5 matches found
CVE-2023-0598
GE Digital Proficy iFIX (2022, v6.1, v6.5) are affected by CVE-2023-0598 due to improper generation of code (CWE-94). An attacker could insert malicious configuration files in the web server execution path and gain full control of the HMI software. ICSA-23-073-03 lists the affected products and n...
CVE-2016-9360
The CVE-2016-9360 issue affects GE Proficy HMI/SCADA iFIX (Version 5.8 SIM 13 and earlier), CIMPLICITY (Version 9.0 and earlier), and Historian (Version 6.0 and earlier). Root cause: Insufficiently protected credentials enabling password retrieval when an attacker has access to an authenticated s...
CVE-2018-17925
CVE-2018-17925 concerns a vulnerability in the Gigasoft component of GE iFIX (ActiveX marked Safe For Scripting). Affected products include GE iFIX 2.0–5.0, 5.1, 5.5 and 5.8; older Gigasoft components may be used in other vendors’ products. The issue arises from an unsafe ActiveX control within t...
CVE-2019-18243
CVE-2019-18243 affects GE Digital HMI/SCADA iFIX (versions 6.1 and prior). The vulnerability is an Incorrect Permission Assignment for Critical Resource (CWE-732) that allows a local authenticated user to modify system-wide iFIX configurations via the registry (and via section objects), enabling ...
CVE-2019-18255
CVE-2019-18255 concerns HMI/SCADA iFIX (GE Digital) versions 6.1 and prior. A local authenticated user can modify system-wide iFIX configurations through section objects, enabling privilege escalation (I/O/access unspecified beyond local). Multiple connected sources confirm the issue and note it ...