5 matches found
CVE-2022-3084
GE CIMPLICITY is affected (versions 2022 and prior) by CVE-2022-3084 due to an uninitialized pointer condition where data from a faulting address can control code flow, starting at gmmiObj!CGmmiRootOptionTable, enabling arbitrary code execution. The issue is documented across multiple sources (NV...
CVE-2022-2002
CVE-2022-2002 affects GE CIMPLICITY (versions 2022 and prior). The issue is an untrusted pointer dereference in gmmiObj!CGmmiOptionContainer that could allow arbitrary code execution. The CVSS v3.1 base score is 7.8 (HIGH), with LOCAL attack vector and user interaction required. Public exploitati...
CVE-2022-3092
GE CIMPLICITY HMI/SCADA software (CIMPLICITY) versions 2022 and prior are affected by CVE-2022-3092 due to an out-of-bounds write (CWE-787) that could allow arbitrary code execution. The vulnerability is local (AV:L, UI:R) with high impact to confidentiality, integrity and availability (CVSS v3 b...
CVE-2022-2952
CVE-2022-2952 affects GE CIMPLICITY (versions 2022 and prior). The vulnerability occurs when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, potentially allowing arbitrary code execution. Impact is high (C/H/I/H/A/H) with CVSS v3.1 base score 7.8, attack ...
CVE-2022-2948
CVE-2022-2948 affects GE CIMPLICITY HMI/SCADA software versions 2022 and earlier. The vulnerability is a heap-based buffer overflow in CIMPLICITY (CVE-2022-2948) that could allow an attacker to execute arbitrary code. Reported impact aligns with a HIGH severity (CVSS v3.1: 7.8) with local attack ...