GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software.
References
Link | Resource |
---|---|
https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Privilege-Escalation-Vulnerability | Permissions Required |
https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-02 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2023-09-05T22:55:45.047Z
Updated: 2023-09-05T22:55:45.047Z
Reserved: 2023-08-22T20:32:42.621Z
Link: CVE-2023-4487
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-09-05T23:15:08.177
Modified: 2023-09-09T03:52:35.157
Link: CVE-2023-4487
JSON object: View
Redhat Information
No data.
CWE