CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-0598

GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 16.2%

CVSS Severity

CVSS v3 Score 7.8

References

https://digitalsupport.ge.com/s/article/iFIX-Secure-Deployment-Guide?language=en_US
https://www.cisa.gov/news-events/ics-advisories/icsa-23-073-03
https://digitalsupport.ge.com/s/article/iFIX-Secure-Deployment-Guide?language=en_US
https://www.cisa.gov/news-events/ics-advisories/icsa-23-073-03

Products affected by CVE-2023-0598

Ge » Ifix » Version: 2022

cpe:2.3:a:ge:ifix:2022
Ge » Ifix » Version: 6.1

cpe:2.3:a:ge:ifix:6.1
Ge » Ifix » Version: 6.5

cpe:2.3:a:ge:ifix:6.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-0598

Products

Pricing

Contact Us