CVE-2016-5787

medium

Published 2016-07-15 · Modified 2026-05-06

CVSS v3

6.3

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

CVSS v2

4.6

VIR risk

6.3

Description

General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors.

Predictions

Exploit likelihood

63%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: ics-cert@hq.dhs.gov — https://ge-ip.force.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-16-01

Application impact

Vendor	Product	Versions	Fixed
ge	cimplicity	`{"endExcluding":"8.2"}`	`8.2`
ge	cimplicity	`8.2`

References

http://www.securityfocus.com/bid/91727
https://ge-ip.force.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-16-01
https://ics-cert.us-cert.gov/advisories/ICSA-16-194-02
http://www.securityfocus.com/bid/91727
https://ge-ip.force.com/communities/en_US/Article/GE-Digital-Security-Advisory-GED-16-01
https://ics-cert.us-cert.gov/advisories/ICSA-16-194-02

CWEs

CWE-668

Verify integrity in audit chain (admin only). AS-IS.