CVE-2023-0598 – GE Digital Proficy Code Injection
https://notcve.org/view.php?id=CVE-2023-0598
GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software. • https://digitalsupport.ge.com/s/article/iFIX-Secure-Deployment-Guide?language=en_US https://www.cisa.gov/news-events/ics-advisories/icsa-23-073-03 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2019-18243
https://notcve.org/view.php?id=CVE-2019-18243
HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through the registry. This may allow privilege escalation. HMI/SCADA iFIX (Versiones anteriores a 6.1) permite a un usuario autenticado local modificar las configuraciones de iFIX de todo el sistema a través del registro. Esto puede permitir una escalada de privilegios • https://us-cert.cisa.gov/ics/advisories/icsa-21-040-01 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2019-18255
https://notcve.org/view.php?id=CVE-2019-18255
HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through section objects. This may allow privilege escalation. HMI/SCADA iFIX (Versiones anteriores a 6.1) permite a un usuario autenticado local modificar las configuraciones de iFIX de todo el sistema mediante objetos de sección. Esto puede permitir una escalada de privilegios • https://us-cert.cisa.gov/ics/advisories/icsa-21-040-01 • CWE-732: Incorrect Permission Assignment for Critical Resource •