CVE-2014-0750

Intelligent Platforms Proficy Hmi%2fscada Cimplicity - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP request, aka ZDI-CAN-1622.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/31987

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by amisto0x07, Z0mb1E, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/scada/ge_proficy_cimplicity_gefebt.rb

View Code ZIP pw:eip

References (4)

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-advisories/icsa-14-023-01

[US Government Resource] http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01

[Vendor Advisory] http://support.ge-ip.com/support/index?page=kbchannel&id=KB15939

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/65124

Scores

EPSS 0.3756

EPSS Percentile 97.2%

Details

CWE

CWE-22

Status published

Products (9)

ge/intelligent_platforms_proficy_hmi\%2fscada_cimplicity < 8.2

ge/intelligent_platforms_proficy_hmi\/scada_cimplicity 4.01

ge/intelligent_platforms_proficy_hmi\/scada_cimplicity 7.5

ge/intelligent_platforms_proficy_hmi\/scada_cimplicity 8.0

ge/intelligent_platforms_proficy_hmi\/scada_cimplicity 8.1

ge/intelligent_platforms_proficy_hmi\/scada_cimplicity 8.2

ge/intelligent_platforms_proficy_process_systems_with_cimplicity

GE/Proficy HMI/SCADA - CIMPLICITY 4.01 - 8.2

GE/Proficy Process Systems with CIMPLICITY all versions

Published Jan 25, 2014

Tracked Since Feb 18, 2026