CVE-2013-0653

Intelligent Platforms Proficy Hmi/scada Cimplicity - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to read arbitrary files via a crafted packet.

Exploits (1)

metasploit WORKING POC

by Unknown, juan vazquez · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/scada/ge_proficy_substitute_traversal.rb

View Code ZIP pw:eip

References (1)

[US Government Resource] http://www.us-cert.gov/control_systems/pdf/ICSA-13-022-02.pdf

Scores

EPSS 0.0954

EPSS Percentile 92.9%

Details

CWE

CWE-22

Status published

Products (5)

ge/intelligent_platforms_proficy_hmi\/scada_cimplicity 4.01

ge/intelligent_platforms_proficy_hmi\/scada_cimplicity 7.5

ge/intelligent_platforms_proficy_hmi\/scada_cimplicity 8.0

ge/intelligent_platforms_proficy_process_systems

ge/intelligent_platforms_proficy_process_systems_with_cimplicity

Published Jan 27, 2013

Tracked Since Feb 18, 2026