GE Digital CIMPLICITY

1. EXECUTIVE SUMMARY ​CVSS v3 7.8 ​ATTENTION: Low attack complexity ​Vendor: GE Digital ​Equipment: CIMPLICITY ​Vulnerability: Process Control 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow a low-privileged local attacker to escalate privileges to SYSTEM. 3...

The vulnerability of the client-server data processing and technical operations control application Proficy HMI/SCADA CIMPLICITY lies in its ability to write malicious code into memory beyond the buffer limits. This allows attackers to execute arbitrary code by loading a malicious file.

The vulnerability of the client-server data processing and technical operations control application Proficy HMI/SCADA CIMPLICITY lies in the ability to write data beyond the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by loading a malicious...

CVE-2023-3463

All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer...

Heap overflow

All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer...

CVE-2023-3463

Ge Digital CIMPLICITY is affected by a heap-based buffer overflow due to memory corruption from insufficient input validation. All CIMPLICITY versions are implicated when documents from untrusted sources are accepted, allowing issues such as out-of-bounds reads/writes, use-after-free, and buffer ...

CVE-2023-3463 GE Digital CIMPLICITY Heap-based Buffer Overflow

All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer...

CVE-2023-3463 GE Digital CIMPLICITY Heap-based Buffer Overflow

All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer...

GE CIMPLICITY 缓冲区错误漏洞

GE CIMPLICITY is a client/server based HMI/SCADA solution from General Electric GE. The solution captures and shares real-time and historical data across all levels of the enterprise, enabling operational visualization of process, equipment, and resource monitoring. A security vulnerability exist...

CISA Releases Seven Industrial Control Systems Advisories

CISA released seven Industrial Control Systems ICS advisories on July 18, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-199-01 Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A ICSA-23-199-02...

GE Digital CIMPLICITY

1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Low attack complexity Vendor: GE Digital Equipment: CIMPLICITY Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause memory corruption issues resulting in unwanted...

PT-2023-4364 · Ge Digital · Ge Digital Cimplicity

Name of the Vulnerable Software and Affected Versions: GE Digital CIMPLICITY versions affected versions not specified Description: The issue is related to memory corruption due to insufficient input validation, including out-of-bounds reads and writes, use-after-free, stack-based buffer overflows...

CVE-2022-3092

GE CIMPICITY versions 2022 and prior is vulnerable to an out-of-bounds write, which could allow an attacker to execute arbitrary code...

CVE-2022-3084

GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary code...

CVE-2022-2952

GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code...

CVE-2022-2002

GE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code...

CVE-2022-2948

GE CIMPICITY versions 2022 and prior is vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code...

CVE-2022-3092 GE CIMPLICITY Out-of-bounds Write

GE CIMPICITY versions 2022 and prior is vulnerable to an out-of-bounds write, which could allow an attacker to execute arbitrary code...

CVE-2022-3092 GE CIMPLICITY Out-of-bounds Write

GE CIMPICITY versions 2022 and prior is vulnerable to an out-of-bounds write, which could allow an attacker to execute arbitrary code...

CVE-2022-3084 GE CIMPLICITY Access of Uninitialized Pointer

GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary code...

CVE-2022-3084 GE CIMPLICITY Access of Uninitialized Pointer

GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary code...