GE ML3000 Switch, firmware versions prior to Version 5.5.0k GE ML3100 Switch, firmware versions prior to Version 5.5.0k
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201606-0013",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "multilink",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "5.5.0k"
},
{
"model": "multilink",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "5.5.0"
},
{
"model": "multilink ml1200",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink ml1600",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink ml2400",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink ml3000",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink ml3100",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink ml800",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink ml810",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink series",
"scope": "lt",
"trust": 0.8,
"vendor": "general electric",
"version": "5.5.0 (ml800/ml1200/ml1600/ml2400)"
},
{
"model": "multilink series",
"scope": "lt",
"trust": 0.8,
"vendor": "general electric",
"version": "5.5.0k (ml810/ml3000/ml3100)"
},
{
"model": "ml800 switch",
"scope": "lt",
"trust": 0.6,
"vendor": "ge",
"version": "5.5.0"
},
{
"model": "ml810 switch \u003c5.5.0k",
"scope": null,
"trust": 0.6,
"vendor": "ge",
"version": null
},
{
"model": "ml1200 switch",
"scope": "lt",
"trust": 0.6,
"vendor": "ge",
"version": "5.5.0"
},
{
"model": "ml1600",
"scope": "lt",
"trust": 0.6,
"vendor": "ge",
"version": "5.5.0"
},
{
"model": "ml2400 switch",
"scope": "lt",
"trust": 0.6,
"vendor": "ge",
"version": "5.5.0"
},
{
"model": "ml3000 switch 5.5.0k",
"scope": null,
"trust": 0.6,
"vendor": "ge",
"version": null
},
{
"model": "ml3100 switch \u003c5.5.0k",
"scope": null,
"trust": 0.6,
"vendor": "ge",
"version": null
},
{
"model": "ml3100 switch",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": null
},
{
"model": "ml800 switch",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": null
},
{
"model": "ml1200 switch",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": null
},
{
"model": "multilink",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "5.5.0"
},
{
"model": "ml1600 switch",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": null
},
{
"model": "ml2400 switch",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03794"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003087"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-054"
},
{
"db": "NVD",
"id": "CVE-2016-2310"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:ge:multilink_ml1200",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:multilink_ml1600",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:multilink_ml2400",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:multilink_ml3000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:multilink_ml3100",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:multilink_ml800",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:multilink_ml810",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003087"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "91011"
}
],
"trust": 0.3
},
"cve": "CVE-2016-2310",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-2310",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-03794",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-91129",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-2310",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-2310",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-2310",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-2310",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2016-03794",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201606-054",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-91129",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-2310",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03794"
},
{
"db": "VULHUB",
"id": "VHN-91129"
},
{
"db": "VULMON",
"id": "CVE-2016-2310"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003087"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-054"
},
{
"db": "NVD",
"id": "CVE-2016-2310"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. http://cwe.mitre.org/data/definitions/798.htmlBy a third party Web Configuration settings may be changed through the interface. GEML800 and others are all Ethernet switches of General Electric (GE). GE MultiLink Series Switches are prone to an authentication-bypass vulnerability. \nAn attacker can exploit this issue to gain unauthorized access or obtain sensitive information; this may lead to further attacks. \nThe following products are affected :\nGE ML800 Switch, firmware versions prior to Version 5.5.0\nGE ML810 Switch, firmware versions prior to Version 5.5.0k\nGE ML1200 Switch, firmware versions prior to Version 5.5.0\nGE ML1600 Switch, firmware versions prior to Version 5.5.0\nGE ML2400 Switch, firmware versions prior to Version 5.5.0\nGE ML3000 Switch, firmware versions prior to Version 5.5.0k\nGE ML3100 Switch, firmware versions prior to Version 5.5.0k",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2310"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003087"
},
{
"db": "CNVD",
"id": "CNVD-2016-03794"
},
{
"db": "BID",
"id": "91011"
},
{
"db": "VULHUB",
"id": "VHN-91129"
},
{
"db": "VULMON",
"id": "CVE-2016-2310"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2310",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-154-01",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003087",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201606-054",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-03794",
"trust": 0.6
},
{
"db": "BID",
"id": "91011",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-91129",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-2310",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03794"
},
{
"db": "VULHUB",
"id": "VHN-91129"
},
{
"db": "VULMON",
"id": "CVE-2016-2310"
},
{
"db": "BID",
"id": "91011"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003087"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-054"
},
{
"db": "NVD",
"id": "CVE-2016-2310"
}
]
},
"id": "VAR-201606-0013",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03794"
},
{
"db": "VULHUB",
"id": "VHN-91129"
}
],
"trust": 1.4362637485714287
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03794"
}
]
},
"last_update_date": "2025-04-12T23:29:28.303000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ML1200 Compact Hardened Managed Ethernet Switch",
"trust": 0.8,
"url": "https://www.gegridsolutions.com/app/Resources.aspx?prod=ml1200\u0026type=7"
},
{
"title": "ML1600 9\" Panel-mounted Managed Switch",
"trust": 0.8,
"url": "https://www.gegridsolutions.com/app/Resources.aspx?prod=ml1600\u0026type=7"
},
{
"title": "ML2400 19\" Rack-mounted Managed Switch",
"trust": 0.8,
"url": "https://www.gegridsolutions.com/app/Resources.aspx?prod=ml2400\u0026type=7"
},
{
"title": "ML3000 Series 19\" Rack-mounted Managed Switch (The new firmware version for the ML3000 and ML3100)",
"trust": 0.8,
"url": "https://www.gegridsolutions.com/app/Resources.aspx?prod=ml3000\u0026type=7"
},
{
"title": "ML800 Compact Hardened Managed Ethernet Switch",
"trust": 0.8,
"url": "https://www.gegridsolutions.com/app/Resources.aspx?prod=ml800\u0026type=7"
},
{
"title": "ML810 Compact Hardened 10-port Ethernet Switch",
"trust": 0.8,
"url": "https://www.gegridsolutions.com/app/Resources.aspx?prod=ml810\u0026type=7"
},
{
"title": "GE\u0027s multiple product configuration options control vulnerability patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/76993"
},
{
"title": "GE Various product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62079"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03794"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003087"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-054"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003087"
},
{
"db": "NVD",
"id": "CVE-2016-2310"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-154-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2310"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2310"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=46503"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03794"
},
{
"db": "VULHUB",
"id": "VHN-91129"
},
{
"db": "VULMON",
"id": "CVE-2016-2310"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003087"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-054"
},
{
"db": "NVD",
"id": "CVE-2016-2310"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-03794"
},
{
"db": "VULHUB",
"id": "VHN-91129"
},
{
"db": "VULMON",
"id": "CVE-2016-2310"
},
{
"db": "BID",
"id": "91011"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003087"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-054"
},
{
"db": "NVD",
"id": "CVE-2016-2310"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03794"
},
{
"date": "2016-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-91129"
},
{
"date": "2016-06-09T00:00:00",
"db": "VULMON",
"id": "CVE-2016-2310"
},
{
"date": "2016-06-02T00:00:00",
"db": "BID",
"id": "91011"
},
{
"date": "2016-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003087"
},
{
"date": "2016-06-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-054"
},
{
"date": "2016-06-09T10:59:00.290000",
"db": "NVD",
"id": "CVE-2016-2310"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03794"
},
{
"date": "2016-06-10T00:00:00",
"db": "VULHUB",
"id": "VHN-91129"
},
{
"date": "2021-03-29T00:00:00",
"db": "VULMON",
"id": "CVE-2016-2310"
},
{
"date": "2016-06-02T00:00:00",
"db": "BID",
"id": "91011"
},
{
"date": "2016-06-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003087"
},
{
"date": "2021-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-054"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-2310"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-054"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "General Electric Multilink Vulnerability to change configuration settings in switch firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003087"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-054"
