PT-2022-16337 · Ge · Ge Cimpicity
Roman Dvorkin
+1
·
Published
2022-02-25
·
Updated
2022-03-08
·
CVE-2022-23921
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
GE CIMPLICITY (affected versions not specified)
Description
Exploitation of this issue may result in local privilege escalation and code execution. It is noted that exploitation is only possible if the attacker has login access to a machine actively running CIMPLICITY, the CIMPLICITY server is not already running a project, and the server is licensed for multiple projects.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ge Cimpicity