CVE-2016-9360
Summary
| CVE | CVE-2016-9360 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-02-13 21:59:00 UTC |
| Updated | 2022-02-03 19:40:00 UTC |
| Description | An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session. |
Risk And Classification
Problem Types: CWE-522
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ge | Cimplicity | All | All | All | All |
| Application | Ge | Historian | All | All | All | All |
| Application | Ge | Ifix | All | All | All | All |
| Application | General Electric | Cimplicity | All | All | All | All |
| Application | General Electric | Historian | All | All | All | All |
| Application | General Electric | Ifix | All | sim_13 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| GE Proficy Password Management Flaw Lets Remote Authenticated Users View User Passwords on the Target System - SecurityTracker | SECTRACK | www.securitytracker.com | |
| GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian Vulnerability (Update A) | ICS-CERT | MISC | ics-cert.us-cert.gov | Mitigation, Third Party Advisory, US Government Resource |
| Multiple GE Products CVE-2016-9360 Local Information Disclosure Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.