}
],
"trust": 0.6
}
}
VAR-201607-0454
Vulnerability from variot - Updated: 2025-04-12 23:25General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlService settings may be changed by local users. GE Proficy HMI SCADA CIMPLICITY is a client/server based HMI/SCADA solution. GE Proficy HMI SCADA CIMPLICITY has a security vulnerability that allows a local attacker to exploit this vulnerability to increase privileges. This may aid in further attacks. GE Proficy HMI SCADA CIMPLICITY 8.2 SIM 26 and prior are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0454",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cimplicity",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": "8.2"
},
{
"model": "cimplicity",
"scope": "lt",
"trust": 1.0,
"vendor": "ge",
"version": "8.2"
},
{
"model": "proficy hmi/scada - cimplicity",
"scope": "lt",
"trust": 0.8,
"vendor": "general electric",
"version": "8.2 sim 27"
},
{
"model": "cimplicity sim",
"scope": "lt",
"trust": 0.6,
"vendor": "ge",
"version": "8.227"
},
{
"model": "cimplicity",
"scope": "eq",
"trust": 0.6,
"vendor": "general electric",
"version": "8.2"
},
{
"model": "electric proficy hmi/scada cimplicity sim",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "-8.226"
},
{
"model": "electric proficy hmi/scada cimplicity sim",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "-8.219"
},
{
"model": "electric proficy hmi/scada cimplicity",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "-8.2"
},
{
"model": "electric proficy hmi/scada cimplicity sim",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "-8.227"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cimplicity",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e48555af-f166-4a94-bc44-f644c9893996"
},
{
"db": "CNVD",
"id": "CNVD-2016-04901"
},
{
"db": "BID",
"id": "91727"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003795"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-339"
},
{
"db": "NVD",
"id": "CVE-2016-5787"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ge:intelligent_platforms_proficy_hmi%2Fscada_cimplicity",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003795"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zhou Yu of Acorn Network Security.",
"sources": [
{
"db": "BID",
"id": "91727"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-339"
}
],
"trust": 0.9
},
"cve": "CVE-2016-5787",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5787",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2016-04901",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "e48555af-f166-4a94-bc44-f644c9893996",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.0,
"id": "CVE-2016-5787",
"impactScore": 3.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 5.7,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-5787",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5787",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-5787",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-04901",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-339",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e48555af-f166-4a94-bc44-f644c9893996",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e48555af-f166-4a94-bc44-f644c9893996"
},
{
"db": "CNVD",
"id": "CNVD-2016-04901"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003795"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-339"
},
{
"db": "NVD",
"id": "CVE-2016-5787"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlService settings may be changed by local users. GE Proficy HMI SCADA CIMPLICITY is a client/server based HMI/SCADA solution. GE Proficy HMI SCADA CIMPLICITY has a security vulnerability that allows a local attacker to exploit this vulnerability to increase privileges. This may aid in further attacks. \nGE Proficy HMI SCADA CIMPLICITY 8.2 SIM 26 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5787"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003795"
},
{
"db": "CNVD",
"id": "CNVD-2016-04901"
},
{
"db": "BID",
"id": "91727"
},
{
"db": "IVD",
"id": "e48555af-f166-4a94-bc44-f644c9893996"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5787",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-194-02",
"trust": 2.7
},
{
"db": "BID",
"id": "91727",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2016-04901",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-339",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003795",
"trust": 0.8
},
{
"db": "IVD",
"id": "E48555AF-F166-4A94-BC44-F644C9893996",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e48555af-f166-4a94-bc44-f644c9893996"
},
{
"db": "CNVD",
"id": "CNVD-2016-04901"
},
{
"db": "BID",
"id": "91727"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003795"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-339"
},
{
"db": "NVD",
"id": "CVE-2016-5787"
}
]
},
"id": "VAR-201607-0454",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e48555af-f166-4a94-bc44-f644c9893996"
},
{
"db": "CNVD",
"id": "CNVD-2016-04901"
}
],
"trust": 1.5849003000000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e48555af-f166-4a94-bc44-f644c9893996"
},
{
"db": "CNVD",
"id": "CNVD-2016-04901"
}
]
},
"last_update_date": "2025-04-12T23:25:45.959000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GED 16-01",
"trust": 0.8,
"url": "https://ge-ip.force.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-16-01"
},
{
"title": "Patch for GE Proficy HMI SCADA CIMPLICITY Local Elevation of Privilege Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/79099"
},
{
"title": "GE Proficy HMI SCADA CIMPLICITY Remedial measures for local privilege escalation",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62916"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04901"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003795"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-339"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-668",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003795"
},
{
"db": "NVD",
"id": "CVE-2016-5787"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-194-02"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/91727"
},
{
"trust": 1.6,
"url": "https://ge-ip.force.com/communities/en_us/article/ge-digital-security-advisory-ged-16-01"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5787"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5787"
},
{
"trust": 0.3,
"url": "http://www.ge-ip.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04901"
},
{
"db": "BID",
"id": "91727"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003795"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-339"
},
{
"db": "NVD",
"id": "CVE-2016-5787"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e48555af-f166-4a94-bc44-f644c9893996"
},
{
"db": "CNVD",
"id": "CNVD-2016-04901"
},
{
"db": "BID",
"id": "91727"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003795"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-339"
},
{
"db": "NVD",
"id": "CVE-2016-5787"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-18T00:00:00",
"db": "IVD",
"id": "e48555af-f166-4a94-bc44-f644c9893996"
},
{
"date": "2016-07-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04901"
},
{
"date": "2016-07-12T00:00:00",
"db": "BID",
"id": "91727"
},
{
"date": "2016-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003795"
},
{
"date": "2016-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-339"
},
{
"date": "2016-07-15T16:59:11.423000",
"db": "NVD",
"id": "CVE-2016-5787"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04901"
},
{
"date": "2016-07-12T00:00:00",
"db": "BID",
"id": "91727"
},
{
"date": "2016-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003795"
},
{
"date": "2022-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-339"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-5787"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "91727"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-339"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "General Electric Digital Proficy HMI/SCADA - CIMPLICITY Vulnerability in changing service settings",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003795"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-339"
}
],
"trust": 0.6
}
}
VAR-201111-0006
Vulnerability from variot - Updated: 2025-04-11 23:18Multiple stack-based buffer overflows in GE Intelligent Platforms Proficy Applications before 4.4.1 SIM 101 and 5.x before 5.0 SIM 43 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted TCP message traffic to (1) PRProficyMgr.exe in Proficy Server Manager, (2) PRGateway.exe in Proficy Server Gateway, (3) PRRDS.exe in Proficy Remote Data Service, or (4) PRLicenseMgr.exe in Proficy Server License Manager. GE Proficy Plant is a smart factory solution that allows you to make business decisions and make decisions through real-time plant data. A security vulnerability exists in multiple Proficy services, allowing an attacker to gain control of the system. The GE Proficy Plan application component handles inbound TCP/IP messaging. There is a stack-based buffer overflow. This vulnerability affects: (1) By default, the Proficy Server Manager (PRProficyMgr.exe) on the TCP 12293 port is monitored. (2) By default, the Proficy Service Gateway program (PRGateway.exe) on the TCP 12294 port is monitored. (3) By default, the Proficy Remote Data Service (PRRDS.exe) on the TCP 12299 port is monitored. (4) By default, the Proficy Server License Manager (PRLicenseMgr.exe) on the TCP 12401 port is monitored. GE Proficy Plant is prone to a remote stack buffer-overflow vulnerability. An attacker could exploit this issue to execute arbitrary code with administrative privileges. Successfully exploiting this issue will result in the complete compromise of the affected computer. ----------------------------------------------------------------------
Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool.
Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/
TITLE: Proficy Plant Applications Multiple Services Buffer Overflow Vulnerabilities
SECUNIA ADVISORY ID: SA46700
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46700/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46700
RELEASE DATE: 2011-11-02
DISCUSS ADVISORY: http://secunia.com/advisories/46700/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/46700/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=46700
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Proficy Plant Applications, which can be exploited by malicious people to compromise a vulnerable system.
Please see the vendor's advisory for a list of affected versions.
SOLUTION: Apply updates.
PROVIDED AND/OR DISCOVERED BY: The vendor credits Luigi Auriemma via ZDI.
ORIGINAL ADVISORY: GE (GEIP-11-02): http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14493/en_US/GEIP11-02%20Security%20Advisory%20-%20Proficy%20Plant%20Applications%20services.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201111-0006",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "intelligent platforms proficy historian",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "4.0"
},
{
"model": "intelligent platforms proficy historian",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "5.0"
},
{
"model": "intelligent platforms proficy historian",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "4.4.1"
},
{
"model": "ge intelligent platforms proficy applications",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": "5.0 sim 43"
},
{
"model": "ge intelligent platforms proficy applications",
"scope": "lt",
"trust": 0.8,
"vendor": "general electric",
"version": "5.x"
},
{
"model": "proficy historian",
"scope": "eq",
"trust": 0.6,
"vendor": "general electric",
"version": "5.0"
},
{
"model": "proficy historian",
"scope": "lte",
"trust": 0.6,
"vendor": "general electric",
"version": "\u003c=4.4.1"
},
{
"model": "proficy historian",
"scope": "eq",
"trust": 0.6,
"vendor": "general electric",
"version": "4.0"
},
{
"model": "intelligent platforms proficy historian",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "4.4.1"
},
{
"model": "electric proficy plant",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "4.4.1"
},
{
"model": "electric proficy plant",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "5.0"
},
{
"model": "electric proficy plant sim43",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "5.0"
},
{
"model": "electric proficy plant sim101",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "4.4.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy historian",
"version": "4.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy historian",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy historian",
"version": "5.0"
}
],
"sources": [
{
"db": "IVD",
"id": "7061ba28-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-4651"
},
{
"db": "BID",
"id": "50474"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002757"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-051"
},
{
"db": "NVD",
"id": "CVE-2011-1919"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ge:intelligent_platforms",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002757"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "US-CERT",
"sources": [
{
"db": "BID",
"id": "50474"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-051"
}
],
"trust": 0.9
},
"cve": "CVE-2011-1919",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2011-1919",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "7061ba28-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-1919",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2011-1919",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201111-051",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "7061ba28-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7061ba28-2354-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002757"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-051"
},
{
"db": "NVD",
"id": "CVE-2011-1919"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple stack-based buffer overflows in GE Intelligent Platforms Proficy Applications before 4.4.1 SIM 101 and 5.x before 5.0 SIM 43 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted TCP message traffic to (1) PRProficyMgr.exe in Proficy Server Manager, (2) PRGateway.exe in Proficy Server Gateway, (3) PRRDS.exe in Proficy Remote Data Service, or (4) PRLicenseMgr.exe in Proficy Server License Manager. GE Proficy Plant is a smart factory solution that allows you to make business decisions and make decisions through real-time plant data. A security vulnerability exists in multiple Proficy services, allowing an attacker to gain control of the system. The GE Proficy Plan application component handles inbound TCP/IP messaging. There is a stack-based buffer overflow. This vulnerability affects: (1) By default, the Proficy Server Manager (PRProficyMgr.exe) on the TCP 12293 port is monitored. (2) By default, the Proficy Service Gateway program (PRGateway.exe) on the TCP 12294 port is monitored. (3) By default, the Proficy Remote Data Service (PRRDS.exe) on the TCP 12299 port is monitored. (4) By default, the Proficy Server License Manager (PRLicenseMgr.exe) on the TCP 12401 port is monitored. GE Proficy Plant is prone to a remote stack buffer-overflow vulnerability. \nAn attacker could exploit this issue to execute arbitrary code with administrative privileges. Successfully exploiting this issue will result in the complete compromise of the affected computer. ----------------------------------------------------------------------\n\nOvum says ad hoc tools are out-dated. The best practice approach?\nFast vulnerability intelligence, threat handling, and setup in one tool. \n\nRead the new report on the Secunia VIM:\nhttp://secunia.com/products/corporate/vim/ovum_2011_request/ \n\n----------------------------------------------------------------------\n\nTITLE:\nProficy Plant Applications Multiple Services Buffer Overflow\nVulnerabilities\n\nSECUNIA ADVISORY ID:\nSA46700\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/46700/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46700\n\nRELEASE DATE:\n2011-11-02\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/46700/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/46700/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46700\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Proficy Plant\nApplications, which can be exploited by malicious people to\ncompromise a vulnerable system. \n\nPlease see the vendor\u0027s advisory for a list of affected versions. \n\nSOLUTION:\nApply updates. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Luigi Auriemma via ZDI. \n\nORIGINAL ADVISORY:\nGE (GEIP-11-02):\nhttp://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14493/en_US/GEIP11-02%20Security%20Advisory%20-%20Proficy%20Plant%20Applications%20services.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-1919"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002757"
},
{
"db": "CNVD",
"id": "CNVD-2011-4651"
},
{
"db": "BID",
"id": "50474"
},
{
"db": "IVD",
