CVE-2014-0751

{"id": "CVE-2014-0751", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-01-25T22:55:04.583", "references": [{"url": "http://support.ge-ip.com/support/index?page=kbchannel&id=KB15939", "source": "ics-cert@hq.dhs.gov"}, {"url": "http://www.securityfocus.com/bid/65124", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-023-01", "source": "ics-cert@hq.dhs.gov"}, {"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://support.ge-ip.com/support/index?page=kbchannel&id=KB15940", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/65117", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "The CIMPLICITY Web-based access component, CimWebServer, does not check \nthe location of shell files being loaded into the system. By modifying \nthe source location, an attacker could send shell code to the \nCimWebServer which would deploy the nefarious files as part of any SCADA\n project. This could allow the attacker to execute arbitrary code."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en CimWebServer.exe (tambi\u00e9n conocido como el componente WebView) en GE Intelligent Platforms Proficy HMI / SCADA - CIMPLICITY anterior a 8.2 SIM 24 y Proficy Process con CIMPLICITY, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un mensaje manipulado a puerto TCP 10212 , tambi\u00e9n conocido como ZDI-CAN-1623."}], "lastModified": "2025-08-22T23:15:30.233", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\%2fscada_cimplicity:*:sim24:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C5EDB9D-01CD-4843-86CD-C834B726ACF1", "versionEndIncluding": "8.2"}, {"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:4.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C0B8CA7-2161-4603-B844-DE6C079DF36F"}, {"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3BACB11-5CD3-4CA6-9C56-D71628CADF0F"}, {"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90538C50-38BD-4EE5-BD30-96E2E2951FE3"}, {"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB261867-B9B1-4D3D-B2DE-3CC3164EFD06"}, {"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\\/scada_cimplicity:8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "559DCD7A-0745-4D4C-A77A-83240EF6C510"}, {"criteria": "cpe:2.3:a:ge:intelligent_platforms_proficy_process_systems_with_cimplicity:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD9711EA-2C95-41FA-8827-01FCB0ED4B06"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}