Executive Summary

Title GE Fanuc CIMPLICITY HMI heap buffer overflow
Name VU#308556 First vendor Publication 2008-01-25
Vendor VU-CERT Last vendor Modification 2008-01-25
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Vulnerability Note VU#308556

GE Fanuc CIMPLICITY HMI heap buffer overflow


GE Fanuc CIMPLICITY HMI contains a remotely accessible heap buffer overflow vulnerability which may allow a remote attacker to execute arbitrary code.

I. Description

GE Fanuc CIMPLICITY HMI is software used for monitoring and control in Supervisory Control And Data Acquisition (SCADA) systems. A heap buffer overflow vulnerability exists in a CIMPLICITY process (w32rtr.exe) that listens on the network (32000/tcp). The vulnerable process exists in both servers and clients. An attacker could exploit this vulnerability by sending a specially crafted packet to a vulnerable CIMPLICITY system.

Note that this vulnerability affects GE Fanuc CIMPLICITY HMI versions up to and including version 7.0.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial of service.

III. Solution

Apply Patch

This vulnerability is addressed in CIMPLICITY 6.1 SP6 Hot fix - 010708_162517_6106 and CIMPLICITY 7.0 SIM 9. CIMPLICITY customers should refer to GE Fanuc knowledge base article KB2458 for more information.


Users of affected software with versions older than 6.1 are encouraged to upgrade to 6.1 or greater and then apply the patches described above. CIMPLICITY customers should refer to GE Fanuc knowledge base article KB12458 for more information.
Restrict Access

Restrict network access to hosts that require connections to CIMPLICITY. Do not allow access to CIMPLICITY from untrusted networks such as the internet.

Systems Affected

VendorStatusDate Updated
GE FanucVulnerable24-Jan-2008




This vulnerability was reported by Eyal Udassin of C4 Security.

This document was written by Chris Taschner.

Other Information

Date Public01/24/2008
Date First Published01/25/2008 03:30:28 PM
Date Last Updated01/25/2008
CERT Advisory 
CVE NameCVE-2008-0176
US-CERT Technical Alerts 
Document Revision32

Original Source

Url : http://www.kb.cert.org/vuls/id/308556

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

Open Source Vulnerability Database (OSVDB)

Id Description
40745 CIMPLICITY w32rtr.exe Crafted IP Packet Overflow

A remote overflow exists in CIMPLICITY. CIMPLICITY fails to perform proper bounds checking, resulting in a buffer overflow. With a specially crafted request, an attacker can cause remote code execution, resulting in a loss of confidentiality, and/or integrity.