CVE-2022-38469

Description

An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords.

Solution:

GE Digital released Proficy Historian 2023 https://www.ge.com/digital/applications/proficy-historian to mitigate these vulnerabilities. SIMs have also been released for all affected versions.Users can find out more about the vulnerabilities, how to obtain, and install the updates by visiting this notification document from GE Digital https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 .

Link	Tags
https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01	third party advisory us government resource
https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01	permissions required vendor advisory

What is the severity of CVE-2022-38469?: CVE-2022-38469 has been scored as a high severity vulnerability.
How to fix CVE-2022-38469?: To fix CVE-2022-38469: GE Digital released Proficy Historian 2023 https://www.ge.com/digital/applications/proficy-historian to mitigate these vulnerabilities. SIMs have also been released for all affected versions.Users can find out more about the vulnerabilities, how to obtain, and install the updates by visiting this notification document from GE Digital https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 .
Is CVE-2022-38469 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-38469 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-38469?: CVE-2022-38469 affects GE Digital Proficy Historian.