MEDIUM🇵🇱 Wersja polska

CVE-2016-9360

CVSS 6.7v3.1pub. 2017-02-13upd. 2026-05-13

An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session.

CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L
  • Ge Cimplicity

    APP
    Ge
    ≤ 9.0
  • Ge Historian

    APP
    Ge
    ≤ 6.0
  • Ge Ifix

    APP
    Ge
    ≤ 5.8
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2018-15362CRITICAL9.1ten sam produkt

XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0

CVE-2023-4487HIGH7.8ten sam produkt

GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malici...

CVE-2023-0598HIGH7.8ten sam produkt

GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable t...

CVE-2022-3084HIGH7.8ten sam produkt

GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starti...

CVE-2022-3092HIGH7.8ten sam produkt

GE CIMPICITY versions 2022 and prior is vulnerable to an out-of-bounds write, which could allow an attac...