"id": "7061ba28-2354-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "106517"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-1919",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-11-243-01",
"trust": 3.3
},
{
"db": "BID",
"id": "50474",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2011-4651",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201111-051",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002757",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "46700",
"trust": 0.7
},
{
"db": "IVD",
"id": "7061BA28-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "106517",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7061ba28-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-4651"
},
{
"db": "BID",
"id": "50474"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002757"
},
{
"db": "PACKETSTORM",
"id": "106517"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-051"
},
{
"db": "NVD",
"id": "CVE-2011-1919"
}
]
},
"id": "VAR-201111-0006",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7061ba28-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-4651"
}
],
"trust": 1.3779100566666669
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7061ba28-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-4651"
}
]
},
"last_update_date": "2025-04-11T23:18:59.434000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.ge-ip.com/"
},
{
"title": "partner",
"trust": 0.8,
"url": "http://www.ge-ip.co.jp/partner.html"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.ge-ip.co.jp/"
},
{
"title": "GE Proficy Plant Application Component Remote Stack Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/5754"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-4651"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002757"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-002757"
},
{
"db": "NVD",
"id": "CVE-2011-1919"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-243-01.pdf"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/50474"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1919"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1919"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/46700"
},
{
"trust": 0.4,
"url": "http://support.ge-ip.com/support/resources/sites/ge_fanuc_support/content/live/kb/14000/kb14493/en_us/geip11-02%20security%20advisory%20-%20proficy%20plant%20applications%20services.pdf"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=46700"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46700/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/ovum_2011_request/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/46700/#comments"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-4651"
},
{
"db": "BID",
"id": "50474"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002757"
},
{
"db": "PACKETSTORM",
"id": "106517"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-051"
},
{
"db": "NVD",
"id": "CVE-2011-1919"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7061ba28-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-4651"
},
{
"db": "BID",
"id": "50474"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002757"
},
{
"db": "PACKETSTORM",
"id": "106517"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-051"
},
{
"db": "NVD",
"id": "CVE-2011-1919"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-11-03T00:00:00",
"db": "IVD",
"id": "7061ba28-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-11-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-4651"
},
{
"date": "2011-11-01T00:00:00",
"db": "BID",
"id": "50474"
},
{
"date": "2011-11-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002757"
},
{
"date": "2011-11-02T02:34:52",
"db": "PACKETSTORM",
"id": "106517"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-051"
},
{
"date": "2011-11-02T17:55:00.857000",
"db": "NVD",
"id": "CVE-2011-1919"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-11-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-4651"
},
{
"date": "2011-11-15T00:47:00",
"db": "BID",
"id": "50474"
},
{
"date": "2012-02-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002757"
},
{
"date": "2012-02-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-051"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-1919"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-051"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Proficy Plant Application component remote stack buffer overflow vulnerability",
"sources": [
{
"db": "IVD",
"id": "7061ba28-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-4651"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "7061ba28-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-051"
}
],
"trust": 0.8
}
}
VAR-201203-0278
Vulnerability from variot - Updated: 2025-04-11 23:15The Data Archiver service in GE Intelligent Platforms Proficy Historian 4.5 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted session on TCP port 14000 to (1) ihDataArchiver.exe or (2) ihDataArchiver_x64.exe. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE iFix. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ihDataArchiver.exe process which listens by default on TCP port 14000. Several errors are present in the code responsible for parsing data from the network. GE Proficy Historian is a factory system that collects, archives and distributes very large amounts of real-time data at high speed. Failed exploit attempts will likely result in denial-of-service conditions.
- -- Vendor Response: GE has issued an update to correct this vulnerability. More details can be found at:
http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB14767
-
-- Disclosure Timeline: 2011-10-17 - Vulnerability reported to vendor 2012-08-03 - Coordinated public release of advisory
-
-- Credit: This vulnerability was discovered by:
-
Luigi Auriemma
-
-- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8
wsBVAwUBUBwr11VtgMGTo1scAQLJgQf/ch8WS423yg6HqmDf02bbhylP979o5mVq k6XN4d0u0bl6oa74wadnd0ch1iZE70b9icervXe2IEdaZEQenQ9nOYBGdXg+/Sr7 V5qOvm+gOUT3kta9ogW8RLO5gZnMjA0MnY68laphjuTFqVaz0w24D+NjrxflR0IL WT0s2ct0S6L5MvVYQWYse/dLqr3KGuY1YaTkDfALwjXXDRv9UYf+4QMgDD2Jw0+f qRqlTUhe8iEdju/mstYLNsZ6g4plUFvs9piBmZG82K5NsxZjyX8GHuWv48siQbUP hlreFBPJ89cvqVX9ap+5AlioJkWPg8bGuK80jpStIJFYjy6aY4u13Q== =L3hq -----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Proficy Historian Data Archiver Service Memory Corruption Vulnerability
SECUNIA ADVISORY ID: SA48369
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48369/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48369
RELEASE DATE: 2012-03-14
DISCUSS ADVISORY: http://secunia.com/advisories/48369/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/48369/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48369
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Proficy Historian, which can be exploited by malicious people to compromise a vulnerable system. This can be exploited to corrupt memory via a specially crafted packet sent to TCP port 14000.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following products: * Proficy Historian versions 4.5 and prior. * Proficy HMI/SCADA \x96 CIMPLICITY version 8.2. * Proficy HMI/SCADA \x96 iFIX versions 5.0, 5.1, and 5.5.
SOLUTION: Apply patches (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY: The vendor credits Luigi Auriemma via ZDI.
