CVE-2023-3463

GE Digital CIMPLICITY Heap-based Buffer Overflow

Description

All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer overflows, uninitialized pointers, and a heap-based buffer overflow. Successful exploitation could allow an attacker to execute arbitrary code.

Remediation

Solution:

  • To obtain the latest versions of GE CIMPLICITY, contact your local GE Digital representative at https://digitalsupport.ge.com/s/contactsupport https://digitalsupport.ge.com/s/contactsupport . Exploit is only possible if an authenticated user with local access to the system obtains and opens a document from a malicious source so secure deployment and strong access management by users is essential. GE Digital and customers have a shared responsibility for security and users are required to adhere to the most recent Secure Deployment Guide (SDG) instructions https://digitalsupport.ge.com/s/article/CIMPLICITY-Secure-Deployment-Guide2 . Please refer to GE Digital’s security bulletin https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Memory-Corruption-Vulnerability  for more information.

Categories

6.6
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.12%
Third-Party Advisory cisa.gov
Affected: GE Digital CIMPLICITY
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-06 third party advisory us government resource

Frequently Asked Questions

What is the severity of CVE-2023-3463?
CVE-2023-3463 has been scored as a medium severity vulnerability.
How to fix CVE-2023-3463?
To fix CVE-2023-3463: To obtain the latest versions of GE CIMPLICITY, contact your local GE Digital representative at https://digitalsupport.ge.com/s/contactsupport https://digitalsupport.ge.com/s/contactsupport . Exploit is only possible if an authenticated user with local access to the system obtains and opens a document from a malicious source so secure deployment and strong access management by users is essential. GE Digital and customers have a shared responsibility for security and users are required to adhere to the most recent Secure Deployment Guide (SDG) instructions https://digitalsupport.ge.com/s/article/CIMPLICITY-Secure-Deployment-Guide2 . Please refer to GE Digital’s security bulletin https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Memory-Corruption-Vulnerability  for more information.
Is CVE-2023-3463 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-3463 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-3463?
CVE-2023-3463 affects GE Digital CIMPLICITY.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.