Security Experts:

Connect with us

Hi, what are you looking for?



Open Source Tool Helps Organizations Secure GE CIMPLICITY HMI/SCADA Systems

Industrial cybersecurity firm OTORIO this week announced the availability of a new open source tool designed to help organizations secure their GE CIMPLICITY systems.

Industrial cybersecurity firm OTORIO this week announced the availability of a new open source tool designed to help organizations secure their GE CIMPLICITY systems.

GE Digital’s CIMPLICITY is a highly popular human-machine interface (HMI) and supervisory control and data acquisition (SCADA) product that the company says is used by some of the world’s largest organizations.

OTORIO has worked with GE Digital to develop a free and open source tool that can be used to harden CIMPLICITY systems by ensuring that they are configured in accordance with the vendor’s guidelines for security best practices.Open source security tool for GE CIMPLICITY

The tool is a PowerShell script and it has been tested on systems running Windows 7, 10, Server 2008 R2, Server 2012 R2 and Server 2016. It’s designed to collect data from the Windows registry, Windows Management Instrumentation (WMI), security policies, Netstat, DirList, and the Net and Netsh commands.

The CYMPLICITY hardening tool checks the system to ensure that passwords need to be long and complex and are not stored in clear text, that accounts are protected against brute-force attacks, that users who don’t need them don’t have elevated privileges, that unnecessary ports are not open, that shared resources are protected, that only admins have debugging privileges, that communications are encrypted, that CIMPLICITY files are not exposed, and that RDP does not expose the system to remote attacks.

“The new tool designed by OTORIO is simple to use and requires no cyber expertise. Cybersecurity experts are seldom present on the production floor. Therefore, we designed the tool with the system integrators who install these systems and OT security personnel within the plants as its primary users. The tool is as simple as a ‘double click’ of a PowerShell script, making it easy to run even for non-technical personnel,” said Yuval Ardon, one of the OTORIO researchers involved in the development of the tool.

Learn more about ICS security tools at SecurityWeek’s ICS Cyber Security Conference and SecurityWeek’s Security Summits virtual event series

This is the second open source ICS security tool released by OTORIO. In December, the company announced the availability of a tool designed to help organizations harden Siemens SIMATIC PCS 7 distributed control systems (DCS).

When it released the tool for the Siemens DCS, OTORIO told SecurityWeek that, when trying to secure an environment, it’s more cost effective to start with server configurations.

It’s worth pointing out that both the Siemens and GE tools inform customers about identified issues, but are not designed to automatically address them.

Related: Vulnerabilities Found in GE Healthcare Patient Monitoring Products

Related: Over 100 GE Healthcare Devices Affected by Critical Vulnerability

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.


Vulnerabilities in GE’s Proficy Historian product could be exploited for espionage and to cause damage and disruption in industrial environments.


A hacktivist group has made bold claims regarding an attack on an ICS device, but industry professionals have questioned their claims.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...


Vulnerabilities in industrial routers made by InHand Networks could allow hackers to bypass security systems and gain access to OT networks.


Organizations using controllers made by Rockwell Automation have been informed recently about several potentially serious vulnerabilities.


Researchers have demonstrated that threat actors could obtain global private keys that protect some of Siemens’ industrial devices, and the vendor says it cannot...