CVE-2017-12732
MEDIUMGE CIMPLICITY < 9.0 - Stack-based Buffer Overflow via Packet Length Mismatch
Title source: llmDescription
A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101174
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-278-01
Scores
CVSS v3
6.8
EPSS
0.0075
EPSS Percentile
50.3%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
CWE-121
Status
published
Products (2)
ge/intelligent_platforms_proficy_hmi\/scada_cimplicity
< 9.0
n/a/GE CIMPLICITY
GE CIMPLICITY
Published
Oct 05, 2017
Tracked Since
Feb 18, 2026