CVE-2023-1552

ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a Toolbox user's context through the deserialization of an untrusted configurati...

CVE-2023-1552

Summary: CVE-2023-1552 concerns GE Gas Power ToolBoxST before 7.10, with a deserialization vulnerability that lets an attacker execute code in a Toolbox user’s context by deserializing an untrusted configuration file. Affected software: ToolboxST versions prior to 7.10 (ToolboxST is a control-sys...

CVE-2023-1552 ToolboxST Deserialization of Untrusted Configuration Data

ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a Toolbox user's context through the deserialization of an untrusted configurati...

CVE-2022-37953

An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST v07.09.15 and could allow an attacker to compromise a victim's browser/session. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantl...

CVE-2022-37952

A reflected cross-site scripting XSS vulnerability exists in the iHistorian Data Display of WorkstationST v07.09.15 could allow an attacker to compromise a victim's browser. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than i...

Design/Logic Flaw

An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST v07.09.15 and could allow an attacker to compromise a victim's browser/session. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantl...

Cross site scripting

A reflected cross-site scripting XSS vulnerability exists in the iHistorian Data Display of WorkstationST v07.09.15 could allow an attacker to compromise a victim's browser. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than i...

CVE-2022-37952 WorkstationST - Reflected XSS in iHistorian Data Display Tags

A reflected cross-site scripting XSS vulnerability exists in the iHistorian Data Display of WorkstationST v07.09.15 could allow an attacker to compromise a victim's browser. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than i...

CVE-2022-37952

General Electric WorkstationST is affected by a reflected XSS in the iHistorian Data Display, specifically in WorkstationST versions prior to 07.09.15. The issue impacts the iHistorian Data Display component and can allow an attacker to compromise a victim’s browser. WorkstationST v07.09.15 is re...

CVE-2022-37953 WorkstationST - Response Splitting in AM Gateway Challenge-Response

An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST v07.09.15 and could allow an attacker to compromise a victim's browser/session. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantl...