CVE-2023-4487

GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
icscertCNA
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
Common Weakness Enumeration
References
https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Privilege-Escalation-Vulnerability
https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-02
https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Privilege-Escalation-Vulnerability
https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-02