module
GE Proficy CIMPLICITY gefebt.exe Remote Code Execution
| Disclosed | Created |
|---|---|
| 2014-01-23 | 2018-05-30 |
Disclosed
2014-01-23
Created
2018-05-30
Description
This module abuses the gefebt.exe component in GE Proficy CIMPLICITY, reachable through the
CIMPLICIY CimWebServer. The vulnerable component allows to execute remote BCL files in
shared resources. An attacker can abuse this behavior to execute a malicious BCL and
drop an arbitrary EXE. The last one can be executed remotely through the WebView server.
This module has been tested successfully in GE Proficy CIMPLICITY 7.5 with the embedded
CimWebServer. This module starts a WebDAV server to provide the malicious BCL files. If
the target does not have the WebClient service enabled, an external SMB service is necessary.
CIMPLICIY CimWebServer. The vulnerable component allows to execute remote BCL files in
shared resources. An attacker can abuse this behavior to execute a malicious BCL and
drop an arbitrary EXE. The last one can be executed remotely through the WebView server.
This module has been tested successfully in GE Proficy CIMPLICITY 7.5 with the embedded
CimWebServer. This module starts a WebDAV server to provide the malicious BCL files. If
the target does not have the WebClient service enabled, an external SMB service is necessary.
Authors
amisto0x07
Z0mb1E
juan vazquez juan.vazquez@metasploit.com
Z0mb1E
juan vazquez juan.vazquez@metasploit.com
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.