GE Proficy HMI SCADA CIMPLICITY Privilege Management Vulnerability

CVSS 5.7 MEDIUM

CVEs (1)

CVE-2016-5787

In response to a recent public disclosure of proof-of-concept exploit code, GE has released a notification to its users of the identified vulnerability in an older version of the Proficy HMI/SCADA–CIMPLICITY application, along with the mitigation. GE’s notification is available at the following location: (https://ge-ip.force.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-16-01)
In August 2014, GE released a new version of Proficy HMI/SCADA–CIMPLICITY, Version 8.2, Sim 27 that mitigated the identified vulnerability, which is available at the following location with a valid account: (https://ge-ip.force.com/communities/en_US/Download/CIMPLICITY-8-2-SIM-27-DN)
GE recommends that users upgrade to Proficy HMI/SCADA–CIMPLICITY, Version 8.2, SIM 27 or later versions. The latest version of CIMPLICITY Version 8.2 SIM 43, is available at the following location, with a valid account: (https://ge-ip.force.com/communities/en_US/Download/CIMPLICITY-8-2-SIM-43)

GE · CIMPLICITY <=8.2_SIM_26

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.