CVE-2023-4487

Summary

GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software.

Affected Software

VendorProductVersion RangeStatus
GE DigitalCIMPLICITY2023affected

Weaknesses

  • CWE-114: CWE-114 Process Control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References