Skip to main content

Cimplicity

12 CVEs product

Monthly

CVE-2023-4487 HIGH This Week

GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cimplicity
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-3463 CRITICAL Act Now

All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Cimplicity
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2022-3092 HIGH This Week

GE CIMPICITY versions 2022 and prior is vulnerable to an out-of-bounds write, which could allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Cimplicity
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-3084 HIGH This Week

GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Cimplicity
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-2952 HIGH This Week

GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Cimplicity
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-2948 HIGH This Week

GE CIMPICITY versions 2022 and prior is vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow RCE Buffer Overflow Cimplicity
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-2002 HIGH This Week

GE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Cimplicity
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-21798 CRITICAL Act Now

The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cimplicity
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2020-6992 MEDIUM This Month

A local privilege escalation vulnerability has been identified in the GE Digital CIMPLICITY HMI/SCADA product v10.0 and prior. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cimplicity
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2018-15362 CRITICAL Act Now

XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Cimplicity
NVD
CVSS 3.0
9.1
EPSS
2.7%
CVE-2016-9360 MEDIUM This Month

An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian. Rated medium severity (CVSS 6.7). No vendor patch available.

Information Disclosure Cimplicity Historian Ifix
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2016-5787 MEDIUM This Month

General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cimplicity
NVD
CVSS 3.1
6.3
EPSS
0.2%
EPSS 0% CVSS 7.8
HIGH This Week

GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cimplicity
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

GE CIMPICITY versions 2022 and prior is vulnerable to an out-of-bounds write, which could allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Cimplicity
NVD
EPSS 0% CVSS 7.8
HIGH This Week

GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Cimplicity
NVD
EPSS 0% CVSS 7.8
HIGH This Week

GE CIMPICITY versions 2022 and prior is vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow RCE Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

GE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Cimplicity
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cimplicity
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A local privilege escalation vulnerability has been identified in the GE Digital CIMPLICITY HMI/SCADA product v10.0 and prior. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cimplicity
NVD
EPSS 3% CVSS 9.1
CRITICAL Act Now

XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Cimplicity
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian. Rated medium severity (CVSS 6.7). No vendor patch available.

Information Disclosure Cimplicity Historian +1
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cimplicity
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy