ICSA-14-289-02
·
Published 2025-06-06
·
View on CISA ICS-CERT ↗
GE Proficy HMI/SCADA CIMPLICITY CimView Memory Access Violation
CVSS 6.6
MEDIUM
CVEs (1)
Remediations
- GE recommends that asset owners apply product updates to Proficy HMI/SCADA–CIMPLICITY Versions 8.1 and 8.2. The following product updates address the memory access violation vulnerability: Proficy HMI/SCADA – CIMPLICITY 8.1 SIM 29 (DN4219) available at: (http://support.ge-ip.com/support/index?page=dwchannel&id=DN4219)
- Proficy HMI/SCADA–CIMPLICITY 8.2 SIM 26 (DN4197) available at: (http://support.ge-ip.com/support/index?page=dwchannel&id=DN4197)
- In cases where upgrading is not feasible, GE advises asset owners using CIMPLICITY versions prior to 8.1 to consider using the following recommendations that may mitigate or eliminate the impact of the vulnerability: Take steps to properly secure and protect stored CIMPLICITY screen files (.CIM). Avoid using .CIM files received from unknown sources. Avoid sending unprotected .CIM files over unencrypted networks or public Internet. Consider using a strong hashing algorithm to validate integrity of created .CIM files and ensure they have not been tampered with over time.
Affected Vendors
GE
Affected Products (1)
GE
·
Proficy HMI/SCADA–CIMPLICITY
<=8.2
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more