|2017-10-05||Other||GE||David Atch of CyberX reported the vulnerability to ICS-CERT.
# GE CIMPLICITY (Update A)
### VULNERABLE VENDOR
### VULNERABLE PRODUCT
David Atch of CyberX reported the vulnerability to ICS-CERT.
### AFFECTED PRODUCTS
The following versions of CIMPLICITY, an HMI/SCADA management platform, are affected:
CIMPLICITY Versions 9.0 and prior.
--------- Begin Update A Part 1 of 3 --------
From CIMPLICITY 6.1 forward, users have been advised that S90 drivers were no longer supported and an alternate tool was provided. CIMPLICITY 9.5 removed the drivers from the product.
--------- End Update A Part 1 of 3 ----------
Successful exploitation of this vulnerability could cause the device that the attacker is accessing to crash; a buffer overflow condition may allow arbitrary remote code execution.
### VULNERABILITY OVERVIEW
STACK-BASED BUFFER OVERFLOW CWE-121
A function reads a packet to indicate the next packet length.
The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution.
--------- Begin Update A Part 3 of 3 --------
CVE-2017-12732 has been assigned to this vulnerability.
A CVSS v3 base score of 6.8 has been assigned; the CVSS vector string is (AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)
--------- End Update A Part 3 of 3 --------
Critical Infrastructure Sectors: Chemical, Critical Manufacturing, Dams, Energy, Food and Agriculture, Government Facilities, Transportation Systems, Water and Wastewater Systems
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Boston, Massachusetts
--------- Begin Update A Part 2 of 3 --------
GE has released CIMPLICITY software Version 9.5 and they recommend that users update to that version or the latest version. The Series 90 TCP/IP communications support has been deprecated and users are encouraged to use the "convert to triplex" application tool, which has been available since CIMPLICITY Version 6.1, to obtain communication support if needed. Documentation and information on procedures, as well as the upgrade to Version 9.5, can be located at the following location (login required):
--------- End Update A Part 2 of 3 --------