Vulnerability Details CVE-2023-4487
GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 7.2%
CVSS Severity
CVSS v3 Score 7.8
References
- https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Privilege-Escalation-Vulnerability
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-02
- https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Privilege-Escalation-Vulnerability
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-02
Products affected by CVE-2023-4487
-
cpe:2.3:a:ge:cimplicity:2023