CVE-2013-0653

GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01-8.0 - Path Traversal via WebView CimWeb Substitute.bcl

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-0653. PoCs published by Unknown, juan vazquez, including Metasploit module auxiliary/admin/scada/ge_proficy_substitute_traversal.

AI-analyzed exploit summary This Metasploit module exploits a directory traversal vulnerability in GE Proficy Cimplicity WebView (gefebt.exe) to retrieve arbitrary files with SYSTEM privileges. It sends a crafted HTTP request to traverse directories and exfiltrate file contents.

Description

Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to read arbitrary files via a crafted packet.

Exploits (1)

metasploit WORKING POC
by Unknown, juan vazquez · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/scada/ge_proficy_substitute_traversal.rb

This Metasploit module exploits a directory traversal vulnerability in GE Proficy Cimplicity WebView (gefebt.exe) to retrieve arbitrary files with SYSTEM privileges. It sends a crafted HTTP request to traverse directories and exfiltrate file contents.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: GE Proficy Cimplicity 7.5
No auth needed
Prerequisites: Network access to the target's WebView component (port 80 by default)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
US Government Resource x_refsource_misc
http://www.us-cert.gov/control_systems/pdf/ICSA-13-022-02.pdf

Scores

EPSS 0.0954
EPSS Percentile 93.1%

Details

CWE
CWE-22
Status published
Products (5)
ge/intelligent_platforms_proficy_hmi\/scada_cimplicity 4.01
ge/intelligent_platforms_proficy_hmi\/scada_cimplicity 7.5
ge/intelligent_platforms_proficy_hmi\/scada_cimplicity 8.0
ge/intelligent_platforms_proficy_process_systems
ge/intelligent_platforms_proficy_process_systems_with_cimplicity
Published Jan 27, 2013
Tracked Since Feb 18, 2026