CVE-2014-0751

EXPLOITED

GE Proficy HMI/SCADA CIMPLICITY < 8.2 - Arbitrary File Write via CimWebServer Shell File Upload

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2014-0751 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

The CIMPLICITY Web-based access component, CimWebServer, does not check the location of shell files being loaded into the system. By modifying the source location, an attacker could send shell code to the CimWebServer which would deploy the nefarious files as part of any SCADA project. This could allow the attacker to execute arbitrary code.

References (6)

Core 6
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-14-023-01
Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/65117
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/65124

Scores

EPSS 0.0306
EPSS Percentile 86.0%

Details

VulnCheck KEV 2014-12-10
CWE
CWE-22
Status published
Products (9)
ge/intelligent_platforms_proficy_hmi\%2fscada_cimplicity < 8.2
ge/intelligent_platforms_proficy_hmi\/scada_cimplicity 4.01
ge/intelligent_platforms_proficy_hmi\/scada_cimplicity 7.5
ge/intelligent_platforms_proficy_hmi\/scada_cimplicity 8.0
ge/intelligent_platforms_proficy_hmi\/scada_cimplicity 8.1
ge/intelligent_platforms_proficy_hmi\/scada_cimplicity 8.2
ge/intelligent_platforms_proficy_process_systems_with_cimplicity
GE/Proficy HMI/SCADA - CIMPLICITY 4.01 - 8.2
GE/Proficy Process Systems with CIMPLICITY all versions
Published Jan 25, 2014
Tracked Since Feb 18, 2026