ORIGINAL ADVISORY: GE: http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14767/en_US/GEIP12-01%20Security%20Advisory%20-%20Proficy%20Historian%20ihDataArchiver.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201203-0278",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "intelligent platforms proficy historian",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "4.0"
},
{
"model": "intelligent platforms proficy historian",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "2.0"
},
{
"model": "intelligent platforms proficy historian",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "3.0"
},
{
"model": "intelligent platforms proficy historian",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "3.5"
},
{
"model": "intelligent platforms proficy historian",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "3.1"
},
{
"model": "intelligent platforms proficy historian",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "1.0"
},
{
"model": "intelligent platforms proficy historian",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "4.5"
},
{
"model": "electric proficy hmi/scada-ifix",
"scope": "eq",
"trust": 0.9,
"vendor": "general",
"version": "5.5"
},
{
"model": "electric proficy historian",
"scope": "eq",
"trust": 0.9,
"vendor": "general",
"version": "3.1"
},
{
"model": "electric proficy historian",
"scope": "eq",
"trust": 0.9,
"vendor": "general",
"version": "4.5"
},
{
"model": "proficy historian",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "4.5"
},
{
"model": "proficy historian ihdataarchiver",
"scope": null,
"trust": 0.7,
"vendor": "ge",
"version": null
},
{
"model": "proficy hmi/scada-ifix",
"scope": "eq",
"trust": 0.6,
"vendor": "general electric",
"version": "5.0"
},
{
"model": "proficy hmi/scada-ifix",
"scope": "eq",
"trust": 0.6,
"vendor": "general electric",
"version": "5.1"
},
{
"model": "proficy hmi/scada-cimplicity",
"scope": "eq",
"trust": 0.6,
"vendor": "general electric",
"version": "8.2"
},
{
"model": "proficy hmi/scada-cimplicity",
"scope": "eq",
"trust": 0.6,
"vendor": "general electric",
"version": "8.1"
},
{
"model": "proficy historian",
"scope": "eq",
"trust": 0.6,
"vendor": "general electric",
"version": "3.5"
},
{
"model": "proficy historian",
"scope": "eq",
"trust": 0.6,
"vendor": "general electric",
"version": "4.0"
},
{
"model": "intelligent platforms proficy historian",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "4.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "intelligent platforms proficy historian",
"version": "2.0"
},
{
"model": "electric proficy hmi/scada-ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "5.1"
},
{
"model": "electric proficy hmi/scada-ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "5.0"
},
{
"model": "electric proficy hmi/scada-cimplicity",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "8.2"
},
{
"model": "electric proficy hmi/scada-cimplicity",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "8.1"
},
{
"model": "electric proficy historian",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "4.0"
},
{
"model": "electric proficy historian",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "3.5"
},
{
"model": "electric proficy historian",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy historian",
"version": "1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy historian",
"version": "3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy historian",
"version": "3.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy historian",
"version": "3.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy historian",
"version": "4.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy historian",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "04a7da74-2354-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-12-133"
},
{
"db": "CNVD",
"id": "CNVD-2012-1304"
},
{
"db": "BID",
"id": "52437"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001802"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-261"
},
{
"db": "NVD",
"id": "CVE-2012-0229"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ge:intelligent_platforms_proficy_historian",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001802"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE and Zero Day Initiative.",
"sources": [
{
"db": "BID",
"id": "52437"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-261"
}
],
"trust": 0.9
},
"cve": "CVE-2012-0229",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2012-0229",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 2.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "04a7da74-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-0229",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-0229",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2012-0229",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201203-261",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "04a7da74-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2012-0229",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "04a7da74-2354-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-12-133"
},
{
"db": "VULMON",
"id": "CVE-2012-0229"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001802"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-261"
},
{
"db": "NVD",
"id": "CVE-2012-0229"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Data Archiver service in GE Intelligent Platforms Proficy Historian 4.5 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted session on TCP port 14000 to (1) ihDataArchiver.exe or (2) ihDataArchiver_x64.exe. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE iFix. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ihDataArchiver.exe process which listens by default on TCP port 14000. Several errors are present in the code responsible for parsing data from the network. GE Proficy Historian is a factory system that collects, archives and distributes very large amounts of real-time data at high speed. Failed exploit attempts will likely result in denial-of-service conditions. \n\n- -- Vendor Response:\nGE has issued an update to correct this vulnerability. More details can be\nfound at:\n\nhttp://support.ge-ip.com/support/index?page=kbchannel\u0026id=S:KB14767\n\n\n- -- Disclosure Timeline:\n2011-10-17 - Vulnerability reported to vendor\n2012-08-03 - Coordinated public release of advisory\n\n- -- Credit:\nThis vulnerability was discovered by:\n* Luigi Auriemma\n\n- -- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents \na best-of-breed model for rewarding security researchers for responsibly\ndisclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is\nused. Instead, upon notifying the affected product vendor,\nTippingPoint provides its customers with zero day protection through\nits intrusion prevention technology. Explicit details regarding the\nspecifics of the vulnerability are not exposed to any parties until\nan official vendor patch is publicly available. Furthermore, with the\naltruistic aim of helping to secure a broader user base, TippingPoint\nprovides this vulnerability information confidentially to security\nvendors (including competitors) who have a vulnerability protection or\nmitigation product. \n\nOur vulnerability disclosure policy is available online at:\n\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\n\nFollow the ZDI on Twitter:\n\n http://twitter.com/thezdi\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP Desktop 10.2.0 (Build 1950)\nCharset: utf-8\n\nwsBVAwUBUBwr11VtgMGTo1scAQLJgQf/ch8WS423yg6HqmDf02bbhylP979o5mVq\nk6XN4d0u0bl6oa74wadnd0ch1iZE70b9icervXe2IEdaZEQenQ9nOYBGdXg+/Sr7\nV5qOvm+gOUT3kta9ogW8RLO5gZnMjA0MnY68laphjuTFqVaz0w24D+NjrxflR0IL\nWT0s2ct0S6L5MvVYQWYse/dLqr3KGuY1YaTkDfALwjXXDRv9UYf+4QMgDD2Jw0+f\nqRqlTUhe8iEdju/mstYLNsZ6g4plUFvs9piBmZG82K5NsxZjyX8GHuWv48siQbUP\nhlreFBPJ89cvqVX9ap+5AlioJkWPg8bGuK80jpStIJFYjy6aY4u13Q==\n=L3hq\n-----END PGP SIGNATURE-----\n\n\n. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nProficy Historian Data Archiver Service Memory Corruption\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA48369\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48369/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48369\n\nRELEASE DATE:\n2012-03-14\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48369/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48369/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48369\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Proficy Historian, which can be\nexploited by malicious people to compromise a vulnerable system. This can be exploited to corrupt\nmemory via a specially crafted packet sent to TCP port 14000. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is reported in the following products:\n* Proficy Historian versions 4.5 and prior. \n* Proficy HMI/SCADA \\x96 CIMPLICITY version 8.2. \n* Proficy HMI/SCADA \\x96 iFIX versions 5.0, 5.1, and 5.5. \n\nSOLUTION:\nApply patches (please see the vendor\u0027s advisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Luigi Auriemma via ZDI. \n\nORIGINAL ADVISORY:\nGE:\nhttp://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14767/en_US/GEIP12-01%20Security%20Advisory%20-%20Proficy%20Historian%20ihDataArchiver.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0229"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001802"
