CVE-2013-2785
Summary
| CVE | CVE-2013-2785 |
|---|---|
| State | PUBLISHED |
| Assigner | icscert |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-07-31 13:20:28 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | Multiple buffer overflows in CimWebServer.exe in the WebView component in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.0 SIM 27, 8.1 before SIM 25, and 8.2 before SIM 19, and Proficy Process Systems with CIMPLICITY, allow remote attackers to execute arbitrary code via crafted data in packets to TCP port 10212, aka ZDI-CAN-1621 and ZDI-CAN-1624. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:N/AC:M/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ge | Intelligent Platforms Proficy Hmi/scada Cimplicity | 8.0 | All | All | All |
| Application | Ge | Intelligent Platforms Proficy Hmi/scada Cimplicity | 8.1 | All | All | All |
| Application | Ge | Intelligent Platforms Proficy Hmi/scada Cimplicity | 8.2 | All | All | All |
| Application | Ge | Intelligent Platforms Proficy Process Systems With Cimplicity | - | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| GE Proficy HMI/SCADA CIMPLICITY WebView Improper Input Validation | ICS-CERT | af854a3a-2127-422b-91ae-364da2661108 | ics-cert.us-cert.gov | US Government Resource |
| GE Digital Customer Center | af854a3a-2127-422b-91ae-364da2661108 | support.ge-ip.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.