CVE-2016-9360

MEDIUM

GE Proficy <5.8 SIM 13 - Info Disclosure

Title source: llm

Description

An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/95630

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1037809

[Mitigation, Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A

Scores

CVSS v3 6.7

EPSS 0.0016

EPSS Percentile 36.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L

Classification

CWE

CWE-522

Status draft

Affected Products (3)

ge/cimplicity < 9.0

ge/historian < 6.0

ge/ifix < 5.8

Timeline

Published Feb 13, 2017

Tracked Since Feb 18, 2026