{"api_version":"1","generated_at":"2026-04-23T05:57:10+00:00","cve":"CVE-2016-9360","urls":{"html":"https://cve.report/CVE-2016-9360","api":"https://cve.report/api/cve/CVE-2016-9360.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2016-9360","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2016-9360"},"summary":{"title":"CVE-2016-9360","description":"An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session.","state":"PUBLIC","assigner":"ics-cert@hq.dhs.gov","published_at":"2017-02-13 21:59:00","updated_at":"2022-02-03 19:40:00"},"problem_types":["CWE-522"],"metrics":[],"references":[{"url":"http://www.securitytracker.com/id/1037809","name":"1037809","refsource":"SECTRACK","tags":[],"title":"GE Proficy Password Management Flaw Lets Remote Authenticated Users View User Passwords on the Target System - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A","name":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A","refsource":"MISC","tags":["Mitigation","Third Party Advisory","US Government Resource"],"title":"GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian Vulnerability (Update A) | ICS-CERT","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/95630","name":"95630","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Multiple GE Products CVE-2016-9360 Local Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2016-9360","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9360","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2016","cve_id":"9360","vulnerable":"1","versionEndIncluding":"9.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ge","cpe5":"cimplicity","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"9360","vulnerable":"1","versionEndIncluding":"6.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ge","cpe5":"historian","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"9360","vulnerable":"1","versionEndIncluding":"5.8","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ge","cpe5":"ifix","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"9360","vulnerable":"1","versionEndIncluding":"9.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"general_electric","cpe5":"cimplicity","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"9360","vulnerable":"1","versionEndIncluding":"6.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"general_electric","cpe5":"historian","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"9360","vulnerable":"1","versionEndIncluding":"5.8","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"general_electric","cpe5":"ifix","cpe6":"*","cpe7":"sim_13","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","ID":"CVE-2016-9360","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian","version":{"version_data":[{"version_value":"GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"GE Proficy HMI/SCADA iFIX, Proficy HMI/SCADA CIMPLICITY, and Proficy Historian retrieve user passwords"}]}]},"references":{"reference_data":[{"name":"1037809","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1037809"},{"name":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A","refsource":"MISC","url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A"},{"name":"95630","refsource":"BID","url":"http://www.securityfocus.com/bid/95630"}]}},"nvd":{"publishedDate":"2017-02-13 21:59:00","lastModifiedDate":"2022-02-03 19:40:00","problem_types":["CWE-522"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW","baseScore":6.7,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.8,"impactScore":5.3},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.4},"severity":"MEDIUM","exploitabilityScore":3.4,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:*","versionEndIncluding":"9.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ge:historian:*:*:*:*:*:*:*:*","versionEndIncluding":"6.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ge:ifix:*:*:*:*:*:*:*:*","versionEndIncluding":"5.8","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2016","CveId":"9360","Ordinal":"96040","Title":"CVE-2016-9360","CVE":"CVE-2016-9360","Year":"2016"},"notes":[{"CveYear":"2016","CveId":"9360","Ordinal":"1","NoteData":"An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session.","Type":"Description","Title":null},{"CveYear":"2016","CveId":"9360","Ordinal":"2","NoteData":"2017-02-13","Type":"Other","Title":"Published"},{"CveYear":"2016","CveId":"9360","Ordinal":"3","NoteData":"2017-07-24","Type":"Other","Title":"Modified"}]}}}