User Password Retrieval Vulnerability in GE Proficy HMI/SCADA iFIX, CIMPLICITY, and Historian

User Password Retrieval Vulnerability in GE Proficy HMI/SCADA iFIX, CIMPLICITY, and Historian

CVE-2016-9360 · MEDIUM Severity

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L

An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session.

Learn more about our User Device Pen Test.