CVE-2016-5787

Опубликовано: 15 июл. 2016

Источник: nvd

CVSS3: 6.3

CVSS2: 4.6

EPSS Низкий

Описание

General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors.

Ссылки

http://www.securityfocus.com/bid/91727
Broken Link
Third Party Advisory
VDB Entry
https://ge-ip.force.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-16-01
Permissions Required
Vendor Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-16-194-02
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/91727
Broken Link
Third Party Advisory
VDB Entry
https://ge-ip.force.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-16-01
Permissions Required
Vendor Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-16-194-02
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:*

Версия до 8.2 (исключая)

cpe:2.3:a:ge:cimplicity:8.2:sim1:*:*:*:*:*:*

cpe:2.3:a:ge:cimplicity:8.2:sim10:*:*:*:*:*:*

cpe:2.3:a:ge:cimplicity:8.2:sim11:*:*:*:*:*:*

cpe:2.3:a:ge:cimplicity:8.2:sim12:*:*:*:*:*:*

cpe:2.3:a:ge:cimplicity:8.2:sim13:*:*:*:*:*:*

cpe:2.3:a:ge:cimplicity:8.2:sim14:*:*:*:*:*:*

cpe:2.3:a:ge:cimplicity:8.2:sim15:*:*:*:*:*:*

cpe:2.3:a:ge:cimplicity:8.2:sim16:*:*:*:*:*:*

cpe:2.3:a:ge:cimplicity:8.2:sim17:*:*:*:*:*:*

cpe:2.3:a:ge:cimplicity:8.2:sim18:*:*:*:*:*:*

cpe:2.3:a:ge:cimplicity:8.2:sim19:*:*:*:*:*:*

cpe:2.3:a:ge:cimplicity:8.2:sim2:*:*:*:*:*:*

cpe:2.3:a:ge:cimplicity:8.2:sim20:*:*:*:*:*:*

cpe:2.3:a:ge:cimplicity:8.2:sim21:*:*:*:*:*:*

cpe:2.3:a:ge:cimplicity:8.2:sim22:*:*:*:*:*:*

cpe:2.3:a:ge:cimplicity:8.2:sim23:*:*:*:*:*:*

cpe:2.3:a:ge:cimplicity:8.2:sim24:*:*:*:*:*:*

cpe:2.3:a:ge:cimplicity:8.2:sim25:*:*:*:*:*:*

cpe:2.3:a:ge:cimplicity:8.2:sim26:*:*:*:*:*:*

cpe:2.3:a:ge:cimplicity:8.2:sim3:*:*:*:*:*:*

cpe:2.3:a:ge:cimplicity:8.2:sim4:*:*:*:*:*:*

cpe:2.3:a:ge:cimplicity:8.2:sim5:*:*:*:*:*:*

cpe:2.3:a:ge:cimplicity:8.2:sim6:*:*:*:*:*:*

cpe:2.3:a:ge:cimplicity:8.2:sim7:*:*:*:*:*:*

cpe:2.3:a:ge:cimplicity:8.2:sim8:*:*:*:*:*:*

cpe:2.3:a:ge:cimplicity:8.2:sim9:*:*:*:*:*:*

EPSS

Процентиль: 27%

0.00093

Низкий

6.3 Medium

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-668

Связанные уязвимости

GHSA-76q4-6gm8-m28c