CVE-2014-0751

CVE-2014-0751: GE Proficy HMI/SCADA Path Traversal

Vendor Ge
Product Proficy HMI/SCADA - CIMPLICITY
Weakness CWE-22 · Path traversal
Published January 25, 2014
Last update August 22, 2025

CVSS base score

What the vulnerability does

01Description

The CIMPLICITY Web-based access component, CimWebServer, does not check the location of shell files being loaded into the system. By modifying the source location, an attacker could send shell code to the CimWebServer which would deploy the nefarious files as part of any SCADA project. This could allow the attacker to execute arbitrary code.

Key dates

02Disclosure timeline

January 25, 2014 CVE published
August 22, 2025 Record updated