GE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.
oryginał ENCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HGe Cimplicity
APPGe≤ 2022
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEContainer
CWE
Powiązane podatności
CVE-2018-15362CRITICAL9.1ten sam produkt
XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0
CVE-2023-4487HIGH7.8ten sam produkt
GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malici...
CVE-2022-3084HIGH7.8ten sam produkt
GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starti...
CVE-2022-3092HIGH7.8ten sam produkt
GE CIMPICITY versions 2022 and prior is vulnerable to an out-of-bounds write, which could allow an attac...
CVE-2022-2952HIGH7.8ten sam produkt
GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow star...