QwikSec

Security Database

CVE

CWE

Training

CVE-2014-0751

Published: Jan 25, 2014

Modified: Aug 22, 2025

PUBLISHED

Description

The CIMPLICITY Web-based access component, CimWebServer, does not check the location of shell files being loaded into the system. By modifying the source location, an attacker could send shell code to the CimWebServer which would deploy the nefarious files as part of any SCADA project. This could allow the attacker to execute arbitrary code.

Vendor	Product	Versions
GE	Proficy HMI/SCADA - CIMPLICITY	affected `4.01 - < 8.2`
GE	Proficy Process Systems with CIMPLICITY	affected `all versions`

Weaknesses (CWE)

References

https://www.cisa.gov/news-events/ics-advisories/icsa-14-023-01

http://support.ge-ip.com/support/index?page=kbchannel&id=KB15939

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.