fkie_nvd - fkie_cve-2016-5787

fkie_cve-2016-5787

Vulnerability from fkie_nvd

Published

2016-07-15 16:59

Modified

2025-04-12 10:46

Severity ?

6.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Summary

General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors.

References

URL	Tags
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/91727	Broken Link, Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://ge-ip.force.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-16-01	Permissions Required, Vendor Advisory
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSA-16-194-02	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/91727	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ge-ip.force.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-16-01	Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-16-194-02	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
ge	cimplicity	*
ge	cimplicity	8.2
ge	cimplicity	8.2
ge	cimplicity	8.2
ge	cimplicity	8.2
ge	cimplicity	8.2
ge	cimplicity	8.2
ge	cimplicity	8.2
ge	cimplicity	8.2
ge	cimplicity	8.2
ge	cimplicity	8.2
ge	cimplicity	8.2
ge	cimplicity	8.2
ge	cimplicity	8.2
ge	cimplicity	8.2
ge	cimplicity	8.2
ge	cimplicity	8.2
ge	cimplicity	8.2
ge	cimplicity	8.2
ge	cimplicity	8.2
ge	cimplicity	8.2
ge	cimplicity	8.2
ge	cimplicity	8.2
ge	cimplicity	8.2
ge	cimplicity	8.2
ge	cimplicity	8.2
ge	cimplicity	8.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D612AFA-8D00-4BD8-805F-CF0F081CE58C",
              "versionEndExcluding": "8.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:cimplicity:8.2:sim1:*:*:*:*:*:*",
              "matchCriteriaId": "35CA3DDA-4A19-4387-B8C5-675985E5039E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:cimplicity:8.2:sim10:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED995F-8528-42EC-BFD3-E0A042565AB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:cimplicity:8.2:sim11:*:*:*:*:*:*",
              "matchCriteriaId": "9BDA2D7C-B50E-44AB-AF5C-56208C1E54AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:cimplicity:8.2:sim12:*:*:*:*:*:*",
              "matchCriteriaId": "1B2A334B-2DFA-486D-B6D9-ABCCD0247FD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:cimplicity:8.2:sim13:*:*:*:*:*:*",
              "matchCriteriaId": "E7A22369-313E-4088-9514-B01368F764C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:cimplicity:8.2:sim14:*:*:*:*:*:*",
              "matchCriteriaId": "5CFD955C-4298-446C-9286-7B0D84509191",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:cimplicity:8.2:sim15:*:*:*:*:*:*",
              "matchCriteriaId": "68551205-68AF-4757-90CC-15161BC7384E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:cimplicity:8.2:sim16:*:*:*:*:*:*",
              "matchCriteriaId": "94FD0998-A644-445F-9DA7-A857A981CC24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:cimplicity:8.2:sim17:*:*:*:*:*:*",
              "matchCriteriaId": "D96AC352-07AE-41A5-9805-080DF9DD4B2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:cimplicity:8.2:sim18:*:*:*:*:*:*",
              "matchCriteriaId": "419CD7DE-CCA1-4547-8339-748B840489F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:cimplicity:8.2:sim19:*:*:*:*:*:*",
              "matchCriteriaId": "FC1E1F21-9BC7-4ACA-91ED-4D4AECF1672F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:cimplicity:8.2:sim2:*:*:*:*:*:*",
              "matchCriteriaId": "BDB6AC3A-82C8-4C49-8B54-CF6684529CC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:cimplicity:8.2:sim20:*:*:*:*:*:*",
              "matchCriteriaId": "D4D0541D-E2E1-406F-AF2B-B482C07FD55D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:cimplicity:8.2:sim21:*:*:*:*:*:*",
              "matchCriteriaId": "5A652C12-24BB-4CF6-9C28-35FE350CF403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:cimplicity:8.2:sim22:*:*:*:*:*:*",
              "matchCriteriaId": "A6B4ED3A-56E1-439D-8573-16CF442B45FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:cimplicity:8.2:sim23:*:*:*:*:*:*",
              "matchCriteriaId": "FD9B715D-48C1-4F44-8EE4-C10828B1EE8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:cimplicity:8.2:sim24:*:*:*:*:*:*",
              "matchCriteriaId": "F33C2217-650A-4969-9006-471D869D63AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:cimplicity:8.2:sim25:*:*:*:*:*:*",
              "matchCriteriaId": "8331490A-A63D-4903-9CD6-D687EA1F6DA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:cimplicity:8.2:sim26:*:*:*:*:*:*",
              "matchCriteriaId": "BD71870C-1213-4369-804A-5E67C79C5B1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:cimplicity:8.2:sim3:*:*:*:*:*:*",
              "matchCriteriaId": "75F41815-D16F-4C29-B1DF-E5F956FD464F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:cimplicity:8.2:sim4:*:*:*:*:*:*",
              "matchCriteriaId": "6BF44E77-00D5-471C-A4AF-E7A905BA299E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:cimplicity:8.2:sim5:*:*:*:*:*:*",
              "matchCriteriaId": "0995915D-025A-46E6-8E2F-237E33369E75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:cimplicity:8.2:sim6:*:*:*:*:*:*",
              "matchCriteriaId": "ABBDCBBB-AD6A-4752-9C07-22C4B6494057",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:cimplicity:8.2:sim7:*:*:*:*:*:*",
              "matchCriteriaId": "A0D0F15D-849A-4344-8725-7996CA9DACA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:cimplicity:8.2:sim8:*:*:*:*:*:*",
              "matchCriteriaId": "79494C7A-F9E9-4DBB-A44B-5897948338DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ge:cimplicity:8.2:sim9:*:*:*:*:*:*",
              "matchCriteriaId": "2977EC39-E34B-4A07-98B9-A1F1909332FD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY en versiones anteriores a 8.2 SIM 27 no maneja adecuadamente el servicio DACLs, lo que permite a usuarios locales modificar una configuraci\u00f3n de servicio a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2016-5787",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 3.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-07-15T16:59:11.423",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/91727"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://ge-ip.force.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-16-01"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-194-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/91727"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://ge-ip.force.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-16-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-194-02"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-668"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2016-5787 (GCVE-0-2016-5787)

Vulnerability from cvelistv5

Published

2016-07-15 16:00