CVE-2023-4487

EPSS 0.03%
Published 05.09.2023 23:15:08
Last modified 21.11.2024 08:35:16
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Ge ≫ Cimplicity Version2023 Update-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.074

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ics-cert@hq.dhs.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-114 Process Control

Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker.

https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Privilege-Escalation-Vulnerability

Permissions Required

https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-02

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2023-4487

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-4487

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-4487

EUVD