CVE-2023-4487

GE Digital CIMPLICITY Process Control

Description

GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software.

Remediation

Solution:

GE Digital recommends users apply the following mitigations: * Update CIMPLICITY to v2023 SIM 1 https://digitalsupport.ge.com/s/article/CIMPLICITY-2023-SIM-1 (login is required) Please refer to GE Digital’s security bulletin https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Privilege-Escalation-Vulnerability (login is required) for more information.

References

Link	Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-02	third party advisory us government resource
https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Privilege-Escalation-Vulnerability	permissions required

Frequently Asked Questions

What is the severity of CVE-2023-4487?: CVE-2023-4487 has been scored as a high severity vulnerability.
How to fix CVE-2023-4487?: To fix CVE-2023-4487: GE Digital recommends users apply the following mitigations: * Update CIMPLICITY to v2023 SIM 1 https://digitalsupport.ge.com/s/article/CIMPLICITY-2023-SIM-1 (login is required) Please refer to GE Digital’s security bulletin https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Privilege-Escalation-Vulnerability (login is required) for more information.
Is CVE-2023-4487 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2023-4487 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-4487?: CVE-2023-4487 affects GE Digital CIMPLICITY.

Description

Remediation

Category

CWE-114 – Process Control

References

Frequently Asked Questions