CVE-2016-9360

medium

Published 2017-02-13 · Modified 2026-05-13

CVSS v3

6.7

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L

CVSS v2

4.4

VIR risk

6.7

Description

An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session.

Predictions

Exploit likelihood

66%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: ics-cert@hq.dhs.gov — https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A

Application impact

Vendor	Product	Versions
ge	cimplicity	`{"endIncluding":"9.0"}`
ge	historian	`{"endIncluding":"6.0"}`
ge	ifix	`{"endIncluding":"5.8"}`

References

http://www.securityfocus.com/bid/95630
http://www.securitytracker.com/id/1037809
https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A
http://www.securityfocus.com/bid/95630
http://www.securitytracker.com/id/1037809
https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A

CWEs

CWE-522

Verify integrity in audit chain (admin only). AS-IS.