CVE-2014-0750

GE Proficy HMI/SCADA Path Traversal

Description

Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP request, aka ZDI-CAN-1622.

Remediation

Solution:

  • GE has produced an update that mitigates one vulnerability and made configuration changes to mitigate the other. Please reference the following GE Product Security Advisories for specific information on the vulnerabilities. GEIP13-05 To address this vulnerability, all copies of the gefebt.exe files that are accessible from a Web client must be deleted or moved, so they are inaccessible. If the production Web configuration currently relies on gefebt.exe, changes to the server’s Web pages may also be desirable. The GE Product Security Advisory, which provides additional guidance, is available here:  http://support.ge-ip.com/support/index?page=kbchannel&id=KB15939 GEIP13-06 Download Proficy HMI/SCADA - CIMPLICITY 8.2 SIM 24 at:  http://support.ge-ip.com/support/index?page=dwchannel&id=DN4128 The GE Product Security Advisory is available here:  http://support.ge-ip.com/support/index?page=kbchannel&id=KB15940

Category

7.5
CVSS
Severity: High
CVSS 2.0 •
EPSS 34.74% Top 5%
Vendor Advisory ge-ip.com
Affected: GE Proficy HMI/SCADA - CIMPLICITY
Affected: GE Proficy Process Systems with CIMPLICITY
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-14-023-01
http://support.ge-ip.com/support/index?page=kbchannel&id=KB15939 vendor advisory
http://www.securityfocus.com/bid/65124 vdb entry
http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01 us government resource

Frequently Asked Questions

What is the severity of CVE-2014-0750?
CVE-2014-0750 has been scored as a high severity vulnerability.
How to fix CVE-2014-0750?
To fix CVE-2014-0750: GE has produced an update that mitigates one vulnerability and made configuration changes to mitigate the other. Please reference the following GE Product Security Advisories for specific information on the vulnerabilities. GEIP13-05 To address this vulnerability, all copies of the gefebt.exe files that are accessible from a Web client must be deleted or moved, so they are inaccessible. If the production Web configuration currently relies on gefebt.exe, changes to the server’s Web pages may also be desirable. The GE Product Security Advisory, which provides additional guidance, is available here:  http://support.ge-ip.com/support/index?page=kbchannel&id=KB15939 GEIP13-06 Download Proficy HMI/SCADA - CIMPLICITY 8.2 SIM 24 at:  http://support.ge-ip.com/support/index?page=dwchannel&id=DN4128 The GE Product Security Advisory is available here:  http://support.ge-ip.com/support/index?page=kbchannel&id=KB15940
Is CVE-2014-0750 being actively exploited in the wild?
It is possible that CVE-2014-0750 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~35% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2014-0750?
CVE-2014-0750 affects GE Proficy HMI/SCADA - CIMPLICITY, GE Proficy Process Systems with CIMPLICITY.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.