CVE-2023-4487 – GE Digital CIMPLICITY Process Control

https://notcve.org/view.php?id=CVE-2023-4487

GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software. GE CIMPLICITY 2023 contiene una vulnerabilidad de control de procesos, que podría permitir a un atacante local insertar archivos de configuración maliciosos en la ruta de ejecución esperada del servidor web para escalar privilegios y obtener el control total del software HMI. • https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Privilege-Escalation-Vulnerability https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-02 • CWE-114: Process Control •