CVE-2023-0598 – GE Digital Proficy Code Injection
https://notcve.org/view.php?id=CVE-2023-0598
GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software. • https://digitalsupport.ge.com/s/article/iFIX-Secure-Deployment-Guide?language=en_US https://www.cisa.gov/news-events/ics-advisories/icsa-23-073-03 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-0754
https://notcve.org/view.php?id=CVE-2023-0754
The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to crash the server and remotely execute arbitrary code. • https://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01 • CWE-190: Integer Overflow or Wraparound •
CVE-2023-0755
https://notcve.org/view.php?id=CVE-2023-0755
The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code. • https://www.cisa.gov/uscert/ics/advisories/icsa-23-054-01 • CWE-129: Improper Validation of Array Index •
CVE-2022-38469
https://notcve.org/view.php?id=CVE-2022-38469
An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords. • https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01 • CWE-261: Weak Encoding for Password CWE-522: Insufficiently Protected Credentials •
CVE-2022-46331
https://notcve.org/view.php?id=CVE-2022-46331
An unauthorized user could possibly delete any file on the system. • https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01 • CWE-284: Improper Access Control •