},
{
"db": "ZDI",
"id": "ZDI-12-133"
},
{
"db": "CNVD",
"id": "CNVD-2012-1304"
},
{
"db": "BID",
"id": "52437"
},
{
"db": "IVD",
"id": "04a7da74-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULMON",
"id": "CVE-2012-0229"
},
{
"db": "PACKETSTORM",
"id": "115259"
},
{
"db": "PACKETSTORM",
"id": "110810"
}
],
"trust": 3.51
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-0229",
"trust": 4.4
},
{
"db": "ICS CERT",
"id": "ICSA-12-032-01",
"trust": 3.4
},
{
"db": "BID",
"id": "52437",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "48369",
"trust": 1.2
},
{
"db": "ZDI",
"id": "ZDI-12-133",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2012-1304",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201203-261",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001802",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1377",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "19059",
"trust": 0.6
},
{
"db": "IVD",
"id": "04A7DA74-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2012-0229",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "115259",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "110810",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "04a7da74-2354-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-12-133"
},
{
"db": "CNVD",
"id": "CNVD-2012-1304"
},
{
"db": "VULMON",
"id": "CVE-2012-0229"
},
{
"db": "BID",
"id": "52437"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001802"
},
{
"db": "PACKETSTORM",
"id": "115259"
},
{
"db": "PACKETSTORM",
"id": "110810"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-261"
},
{
"db": "NVD",
"id": "CVE-2012-0229"
}
]
},
"id": "VAR-201203-0278",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "04a7da74-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1304"
}
],
"trust": 1.422341268
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "04a7da74-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-1304"
}
]
},
"last_update_date": "2025-04-11T23:15:34.694000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GEIP12-01",
"trust": 1.5,
"url": "http://support.ge-ip.com/support/index?page=kbchannel\u0026id=S:KB14767"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.ge-ip.com/"
},
{
"title": "partner",
"trust": 0.8,
"url": "http://www.ge-ip.co.jp/partner.html"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.ge-ip.co.jp/"
},
{
"title": "Patch for GE Proficy Historian Data Archive Service Remote Memory Corruption Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/13371"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-12-133"
},
{
"db": "CNVD",
"id": "CNVD-2012-1304"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001802"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001802"
},
{
"db": "NVD",
"id": "CVE-2012-0229"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-032-01.pdf"
},
{
"trust": 2.5,
"url": "http://support.ge-ip.com/support/index?page=kbchannel\u0026id=s:kb14767"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/52437"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/48369"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0229"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0229"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19059"
},
{
"trust": 0.3,
"url": "http://www.ge-ip.com/products/2420"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-12-133/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-12-032-01"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com/advisories/disclosure_policy/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0229"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com/advisories/zdi-12-133"
},
{
"trust": 0.1,
"url": "http://twitter.com/thezdi"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com"
},
{
"trust": 0.1,
"url": "http://secunia.com/psi_30_beta_launch"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://support.ge-ip.com/support/resources/sites/ge_fanuc_support/content/live/kb/14000/kb14767/en_us/geip12-01%20security%20advisory%20-%20proficy%20historian%20ihdataarchiver.pdf"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48369"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48369/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/48369/"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-12-133"
},
{
"db": "CNVD",
"id": "CNVD-2012-1304"
},
{
"db": "VULMON",
"id": "CVE-2012-0229"
},
{
"db": "BID",
"id": "52437"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001802"
},
{
"db": "PACKETSTORM",
"id": "115259"
},
{
"db": "PACKETSTORM",
"id": "110810"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-261"
},
{
"db": "NVD",
"id": "CVE-2012-0229"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "04a7da74-2354-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-12-133"
},
{
"db": "CNVD",
"id": "CNVD-2012-1304"
},
{
"db": "VULMON",
"id": "CVE-2012-0229"
},
{
"db": "BID",
"id": "52437"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001802"
},
{
"db": "PACKETSTORM",
"id": "115259"
},
{
"db": "PACKETSTORM",
"id": "110810"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-261"
},
{
"db": "NVD",
"id": "CVE-2012-0229"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-15T00:00:00",
"db": "IVD",
"id": "04a7da74-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-08-03T00:00:00",
"db": "ZDI",
"id": "ZDI-12-133"
},
{
"date": "2012-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-1304"
},
{
"date": "2012-03-15T00:00:00",
"db": "VULMON",
"id": "CVE-2012-0229"
},
{
"date": "2012-03-13T00:00:00",
"db": "BID",
"id": "52437"
},
{
"date": "2012-03-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001802"
},
{
"date": "2012-08-03T22:36:48",
"db": "PACKETSTORM",
"id": "115259"
},
{
"date": "2012-03-14T06:42:50",
"db": "PACKETSTORM",
"id": "110810"
},
{
"date": "2012-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-261"
},
{
"date": "2012-03-15T18:55:00.727000",
"db": "NVD",
"id": "CVE-2012-0229"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-03T00:00:00",
"db": "ZDI",
"id": "ZDI-12-133"
},
{
"date": "2012-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-1304"
},
{
"date": "2018-01-04T00:00:00",
"db": "VULMON",
"id": "CVE-2012-0229"
},
{
"date": "2015-03-19T09:48:00",
"db": "BID",
"id": "52437"
},
{
"date": "2012-03-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001802"
},
{
"date": "2012-03-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-261"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-0229"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "115259"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-261"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Intelligent Platforms Proficy Historian Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001802"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "04a7da74-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-261"
}
],
"trust": 0.8
}
}
VAR-201301-0371
Vulnerability from variot - Updated: 2025-04-11 23:12Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to read arbitrary files via a crafted packet. GE Intelligent Platforms is a software and hardware product, service and expertise for users in the field of automation control and embedded. GE Proficy CIMPLICITY is the PC configuration software. GE Proficy CIMPLICITY WebView CimWeb component (substitute.bcl) does not properly check input variables and send malicious packets to TCP port 80. Attackers can view and download files on the server through directory traversal attacks. The CIMPLICITY component is prone to a directory-traversal vulnerability and a remote command-execution vulnerability because it fails to properly validate user-supplied data. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: GE Intelligent Platforms Products Two Vulnerabilities
SECUNIA ADVISORY ID: SA51936
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51936/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51936
RELEASE DATE: 2013-01-24
DISCUSS ADVISORY: http://secunia.com/advisories/51936/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/51936/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51936
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Two vulnerabilities have been reported in GE Intelligent Platforms products, which can be exploited by malicious users to disclose certain sensitive information and compromise a vulnerable system.
2) An unspecified error exists in CimWebServer when processing packets and can be exploited to e.g. run arbitrary commands by sending a specially-crafted packet.
NOTE: CIMPLICITY built-in Web server component is not enabled by default.
The vulnerabilities are reported in the following products: * Proficy HMI/SCADA \x96 CIMPLICITY version 4.01 and greater * Proficy Process Systems with CIMPLICITY
SOLUTION: Apply updates (please see the vendor's advisory for details).
