CVE-2016-9360

An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session.

CVSS v3.0 6.7 MEDIUM
CVSS v2.0 4.4 MEDIUM

6.7^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 5.3

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

4.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 3.4 / Impact : 6.4

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A	Mitigation Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/95630	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037809	Third Party Advisory VDB Entry

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ge:cimplicity::::::::
	cpe:2.3:a:ge:historian::::::::
	cpe:2.3:a:ge:ifix::::::::

Information

Published : 2017-02-13 13:59

Updated : 2022-02-03 11:40

NVD link : CVE-2016-9360

Mitre link : CVE-2016-9360

JSON object : View

CWE

CWE-522

Insufficiently Protected Credentials

Advertisement

Products Affected

ge

ifix
historian
cimplicity

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A", "name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/95630", "name": "95630", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id/1037809", "name": "1037809", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-522"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2016-9360", "ASSIGNER": "ics-cert@hq.dhs.gov"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.4, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "baseMetricV3": {"cvssV3": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.3, "exploitabilityScore": 0.8}}, "publishedDate": "2017-02-13T21:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "9.0"}, {"cpe23Uri": "cpe:2.3:a:ge:historian:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "6.0"}, {"cpe23Uri": "cpe:2.3:a:ge:ifix:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "5.8"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-02-03T19:40Z"}