Vulnerability Details : CVE-2014-0750
Public exploit exists!
Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP request, aka ZDI-CAN-1622.
Vulnerability category: Directory traversalExecute code
Exploit prediction scoring system (EPSS) score for CVE-2014-0750
38.70%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2014-0750
-
GE Proficy CIMPLICITY gefebt.exe Remote Code Execution
Disclosure Date: 2014-01-23First seen: 2020-04-26exploit/windows/scada/ge_proficy_cimplicity_gefebtThis module abuses the gefebt.exe component in GE Proficy CIMPLICITY, reachable through the CIMPLICIY CimWebServer. The vulnerable component allows to execute remote BCL files in shared resources. An attacker can abuse this behavior to execute a malicious BCL and dro
CVSS scores for CVE-2014-0750
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2014-0750
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0750
-
http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01
GE Proficy Vulnerabilities | CISAUS Government Resource
-
http://support.ge-ip.com/support/index?page=kbchannel&id=KB15939
GE Customer CenterVendor Advisory
-
http://www.securityfocus.com/bid/65124
Multiple Generel Electric Products 'gefebt.exe' Shell Upload Vulnerability
Products affected by CVE-2014-0750
- cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\/scada_cimplicity:4.01:*:*:*:*:*:*:*
- cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\/scada_cimplicity:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\/scada_cimplicity:7.5:*:*:*:*:*:*:*
- cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\/scada_cimplicity:8.1:*:*:*:*:*:*:*
- cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\/scada_cimplicity:8.2:*:*:*:*:*:*:*
- cpe:2.3:a:ge:intelligent_platforms_proficy_process_systems_with_cimplicity:-:*:*:*:*:*:*:*
- GE » Intelligent Platforms Proficy Hmi%2fscada Cimplicity » Update Sim24Versions up to, including, (<=) 8.2cpe:2.3:a:ge:intelligent_platforms_proficy_hmi\%2fscada_cimplicity:*:sim24:*:*:*:*:*:*