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: ICSA-13-022-02: http://www.us-cert.gov/control_systems/pdf/ICSA-13-022-02.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201301-0371",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "intelligent platforms proficy process systems with cimplicity",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": null
},
{
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "7.5"
},
{
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "4.01"
},
{
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "8.0"
},
{
"model": "intelligent platforms proficy process systems",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": null
},
{
"model": "proficy hmi/scada - cimplicity",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": "4.01 and later"
},
{
"model": "proficy process systems with cimplicity",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "electric proficy hmi/scada \\342\\200\\223 cimplicity",
"scope": "lte",
"trust": 0.6,
"vendor": "general",
"version": "\u003c=4.01"
},
{
"model": "electric proficy process systems with cimplicity",
"scope": null,
"trust": 0.6,
"vendor": "general",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi scada cimplicity",
"version": "4.01"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi scada cimplicity",
"version": "7.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi scada cimplicity",
"version": "8.0"
}
],
"sources": [
{
"db": "IVD",
"id": "1f593d28-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00503"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001289"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-447"
},
{
"db": "NVD",
"id": "CVE-2013-0653"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ge:intelligent_platforms_proficy_hmi%2Fscada_cimplicity",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ge:intelligent_platforms_proficy_process_systems_with_cimplicity",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001289"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vendor reported these issues.",
"sources": [
{
"db": "BID",
"id": "57505"
}
],
"trust": 0.3
},
"cve": "CVE-2013-0653",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2013-0653",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "1f593d28-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-0653",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-0653",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201301-447",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "1f593d28-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1f593d28-2353-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001289"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-447"
},
{
"db": "NVD",
"id": "CVE-2013-0653"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to read arbitrary files via a crafted packet. GE Intelligent Platforms is a software and hardware product, service and expertise for users in the field of automation control and embedded. GE Proficy CIMPLICITY is the PC configuration software. GE Proficy CIMPLICITY WebView CimWeb component (substitute.bcl) does not properly check input variables and send malicious packets to TCP port 80. Attackers can view and download files on the server through directory traversal attacks. The CIMPLICITY component is prone to a directory-traversal vulnerability and a remote command-execution vulnerability because it fails to properly validate user-supplied data. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nGE Intelligent Platforms Products Two Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA51936\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/51936/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51936\n\nRELEASE DATE:\n2013-01-24\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/51936/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/51936/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51936\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in GE Intelligent Platforms\nproducts, which can be exploited by malicious users to disclose\ncertain sensitive information and compromise a vulnerable system. \n\n2) An unspecified error exists in CimWebServer when processing\npackets and can be exploited to e.g. run arbitrary commands by\nsending a specially-crafted packet. \n\nNOTE: CIMPLICITY built-in Web server component is not enabled by\ndefault. \n\nThe vulnerabilities are reported in the following products:\n* Proficy HMI/SCADA \\x96 CIMPLICITY version 4.01 and greater\n* Proficy Process Systems with CIMPLICITY\n\nSOLUTION:\nApply updates (please see the vendor\u0027s advisory for details). \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nICSA-13-022-02:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-13-022-02.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0653"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001289"
},
{
"db": "CNVD",
"id": "CNVD-2013-00503"
},
{
"db": "BID",
"id": "57505"
},
{
"db": "IVD",
"id": "1f593d28-2353-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "119821"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-0653",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-13-022-02",
"trust": 3.4
},
{
"db": "BID",
"id": "57505",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-00503",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201301-447",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001289",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "51936",
"trust": 0.8
},
{
"db": "IVD",
"id": "1F593D28-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "119821",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "1f593d28-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00503"
},
{
"db": "BID",
"id": "57505"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001289"
},
{
"db": "PACKETSTORM",
"id": "119821"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-447"
},
{
"db": "NVD",
"id": "CVE-2013-0653"
}
]
},
"id": "VAR-201301-0371",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1f593d28-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00503"
}
],
"trust": 1.53748475
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "1f593d28-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00503"
}
]
},
"last_update_date": "2025-04-11T23:12:51.143000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Proficy HMI/SCADA - CIMPLICITY",
"trust": 0.8,
"url": "http://www.ge-ip.com/products/proficy-hmi-scada-cimplicity/p2819"
},
{
"title": "\u76e3\u8996\u5236\u5fa1\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2(SCADA) CIMPLICITY",
"trust": 0.8,
"url": "http://www.ge-ip.co.jp/cimpli-ta.html"
},
{
"title": "GE Proficy CIMPLICITY Directory Traversal Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/31211"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00503"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001289"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001289"
},
{
"db": "NVD",
"id": "CVE-2013-0653"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-13-022-02.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0653"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0653"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/51936"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/57505"
},
{
"trust": 0.3,
"url": "http://www.ge-ip.com/products/proficy-hmi-scada-cimplicity/p2819"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51936"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/51936/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/51936/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00503"
},
{
"db": "BID",
"id": "57505"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001289"
},
{
"db": "PACKETSTORM",
"id": "119821"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-447"
},
{
"db": "NVD",
"id": "CVE-2013-0653"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1f593d28-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00503"
},
{
"db": "BID",
"id": "57505"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001289"
},
{
"db": "PACKETSTORM",
"id": "119821"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-447"
},
{
"db": "NVD",
"id": "CVE-2013-0653"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-01-24T00:00:00",
"db": "IVD",
"id": "1f593d28-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2013-01-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-00503"
},
{
"date": "2013-01-22T00:00:00",
"db": "BID",
"id": "57505"
},
{
"date": "2013-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001289"
},
{
"date": "2013-01-25T03:08:56",
"db": "PACKETSTORM",
"id": "119821"
},
{
"date": "2013-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-447"
},
{
"date": "2013-01-27T18:55:03.460000",
"db": "NVD",
"id": "CVE-2013-0653"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-00503"
},
{
"date": "2013-01-22T00:00:00",
"db": "BID",
"id": "57505"
},
{
"date": "2013-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001289"
},
{
"date": "2013-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-447"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-0653"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201301-447"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Proficy CIMPLICITY Directory Traversal Vulnerability",
"sources": [
{
"db": "IVD",
"id": "1f593d28-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00503"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-447"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "1f593d28-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-447"
}
],
"trust": 0.8
}
}
VAR-201301-0372
Vulnerability from variot - Updated: 2025-04-11 23:12CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary commands or cause a denial of service (daemon crash) via a crafted packet. GE Intelligent Platforms is a software and hardware product, service and expertise for users in the field of automation control and embedded. GE Proficy CIMPLICITY is the PC configuration software. The CIMPLICITY component is prone to a directory-traversal vulnerability and a remote command-execution vulnerability because it fails to properly validate user-supplied data. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: GE Intelligent Platforms Products Two Vulnerabilities
SECUNIA ADVISORY ID: SA51936
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51936/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51936
RELEASE DATE: 2013-01-24
DISCUSS ADVISORY: http://secunia.com/advisories/51936/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/51936/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=51936
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Two vulnerabilities have been reported in GE Intelligent Platforms products, which can be exploited by malicious users to disclose certain sensitive information and compromise a vulnerable system.
1) An unspecified error exists within the WebView CimWeb component (substitute.bcl) and can be exploited to disclose arbitrary files via directory traversal attacks.
