CVE-2016-5787

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 15-07-2016 06:59

Last modified: - 03-02-2022 08:46

Total changes: - 2

Description

General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Low

Attack complexity

Local

Attack vector

Low

Availability

Low

Confidentiality

Low

Integrity

Low

Privileges required

Changed

Scope

None

User interaction

6.3

Base score

2.0

3.7

Exploitability score

Impact score

Verification logic

vendor=ge AND product=cimplicity AND versionEndExcluding=8.2

vendor=ge AND product=cimplicity AND version=8.2 AND update=sim1

vendor=ge AND product=cimplicity AND version=8.2 AND update=sim10

vendor=ge AND product=cimplicity AND version=8.2 AND update=sim11

vendor=ge AND product=cimplicity AND version=8.2 AND update=sim12

vendor=ge AND product=cimplicity AND version=8.2 AND update=sim13

vendor=ge AND product=cimplicity AND version=8.2 AND update=sim14

vendor=ge AND product=cimplicity AND version=8.2 AND update=sim15

vendor=ge AND product=cimplicity AND version=8.2 AND update=sim16

vendor=ge AND product=cimplicity AND version=8.2 AND update=sim17

vendor=ge AND product=cimplicity AND version=8.2 AND update=sim18

vendor=ge AND product=cimplicity AND version=8.2 AND update=sim19

vendor=ge AND product=cimplicity AND version=8.2 AND update=sim2

vendor=ge AND product=cimplicity AND version=8.2 AND update=sim20

vendor=ge AND product=cimplicity AND version=8.2 AND update=sim21

vendor=ge AND product=cimplicity AND version=8.2 AND update=sim22

vendor=ge AND product=cimplicity AND version=8.2 AND update=sim23

vendor=ge AND product=cimplicity AND version=8.2 AND update=sim24

vendor=ge AND product=cimplicity AND version=8.2 AND update=sim25

vendor=ge AND product=cimplicity AND version=8.2 AND update=sim26

vendor=ge AND product=cimplicity AND version=8.2 AND update=sim3

vendor=ge AND product=cimplicity AND version=8.2 AND update=sim4

vendor=ge AND product=cimplicity AND version=8.2 AND update=sim5

vendor=ge AND product=cimplicity AND version=8.2 AND update=sim6

vendor=ge AND product=cimplicity AND version=8.2 AND update=sim7

vendor=ge AND product=cimplicity AND version=8.2 AND update=sim8

vendor=ge AND product=cimplicity AND version=8.2 AND update=sim9

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-16-194-02
https://ge-ip.force.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-16-01
91727-Broken Link, Third Party Advisory, VDB Entry

Keywords

CVE-2016-5787

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2016-5787

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures