ICSA-22-053-02 GE Proficy CIMPLICITY-Cleartext

Vulnerability

GE Proficy CIMPLICITY, an HMI and SCADA platform, transmits credentials in cleartext across the network (CWE-319). This affects all versions of the product [1]. No authentication or prerequisite configuration is required to observe the traffic; the vulnerability exists in the core network protocol [1].

Exploitation

An attacker with network access to a CIMPLICITY network segment can passively capture the cleartext credentials by sniffing traffic. The attack complexity is high because the attacker must be on the same layer-2 domain or have administrative access to network infrastructure [1]. No user interaction is required; the attacker simply listens for authentication sessions [1]. Once credentials are captured, they can be replayed to authenticate to the system [1].

Impact

Successful exploitation leads to disclosure of sensitive credentials, and the attacker can then log in to the system with the captured credentials. This allows the attacker to make operational changes to the system, potentially impacting availability, integrity, and confidentiality [1]. The CVSS vector indicates high impact to confidentiality, integrity, and availability [1].

Mitigation

No fixed version is available; all versions are affected. Users should refer to the Secure Deployment Guide to configure communication encryption, and review the CIMPLICITY Windows Hardening Guide for IPSEC configuration guidance [1]. Additionally, network exposure should be minimized by placing control system networks behind firewalls and isolating them from business networks [1]. The vulnerability is not listed on CISA’s Known Exploited Vulnerabilities catalog as of the advisory date [1].