Lucene search
K

5 matches found

CVE
CVE
added 2023/03/16 7:13 p.m.78 views

CVE-2023-0598

GE Digital Proficy iFIX (2022, v6.1, v6.5) are affected by CVE-2023-0598 due to improper generation of code (CWE-94). An attacker could insert malicious configuration files in the web server execution path and gain full control of the HMI software. ICSA-23-073-03 lists the affected products and n...

9.8CVSS9AI score0.00571EPSS
CVE
CVE
added 2017/02/13 9:0 p.m.71 views

CVE-2016-9360

The CVE-2016-9360 issue affects GE Proficy HMI/SCADA iFIX (Version 5.8 SIM 13 and earlier), CIMPLICITY (Version 9.0 and earlier), and Historian (Version 6.0 and earlier). Root cause: Insufficiently protected credentials enabling password retrieval when an attacker has access to an authenticated s...

6.7CVSS6.3AI score0.00369EPSS
CVE
CVE
added 2018/10/10 5:0 p.m.63 views

CVE-2018-17925

CVE-2018-17925 concerns a vulnerability in the Gigasoft component of GE iFIX (ActiveX marked Safe For Scripting). Affected products include GE iFIX 2.0–5.0, 5.1, 5.5 and 5.8; older Gigasoft components may be used in other vendors’ products. The issue arises from an unsafe ActiveX control within t...

4.8CVSS5.2AI score0.00304EPSS
CVE
CVE
added 2021/02/18 3:2 p.m.56 views

CVE-2019-18243

CVE-2019-18243 affects GE Digital HMI/SCADA iFIX (versions 6.1 and prior). The vulnerability is an Incorrect Permission Assignment for Critical Resource (CWE-732) that allows a local authenticated user to modify system-wide iFIX configurations via the registry (and via section objects), enabling ...

5.5CVSS5.3AI score0.00204EPSS
CVE
CVE
added 2021/02/18 3:0 p.m.51 views

CVE-2019-18255

CVE-2019-18255 concerns HMI/SCADA iFIX (GE Digital) versions 6.1 and prior. A local authenticated user can modify system-wide iFIX configurations through section objects, enabling privilege escalation (I/O/access unspecified beyond local). Multiple connected sources confirm the issue and note it ...

5.5CVSS5.3AI score0.00204EPSS