3 results (0.002 seconds)

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software. • https://digitalsupport.ge.com/s/article/iFIX-Secure-Deployment-Guide?language=en_US https://www.cisa.gov/news-events/ics-advisories/icsa-23-073-03 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through the registry. This may allow privilege escalation. HMI/SCADA iFIX (Versiones anteriores a 6.1) permite a un usuario autenticado local modificar las configuraciones de iFIX de todo el sistema a través del registro. Esto puede permitir una escalada de privilegios • https://us-cert.cisa.gov/ics/advisories/icsa-21-040-01 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through section objects. This may allow privilege escalation. HMI/SCADA iFIX (Versiones anteriores a 6.1) permite a un usuario autenticado local modificar las configuraciones de iFIX de todo el sistema mediante objetos de sección. Esto puede permitir una escalada de privilegios • https://us-cert.cisa.gov/ics/advisories/icsa-21-040-01 • CWE-732: Incorrect Permission Assignment for Critical Resource •