2) An unspecified error exists in CimWebServer when processing packets and can be exploited to e.g. run arbitrary commands by sending a specially-crafted packet.
NOTE: CIMPLICITY built-in Web server component is not enabled by default.
The vulnerabilities are reported in the following products: * Proficy HMI/SCADA \x96 CIMPLICITY version 4.01 and greater * Proficy Process Systems with CIMPLICITY
SOLUTION: Apply updates (please see the vendor's advisory for details).
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: ICSA-13-022-02: http://www.us-cert.gov/control_systems/pdf/ICSA-13-022-02.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201301-0372",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "7.5"
},
{
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "8.0"
},
{
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "4.01"
},
{
"model": "intelligent platforms proficy process systems with cimplicity",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": null
},
{
"model": "intelligent platforms proficy process systems",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": null
},
{
"model": "proficy hmi/scada - cimplicity",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": "4.01 and later"
},
{
"model": "proficy process systems with cimplicity",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "electric proficy hmi/scada \\342\\200\\223 cimplicity",
"scope": "lte",
"trust": 0.6,
"vendor": "general",
"version": "\u003c=4.01"
},
{
"model": "electric proficy process systems with cimplicity",
"scope": null,
"trust": 0.6,
"vendor": "general",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi scada cimplicity",
"version": "4.01"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi scada cimplicity",
"version": "7.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi scada cimplicity",
"version": "8.0"
}
],
"sources": [
{
"db": "IVD",
"id": "1f537014-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00506"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001290"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-448"
},
{
"db": "NVD",
"id": "CVE-2013-0654"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ge:intelligent_platforms_proficy_hmi%2Fscada_cimplicity",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ge:intelligent_platforms_proficy_process_systems_with_cimplicity",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001290"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vendor reported these issues.",
"sources": [
{
"db": "BID",
"id": "57505"
}
],
"trust": 0.3
},
"cve": "CVE-2013-0654",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2013-0654",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "1f537014-2353-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-0654",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-0654",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201301-448",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "1f537014-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1f537014-2353-11e6-abef-000c29c66e3d"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001290"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-448"
},
{
"db": "NVD",
"id": "CVE-2013-0654"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary commands or cause a denial of service (daemon crash) via a crafted packet. GE Intelligent Platforms is a software and hardware product, service and expertise for users in the field of automation control and embedded. GE Proficy CIMPLICITY is the PC configuration software. The CIMPLICITY component is prone to a directory-traversal vulnerability and a remote command-execution vulnerability because it fails to properly validate user-supplied data. Failed exploit attempts will result in a denial-of-service condition. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nGE Intelligent Platforms Products Two Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA51936\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/51936/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51936\n\nRELEASE DATE:\n2013-01-24\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/51936/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/51936/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51936\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nTwo vulnerabilities have been reported in GE Intelligent Platforms\nproducts, which can be exploited by malicious users to disclose\ncertain sensitive information and compromise a vulnerable system. \n\n1) An unspecified error exists within the WebView CimWeb component\n(substitute.bcl) and can be exploited to disclose arbitrary files via\ndirectory traversal attacks. \n\n2) An unspecified error exists in CimWebServer when processing\npackets and can be exploited to e.g. run arbitrary commands by\nsending a specially-crafted packet. \n\nNOTE: CIMPLICITY built-in Web server component is not enabled by\ndefault. \n\nThe vulnerabilities are reported in the following products:\n* Proficy HMI/SCADA \\x96 CIMPLICITY version 4.01 and greater\n* Proficy Process Systems with CIMPLICITY\n\nSOLUTION:\nApply updates (please see the vendor\u0027s advisory for details). \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nICSA-13-022-02:\nhttp://www.us-cert.gov/control_systems/pdf/ICSA-13-022-02.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-0654"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001290"
},
{
"db": "CNVD",
"id": "CNVD-2013-00506"
},
{
"db": "BID",
"id": "57505"
},
{
"db": "IVD",
"id": "1f537014-2353-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "119821"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-0654",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-13-022-02",
"trust": 3.4
},
{
"db": "BID",
"id": "57505",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2013-00506",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201301-448",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001290",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "51936",
"trust": 0.8
},
{
"db": "IVD",
"id": "1F537014-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "119821",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "1f537014-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00506"
},
{
"db": "BID",
"id": "57505"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001290"
},
{
"db": "PACKETSTORM",
"id": "119821"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-448"
},
{
"db": "NVD",
"id": "CVE-2013-0654"
}
]
},
"id": "VAR-201301-0372",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1f537014-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00506"
}
],
"trust": 1.53748475
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "1f537014-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00506"
}
]
},
"last_update_date": "2025-04-11T23:12:51.104000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Proficy HMI/SCADA - CIMPLICITY",
"trust": 0.8,
"url": "http://www.ge-ip.com/products/proficy-hmi-scada-cimplicity/p2819"
},
{
"title": "\u76e3\u8996\u5236\u5fa1\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2(SCADA) CIMPLICITY",
"trust": 0.8,
"url": "http://www.ge-ip.co.jp/cimpli-ta.html"
},
{
"title": "Patch for GE Proficy CIMPLICITY Command Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/31191"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00506"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001290"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-001290"
},
{
"db": "NVD",
"id": "CVE-2013-0654"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-13-022-02.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0654"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0654"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/51936"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/57505"
},
{
"trust": 0.3,
"url": "http://www.ge-ip.com/products/proficy-hmi-scada-cimplicity/p2819"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=51936"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/51936/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/51936/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00506"
},
{
"db": "BID",
"id": "57505"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001290"
},
{
"db": "PACKETSTORM",
"id": "119821"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-448"
},
{
"db": "NVD",
"id": "CVE-2013-0654"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1f537014-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00506"
},
{
"db": "BID",
"id": "57505"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-001290"
},
{
"db": "PACKETSTORM",
"id": "119821"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-448"
},
{
"db": "NVD",
"id": "CVE-2013-0654"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-01-24T00:00:00",
"db": "IVD",
"id": "1f537014-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2013-01-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-00506"
},
{
"date": "2013-01-22T00:00:00",
"db": "BID",
"id": "57505"
},
{
"date": "2013-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001290"
},
{
"date": "2013-01-25T03:08:56",
"db": "PACKETSTORM",
"id": "119821"
},
{
"date": "2013-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-448"
},
{
"date": "2013-01-27T18:55:03.493000",
"db": "NVD",
"id": "CVE-2013-0654"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-01-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-00506"
},
{
"date": "2013-01-22T00:00:00",
"db": "BID",
"id": "57505"
},
{
"date": "2013-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-001290"
},
{
"date": "2013-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-448"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-0654"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201301-448"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Proficy CIMPLICITY Command execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "1f537014-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-00506"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "1f537014-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-448"
}
],
"trust": 0.8
}
}