CVE-2014-0751
EXPLOITEDGE Proficy HMI/SCADA CIMPLICITY < 8.2 - Arbitrary File Write via CimWebServer Shell File Upload
Title source: llmExploitation Summary
CVE-2014-0751 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
The CIMPLICITY Web-based access component, CimWebServer, does not check the location of shell files being loaded into the system. By modifying the source location, an attacker could send shell code to the CimWebServer which would deploy the nefarious files as part of any SCADA project. This could allow the attacker to execute arbitrary code.
References (6)
Core 6
Core References
Various Sources
http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01
Vendor Advisory
http://support.ge-ip.com/support/index?page=kbchannel&id=KB15940
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-14-023-01
Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/65117
Various Sources x_refsource_confirm
http://support.ge-ip.com/support/index?page=kbchannel&id=KB15939
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/65124
Scores
EPSS
0.0306
EPSS Percentile
86.0%
Details
VulnCheck KEV
2014-12-10
CWE
CWE-22
Status
published
Products (9)
ge/intelligent_platforms_proficy_hmi\%2fscada_cimplicity
< 8.2
ge/intelligent_platforms_proficy_hmi\/scada_cimplicity
4.01
ge/intelligent_platforms_proficy_hmi\/scada_cimplicity
7.5
ge/intelligent_platforms_proficy_hmi\/scada_cimplicity
8.0
ge/intelligent_platforms_proficy_hmi\/scada_cimplicity
8.1
ge/intelligent_platforms_proficy_hmi\/scada_cimplicity
8.2
ge/intelligent_platforms_proficy_process_systems_with_cimplicity
GE/Proficy HMI/SCADA - CIMPLICITY
4.01 - 8.2
GE/Proficy Process Systems with CIMPLICITY
all versions
Published
Jan 25, 2014
Tracked Since
Feb 18, 2026