CVSS: 9.4EPSS: 0%CPEs: 8EXPL: 0CVE-2023-5908 – Heap Based Buffer Overflow in PTC KEPServerEx
https://notcve.org/view.php?id=CVE-2023-5908
30 Nov 2023 — KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information. KEPServerEX es vulnerable a un desbordamiento del búfer que puede permitir que un atacante bloquee el producto al que se accede o filtre información. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-334-03 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0898 – Uncontrolled Search Path Element in GE MiCOM S1 Agile
https://notcve.org/view.php?id=CVE-2023-0898
07 Nov 2023 — General Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application. General Electric MiCOM S1 Agile es vulnerable a que un atacante logre la ejecución de código colocando archivos DLL maliciosos en el directorio de la aplicación. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-311-23 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4487 – GE Digital CIMPLICITY Process Control
https://notcve.org/view.php?id=CVE-2023-4487
05 Sep 2023 — GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software. GE CIMPLICITY 2023 contiene una vulnerabilidad de control de procesos, que podría permitir a un atacante local insertar archivos de configuración maliciosos en la ruta de ejecución esperada del servidor web para escalar privilegios y obtener el control total del software... • https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Privilege-Escalation-Vulnerability • CWE-114: Process Control •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2023-3463 – GE Digital CIMPLICITY Heap-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2023-3463
19 Jul 2023 — All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer overflows, uninitialized pointers, and a heap-based buffer overflow. Successful exploitation could allow an attacker to execute arbitrary code. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-06 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1552 – ToolboxST Deserialization of Untrusted Configuration Data
https://notcve.org/view.php?id=CVE-2023-1552
11 Apr 2023 — ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a Toolbox user's context through the deserialization of an untrusted configuration file. Two CVSS scores have been provided to capture the differences between the two aforementioned attack vectors. Customers are advised to update to ToolboxST 7.10 which can be found in ControlST 7.10. If unable... • https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2023-03-23_ToolboxST_Deserialization_of_Untrusted_Configuration_Data.pdf • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2023-0598 – GE Digital Proficy Code Injection
https://notcve.org/view.php?id=CVE-2023-0598
16 Mar 2023 — GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software. • https://digitalsupport.ge.com/s/article/iFIX-Secure-Deployment-Guide?language=en_US • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 1%CPEs: 9EXPL: 0CVE-2023-0754
https://notcve.org/view.php?id=CVE-2023-0754
23 Feb 2023 — The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to crash the server and remotely execute arbitrary code. The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to crash the server and remotely execute arbitrary code. • https://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 2%CPEs: 9EXPL: 0CVE-2023-0755
https://notcve.org/view.php?id=CVE-2023-0755
23 Feb 2023 — The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code. • https://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01 • CWE-129: Improper Validation of Array Index •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38469
https://notcve.org/view.php?id=CVE-2022-38469
17 Jan 2023 — An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords. • https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 • CWE-261: Weak Encoding for Password CWE-522: Insufficiently Protected Credentials •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46331
https://notcve.org/view.php?id=CVE-2022-46331
17 Jan 2023 — An unauthorized user could possibly delete any file on the system. • https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 • CWE-284: Improper Access Control •