PT-2021-8999 · Ifix · Ifix
Sharon Brizinov
+1
·
Published
2021-02-18
·
Updated
2021-02-24
·
CVE-2019-18255
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
HMI/SCADA iFIX versions 6.1 and prior
Description
The issue allows a local authenticated user to modify system-wide iFIX configurations through section objects, potentially leading to privilege escalation.
Recommendations
For HMI/SCADA iFIX versions 6.1 and prior, update to a version later than 6.1 to resolve the issue.
At the moment, there is no information about other specific fixes for this vulnerability.
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ifix