Arbitrary file deletion

2019-05-0915:29:00

PRIOn knowledge base

www.prio-n.com

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.4%

JSON

GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious files within the installer file directory, which may allow an attacker to gain administrative privileges on a system during installation or upgrade.

CPENameOperatorVersion
ge_communicatorlt4.0.517

CPE	Name	Operator	Version
	ge_communicator	lt	4.0.517

References

ics-cert.us-cert.gov/advisories/ICSA-19-122-02