HIGH🇵🇱 Wersja polska

CVE-2023-4487

CVSS 7.8v3.1pub. 2023-09-05upd. 2024-11-21

GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Ge Cimplicity

    APP
    Ge
    2023
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2018-15362CRITICAL9.1ten sam produkt

XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0

CVE-2022-3092HIGH7.8ten sam produkt

GE CIMPICITY versions 2022 and prior is vulnerable to an out-of-bounds write, which could allow an attac...

CVE-2022-3084HIGH7.8ten sam produkt

GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starti...

CVE-2022-2002HIGH7.8ten sam produkt

GE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow star...

CVE-2022-2948HIGH7.8ten sam produkt

GE CIMPICITY versions 2022 and prior is vulnerable to a heap-based buffer overflow, which could allow an att...