5.3 2017-01-31T12:34:45 GE Proficy HMI SCADA CIMPLICITY WebView buffer overflows - CVE-2013-2785 (GEIP13-03) Multiple buffer overflows in CimWebServer.exe in the WebView component in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.0 SIM 27, 8.1 before SIM 25, and 8.2 before SIM 19, and Proficy Process Systems with CIMPLICITY, allow remote attackers to execute arbitrary code via crafted data in packets to TCP port 10212, aka ZDI-CAN-1621 and ZDI-CAN-1624. HKEY_LOCAL_MACHINE DisplayVersion HKEY_LOCAL_MACHINE ^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{D33BB924-C487-4065-8B5A-DD9C900000\d{2}\}$ DisplayVersion HKEY_LOCAL_MACHINE DisplayVersion oval:com.kaspersky.ics-cert:obj:1 oval:com.kaspersky.ics-cert:obj:6 HKEY_LOCAL_MACHINE ^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{D33BB924-C487-4065-8B5A-DD9C900000\d{2}\}$ DisplayVersion oval:com.kaspersky.ics-cert:obj:2 oval:com.kaspersky.ics-cert:obj:8 HKEY_LOCAL_MACHINE InstallLocation HKEY_LOCAL_MACHINE InstallLocation oval:com.kaspersky.ics-cert:obj:39 oval:com.kaspersky.ics-cert:obj:40 oval:com.kaspersky.ics-cert:obj:48 oval:com.kaspersky.ics-cert:obj:49 ^StartWebServer\s*=\s*(\d)$ 1 HKEY_LOCAL_MACHINE SYSTEM\CurrentControlSet\services\WEBVIEW Start HKEY_LOCAL_MACHINE DisplayVersion HKEY_LOCAL_MACHINE DisplayVersion oval:com.kaspersky.ics-cert:obj:45 oval:com.kaspersky.ics-cert:obj:46 HKEY_LOCAL_MACHINE InstallLocation HKEY_LOCAL_MACHINE InstallLocation 8.10.18236 8.20.20313 4.01.743 0 reg_dword 2 8.00.16240 8.00.17126 8.10.18639 8.20.20474 8.00.16240 ^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{((4AF366C7-81ED-420E-9B1E-6CBF8F96E722)|(C596BAFB-9F7B-4042-B765-660902CD2F05))}$ \data\globals.ini ^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{((FE991EB0-7520-428A-930E-1C22C00E813A)|(6FA87207-DCF3-4DF5-8B5C-698736CC39CF))}$