CVE-2016-5787
moderate-risk
Published 2016-07-15
General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors.
Do I need to act?
-
0.18% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.3/10
Medium
LOCAL
/ LOW complexity
Affected Products (20)
Cimplicity
Cimplicity
Cimplicity
Cimplicity
Cimplicity
Cimplicity
Cimplicity
Cimplicity
Cimplicity
Cimplicity
Cimplicity
Cimplicity
Cimplicity
Cimplicity
Cimplicity
Cimplicity
Cimplicity
Cimplicity
Cimplicity
Cimplicity
Affected Vendors
References (6)
Broken Link
http://www.securityfocus.com/bid/91727
Permissions Required
https://ge-ip.force.com/communities/en_US/Article/GE-Digital-Security-Advisory-G...
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-16-194-02
Broken Link
http://www.securityfocus.com/bid/91727
Permissions Required
https://ge-ip.force.com/communities/en_US/Article/GE-Digital-Security-Advisory-G...
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-16-194-02
43
/ 100
moderate-risk
Severity
20/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
22/34 · High