GE Proficy HMI/SCADA Path Traversal
Summary
| CVE | CVE-2014-0750 |
|---|---|
| State | PUBLISHED |
| Assigner | icscert |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-01-25 22:55:04 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP request, aka ZDI-CAN-1622. |
Risk And Classification
Primary CVSS: v2.0 7.5 from [email protected]
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS: 0.375620000 probability, percentile 0.972130000 (date 2026-05-03)
Problem Types: CWE-22 | CWE-22 CWE-22
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 2.0 | [email protected] | Primary | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P | |
| 2.0 | [email protected] | Secondary | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P | |
| 2.0 | CNA | CVSS | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P |
CVSS v2.0 Breakdown
AV:N/AC:L/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ge | Intelligent Platforms Proficy Hmi/scada Cimplicity | All | sim24 | All | All |
| Application | Ge | Intelligent Platforms Proficy Hmi/scada Cimplicity | 4.01 | All | All | All |
| Application | Ge | Intelligent Platforms Proficy Hmi/scada Cimplicity | 7.5 | All | All | All |
| Application | Ge | Intelligent Platforms Proficy Hmi/scada Cimplicity | 8.0 | All | All | All |
| Application | Ge | Intelligent Platforms Proficy Hmi/scada Cimplicity | 8.1 | All | All | All |
| Application | Ge | Intelligent Platforms Proficy Hmi/scada Cimplicity | 8.2 | All | All | All |
| Application | Ge | Intelligent Platforms Proficy Process Systems With Cimplicity | - | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | GE | Proficy HMI/SCADA - CIMPLICITY | affected 4.01 8.2 custom | Not specified |
| CNA | GE | Proficy Process Systems With CIMPLICITY | affected all versions | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| GE Digital Customer Center | af854a3a-2127-422b-91ae-364da2661108 | support.ge-ip.com | Vendor Advisory |
| www.cisa.gov/news-events/ics-advisories/icsa-14-023-01 | [email protected] | www.cisa.gov | |
| GE Proficy Vulnerabilities | ICS-CERT | af854a3a-2127-422b-91ae-364da2661108 | ics-cert.us-cert.gov | US Government Resource |
| Multiple Generel Electric Products 'gefebt.exe' Shell Upload Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: amisto0x07 and Z0mb1E of Zero Day Initiative (ZDI) (en)
Additional Advisory Data
Solutions
CNA: GE has produced an update that mitigates one vulnerability and made configuration changes to mitigate the other. Please reference the following GE Product Security Advisories for specific information on the vulnerabilities. GEIP13-05 To address this vulnerability, all copies of the gefebt.exe files that are accessible from a Web client must be deleted or moved, so they are inaccessible. If the production Web configuration currently relies on gefebt.exe, changes to the server’s Web pages may also be desirable. The GE Product Security Advisory, which provides additional guidance, is available here: http://support.ge-ip.com/support/index?page=kbchannel&id=KB15939 GEIP13-06 Download Proficy HMI/SCADA - CIMPLICITY 8.2 SIM 24 at: http://support.ge-ip.com/support/index?page=dwchannel&id=DN4128 The GE Product Security Advisory is available here: http://support.ge-ip.com/support/index?page=kbchannel&id=KB15940