Security Experts:

Connect with us

Hi, what are you looking for?



Open Source Tool Helps Organizations Secure GE CIMPLICITY HMI/SCADA Systems

Industrial cybersecurity firm OTORIO this week announced the availability of a new open source tool designed to help organizations secure their GE CIMPLICITY systems.

Industrial cybersecurity firm OTORIO this week announced the availability of a new open source tool designed to help organizations secure their GE CIMPLICITY systems.

GE Digital’s CIMPLICITY is a highly popular human-machine interface (HMI) and supervisory control and data acquisition (SCADA) product that the company says is used by some of the world’s largest organizations.

OTORIO has worked with GE Digital to develop a free and open source tool that can be used to harden CIMPLICITY systems by ensuring that they are configured in accordance with the vendor’s guidelines for security best practices.Open source security tool for GE CIMPLICITY

The tool is a PowerShell script and it has been tested on systems running Windows 7, 10, Server 2008 R2, Server 2012 R2 and Server 2016. It’s designed to collect data from the Windows registry, Windows Management Instrumentation (WMI), security policies, Netstat, DirList, and the Net and Netsh commands.

The CYMPLICITY hardening tool checks the system to ensure that passwords need to be long and complex and are not stored in clear text, that accounts are protected against brute-force attacks, that users who don’t need them don’t have elevated privileges, that unnecessary ports are not open, that shared resources are protected, that only admins have debugging privileges, that communications are encrypted, that CIMPLICITY files are not exposed, and that RDP does not expose the system to remote attacks.

“The new tool designed by OTORIO is simple to use and requires no cyber expertise. Cybersecurity experts are seldom present on the production floor. Therefore, we designed the tool with the system integrators who install these systems and OT security personnel within the plants as its primary users. The tool is as simple as a ‘double click’ of a PowerShell script, making it easy to run even for non-technical personnel,” said Yuval Ardon, one of the OTORIO researchers involved in the development of the tool.

Learn more about ICS security tools at SecurityWeek’s ICS Cyber Security Conference and SecurityWeek’s Security Summits virtual event series

This is the second open source ICS security tool released by OTORIO. In December, the company announced the availability of a tool designed to help organizations harden Siemens SIMATIC PCS 7 distributed control systems (DCS).

When it released the tool for the Siemens DCS, OTORIO told SecurityWeek that, when trying to secure an environment, it’s more cost effective to start with server configurations.

It’s worth pointing out that both the Siemens and GE tools inform customers about identified issues, but are not designed to automatically address them.

Related: Vulnerabilities Found in GE Healthcare Patient Monitoring Products

Related: Over 100 GE Healthcare Devices Affected by Critical Vulnerability

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...


Cybersecurity firm Forescout shows how various ICS vulnerabilities can be chained for an exploit that allows hackers to cause damage to a bridge.


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.


More than 1,300 ICS vulnerabilities were discovered in 2022, including nearly 1,000 that have a high or critical severity rating.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...


Siemens and Schneider Electric address nearly 100 vulnerabilities across several of their products with their February 2023 Patch Tuesday advisories.


Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).