{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Proficy HMI/SCADA–CIMPLICITY", "vendor": "GE", "versions": [ { "lessThanOrEqual": "8.2", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Said Arfi" } ], "datePublic": "2015-01-13T07:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "

The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file.

" } ], "value": "The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file." } ], "metrics": [ { "cvssV2_0": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-10-03T17:01:02.978Z" }, "references": [ { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-289-02" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "

GE recommends that asset owners apply product updates to Proficy \nHMI/SCADA–CIMPLICITY Versions 8.1 and 8.2. The following product updates\n address the memory access violation vulnerability:

Proficy HMI/SCADA – CIMPLICITY 8.1 SIM 29 (DN4219) available at: http://support.ge-ip.com/support/index?page=dwchannel&id=DN4219

Proficy HMI/SCADA–CIMPLICITY 8.2 SIM 26 (DN4197) available at: http://support.ge-ip.com/support/index?page=dwchannel&id=DN4197

\n\n
" } ], "value": "GE recommends that asset owners apply product updates to Proficy \nHMI/SCADA–CIMPLICITY Versions 8.1 and 8.2. The following product updates\n address the memory access violation vulnerability:\n\nProficy HMI/SCADA – CIMPLICITY 8.1 SIM 29 (DN4219) available at:  http://support.ge-ip.com/support/index?page=dwchannel&id=DN4219 \n\nProficy HMI/SCADA–CIMPLICITY 8.2 SIM 26 (DN4197) available at:  http://support.ge-ip.com/support/index?page=dwchannel&id=DN4197" } ], "source": { "advisory": "ICSA-14-289-02", "discovery": "EXTERNAL" }, "title": "GE Proficy HMI/SCADA CIMPLICITY CimView", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "

In cases where upgrading is not feasible, GE advises asset owners \nusing CIMPLICITY versions prior to 8.1 to consider using the following \nrecommendations that may mitigate or eliminate the impact of the \nvulnerability:

\n\n\n
" } ], "value": "In cases where upgrading is not feasible, GE advises asset owners \nusing CIMPLICITY versions prior to 8.1 to consider using the following \nrecommendations that may mitigate or eliminate the impact of the \nvulnerability:\n\n\n\n * Take steps to properly secure and protect stored CIMPLICITY screen files (.CIM).\n\n * Avoid using .CIM files received from unknown sources.\n\n * Avoid sending unprotected .CIM files over unencrypted networks or public Internet.\n\n * Consider using a strong hashing algorithm to validate integrity of \ncreated .CIM files and ensure they have not been tampered with over \ntime." } ], "x_generator": { "engine": "Vulnogram 0.2.0" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2014-2355", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-289-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-289-02" } ] } } }, "adp": [ { "providerMetadata": { "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:14:25.389Z" }, "title": "CVE Program Container", "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-289-02" } ] } ] }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2014-2355", "datePublished": "2015-01-17T02:00:00.000Z", "dateReserved": "2014-03-13T00:00:00.000Z", "dateUpdated": "2025-10-03T17:01:02.978Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }