|
|
|
|
| |
CIMPLICITY is "a powerful and technically advanced HMI/SCADA product. With its open system design approach, true client/server architecture, and the latest web technologies, CIMPLICITY allows you to realize the benefits of digitization for the collection, monitoring, supervisory control and sharing of critical process and production data throughout your operations CIMPLICITY has been used in all industries -- from process to discrete, to system monitoring. It is extremely well suited for discrete applications, and handles very large amounts of digital signals and alarm bursts. Its advanced Client/Sever architecture makes it easy to start small and expand your system".
A remote exploitable heap overflow in the GE Fanuc Cimplicity product allows remote attackers to cause the product to execute arbitrary code. |
| |
Credit:
The information has been provided by Eyal Udassin.
|
| |
Vulnerable Systems:
* Cimplicity HMI version 6.1
* Cimplicity HMI version 6.1 SP5
* Cimplicity HMI version 6.1 SP6
A heap overflow exists in a mandatory component in Cimplicity, which can be triggered remotely without authentication. The vulnerability was exploited and can be used for arbitrary code execution by an unauthorized attacker.
CVE Information:
CVE-2008-0176
|
|
|
|
|
|
|
|
|
|
