CVE-2016-5787

General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors.

CVSS v3 6.3 MEDIUM
CVSS v2.0 4.6 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.0 / Impact : 3.7

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/91727	Broken Link Third Party Advisory VDB Entry
https://ge-ip.force.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-16-01	Permissions Required Vendor Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-16-194-02	Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/91727	Broken Link Third Party Advisory VDB Entry
https://ge-ip.force.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-16-01	Permissions Required Vendor Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-16-194-02	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ge:cimplicity::::::::
	cpe:2.3:a:ge:cimplicity:8.2:sim1::::::
	cpe:2.3:a:ge:cimplicity:8.2:sim10::::::
	cpe:2.3:a:ge:cimplicity:8.2:sim11::::::
	cpe:2.3:a:ge:cimplicity:8.2:sim12::::::
	cpe:2.3:a:ge:cimplicity:8.2:sim13::::::
	cpe:2.3:a:ge:cimplicity:8.2:sim14::::::
	cpe:2.3:a:ge:cimplicity:8.2:sim15::::::
	cpe:2.3:a:ge:cimplicity:8.2:sim16::::::
	cpe:2.3:a:ge:cimplicity:8.2:sim17::::::
	cpe:2.3:a:ge:cimplicity:8.2:sim18::::::
	cpe:2.3:a:ge:cimplicity:8.2:sim19::::::
	cpe:2.3:a:ge:cimplicity:8.2:sim2::::::
	cpe:2.3:a:ge:cimplicity:8.2:sim20::::::
	cpe:2.3:a:ge:cimplicity:8.2:sim21::::::
	cpe:2.3:a:ge:cimplicity:8.2:sim22::::::
	cpe:2.3:a:ge:cimplicity:8.2:sim23::::::
	cpe:2.3:a:ge:cimplicity:8.2:sim24::::::
	cpe:2.3:a:ge:cimplicity:8.2:sim25::::::
	cpe:2.3:a:ge:cimplicity:8.2:sim26::::::
	cpe:2.3:a:ge:cimplicity:8.2:sim3::::::
	cpe:2.3:a:ge:cimplicity:8.2:sim4::::::
	cpe:2.3:a:ge:cimplicity:8.2:sim5::::::
	cpe:2.3:a:ge:cimplicity:8.2:sim6::::::
	cpe:2.3:a:ge:cimplicity:8.2:sim7::::::
	cpe:2.3:a:ge:cimplicity:8.2:sim8::::::
	cpe:2.3:a:ge:cimplicity:8.2:sim9::::::

History

21 Nov 2024, 02:55

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/bid/91727 - Broken Link, Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/91727 - Broken Link, Third Party Advisory, VDB Entry
References	~~() https://ge-ip.force.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-16-01 - Permissions Required, Vendor Advisory~~	() https://ge-ip.force.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-16-01 - Permissions Required, Vendor Advisory
References	~~() https://ics-cert.us-cert.gov/advisories/ICSA-16-194-02 - Third Party Advisory, US Government Resource~~	() https://ics-cert.us-cert.gov/advisories/ICSA-16-194-02 - Third Party Advisory, US Government Resource

03 Feb 2022, 19:46

Type	Values Removed	Values Added
CVSS	v2 : ~~4.6~~ v3 : ~~5.7~~	v2 : 4.6 v3 : 6.3
CPE	cpe:2.3:a:general_electric:cimplicity::sim_26::::::*	cpe:2.3:a:ge:cimplicity:8.2:sim11:::::: cpe:2.3:a:ge:cimplicity:::::::: cpe:2.3:a:ge:cimplicity:8.2:sim18:::::: cpe:2.3:a:ge:cimplicity:8.2:sim7:::::: cpe:2.3:a:ge:cimplicity:8.2:sim13:::::: cpe:2.3:a:ge:cimplicity:8.2:sim12:::::: cpe:2.3:a:ge:cimplicity:8.2:sim4:::::: cpe:2.3:a:ge:cimplicity:8.2:sim19:::::: cpe:2.3:a:ge:cimplicity:8.2:sim2:::::: cpe:2.3:a:ge:cimplicity:8.2:sim23:::::: cpe:2.3:a:ge:cimplicity:8.2:sim14:::::: cpe:2.3:a:ge:cimplicity:8.2:sim16:::::: cpe:2.3:a:ge:cimplicity:8.2:sim24:::::: cpe:2.3:a:ge:cimplicity:8.2:sim20:::::: cpe:2.3:a:ge:cimplicity:8.2:sim6:::::: cpe:2.3:a:ge:cimplicity:8.2:sim25:::::: cpe:2.3:a:ge:cimplicity:8.2:sim15:::::: cpe:2.3:a:ge:cimplicity:8.2:sim8:::::: cpe:2.3:a:ge:cimplicity:8.2:sim1:::::: cpe:2.3:a:ge:cimplicity:8.2:sim21:::::: cpe:2.3:a:ge:cimplicity:8.2:sim26:::::: cpe:2.3:a:ge:cimplicity:8.2:sim22:::::: cpe:2.3:a:ge:cimplicity:8.2:sim9:::::: cpe:2.3:a:ge:cimplicity:8.2:sim3:::::: cpe:2.3:a:ge:cimplicity:8.2:sim17:::::: cpe:2.3:a:ge:cimplicity:8.2:sim5:::::: cpe:2.3:a:ge:cimplicity:8.2:sim10::::::
CWE	~~CWE-284~~	CWE-668
References	~~(CONFIRM) https://ge-ip.force.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-16-01 -~~	(CONFIRM) https://ge-ip.force.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-16-01 - Permissions Required, Vendor Advisory
References	~~(BID) http://www.securityfocus.com/bid/91727 -~~	(BID) http://www.securityfocus.com/bid/91727 - Broken Link, Third Party Advisory, VDB Entry

Information

Published : 2016-07-15 16:59

Updated : 2024-11-21 02:55

NVD link : CVE-2016-5787

Mitre link : CVE-2016-5787

CVE.ORG link : CVE-2016-5787

JSON object : View

Products Affected

cimplicity

CWE

CWE-668

Exposure of Resource to Wrong Sphere

6.3 /10