CVE-2018-17925

Name of the Vulnerable Software and Affected Versions GE iFIX versions 2.0 through 5.8

Description The issue is related to an Unsafe ActiveX Control Marked Safe For Scripting in a third-party ActiveX object provided by Gigasoft. This vulnerability may be exposed when the Gigasoft charting package is used independently outside the iFIX product. The method that impacts Internet Explorer is not exposed in the iFIX product, and the core functionality of the iFIX product is not known to be impacted.

Recommendations For GE iFIX versions 2.0 through 5.8, consider restricting the use of the Gigasoft charting package outside the iFIX product to minimize the risk of exploitation. As a temporary workaround, avoid using the independent Gigasoft charting package until a patch or fix is available.