PT-2020-5890 · Ge Digital · Ge Digital Cimplicity Hmi/Scada

Published

2020-04-07

Updated

2020-04-22

CVE-2020-6992

CVSS v2.0

6.8

Medium

Vector

AV:L/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: GE Digital CIMPLICITY HMI/SCADA versions prior to 11.0

Description: A local privilege escalation issue has been identified, which could allow an adversary to modify the system, leading to the arbitrary execution of code if an attacker has access to an authenticated session. This issue is related to insufficient access control in the Proficy HMI/SCADA CIMPLICITY application, which could enable an attacker to execute arbitrary code or elevate their privileges.

Recommendations: For GE Digital CIMPLICITY HMI/SCADA versions prior to 11.0, upgrade to GE CIMPLICITY v11.0 or newer to mitigate this issue.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

BDU:2021-01982

CVE-2020-6992

Affected Products

Ge Digital Cimplicity Hmi/Scada

PT-2020-5890 · Ge Digital · Ge Digital Cimplicity Hmi/Scada

CVE-2020-6992

Weakness Enumeration

Related Identifiers

Affected Products

References · 5