CVE-2016-5787
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
15/07/2016
Last modified:
12/04/2025
Description
General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors.
Impact
Base Score 3.x
6.30
Severity 3.x
MEDIUM
Base Score 2.0
4.60
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:* | 8.2 (excluding) | |
| cpe:2.3:a:ge:cimplicity:8.2:sim1:*:*:*:*:*:* | ||
| cpe:2.3:a:ge:cimplicity:8.2:sim10:*:*:*:*:*:* | ||
| cpe:2.3:a:ge:cimplicity:8.2:sim11:*:*:*:*:*:* | ||
| cpe:2.3:a:ge:cimplicity:8.2:sim12:*:*:*:*:*:* | ||
| cpe:2.3:a:ge:cimplicity:8.2:sim13:*:*:*:*:*:* | ||
| cpe:2.3:a:ge:cimplicity:8.2:sim14:*:*:*:*:*:* | ||
| cpe:2.3:a:ge:cimplicity:8.2:sim15:*:*:*:*:*:* | ||
| cpe:2.3:a:ge:cimplicity:8.2:sim16:*:*:*:*:*:* | ||
| cpe:2.3:a:ge:cimplicity:8.2:sim17:*:*:*:*:*:* | ||
| cpe:2.3:a:ge:cimplicity:8.2:sim18:*:*:*:*:*:* | ||
| cpe:2.3:a:ge:cimplicity:8.2:sim19:*:*:*:*:*:* | ||
| cpe:2.3:a:ge:cimplicity:8.2:sim2:*:*:*:*:*:* | ||
| cpe:2.3:a:ge:cimplicity:8.2:sim20:*:*:*:*:*:* | ||
| cpe:2.3:a:ge:cimplicity:8.2:sim21:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.securityfocus.com/bid/91727
- https://ge-ip.force.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-16-01
- https://ics-cert.us-cert.gov/advisories/ICSA-16-194-02
- http://www.securityfocus.com/bid/91727
- https://ge-ip.force.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-16-01
- https://ics-cert.us-cert.gov/advisories/ICSA-16-194-02