casassets.blogg.se

Ge ifix scada
Ge ifix scada







GE Digital recommends users immediately upgrade all instances of the affected software to GE Digital’s iFIX product v6.5.

ge ifix scada

Sharon Brizinov of Claroty also reported these vulnerabilities separately to GE. William Knowles of Applied Risk reported these vulnerabilities to CISA.

  • COMPANY HEADQUARTERS LOCATION: United States.
  • CRITICAL INFRASTRUCTURE SECTORS: Multiple.
  • ge ifix scada

    A CVSS v3 base score of 6.1 has been calculated the CVSS vector string is ( AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N). This may allow privilege escalation.ĬVE-2019-18255 has been assigned to this vulnerability. The affected product allows a local authenticated user to modify system-wide iFIX configurations through section objects. 3.2.2 INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE CWE-732 This may allow privilege escalation.ĬVE-2019-18243 has been assigned to this vulnerability. The affected product allows a local authenticated user to modify system-wide iFIX configurations through the registry.

    ge ifix scada

    TECHNICAL DETAILS 3.1 AFFECTED PRODUCTSģ.2 VULNERABILITY OVERVIEW 3.2.1 INCORRECT PERMISSION ASSIGNMENT FOR CRITICAL RESOURCE CWE-732 Successful exploitation of these vulnerabilities could allow an attacker to escalate their privileges.

  • Vulnerabilities: Incorrect Permission Assignment for Critical Resource.








  • Ge ifix scada