GE Proficy Vulnerabilities

Friday, January 24, 2014 @ 11:01 AM gHale

There are two vulnerabilities in the General Electric (GE) Proficy human-machine interface/supervisory control and data acquisition (HMI/SCADA) — CIMPLICITY application, according to a report on ICS-CERT.

GE created an update that mitigates one vulnerability and made configuration changes to mitigate the other.

RELATED STORIES
S4 Report: Ecava Vulnerability
WellinTech Fixes Two Vulnerabilities
Schneider Fixes ClearSCADA Vulnerability
Ecava Fixes Project Directory Hole

In addition, GE released security advisories, GEIP13-05 and GEIP13-06, to inform users about these remotely exploitable vulnerabilities discovered by researchers amisto0x07 and Z0mb1E of Zero Day Initiative (ZDI).

The following GE Intelligent Platforms products suffer from the vulnerabilities:
• Proficy HMI/SCADA — CIMPLICITY, Version 4.01 to 8.2, and
• Proficy Process Systems with CIMPLICITY.

CIMPLICITY CimWebServer does not check the location of the shell files that may allow an unauthenticated user to load shell code from a remote location rather than the default local directory.

GE is a U.S.-based company that maintains offices in several countries around the world.

Proficy HMI/SCADA — CIMPLICITY is a Client/Server-based HMI/SCADA application, which deploys across multiple industries.

The gefebt.exe component supplied with CIMPLICITY CimWebServer does not check the location of shell files loaded into the system. By modifying the source location, an attacker could send shell code to the CimWebServer, which would deploy the nefarious files as a server-side script. This could allow the attacker to execute arbitrary code.

CVE-2014-0750 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 7.5.

The CIMPLICITY Web-based access component, CimWebServer, does not check the location of shell files loaded into the system. By modifying the source location, an attacker could send shell code to the CimWebServer which would deploy the nefarious files as part of any SCADA project. This could allow the attacker to execute arbitrary code.

CVE-2014-0751 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 6.8.

No known public exploits specifically target these vulnerabilities. An attacker with a moderate skill would be able to exploit these vulnerabilities.

GEIP13-05: To address this vulnerability, all copies of the gefebt.exe files accessible from a Web client must end up deleted or moved, so they are inaccessible. If the production Web configuration currently relies on gefebt.exe, changes to the server’s Web pages may also be desirable.

The GE Product Security Advisory will provide additional guidance.

GEIP13-06: Click here to download Proficy HMI/SCADA — CIMPLICITY 8.2 SIM 24.

Click here to view the GE Product Security Advisory.



Leave a Reply

You must be logged in to post a comment.