CVE-2023-4487

Name of the Vulnerable Software and Affected Versions GE CIMPLICITY version 2023

Description The issue is related to a process control vulnerability in GE CIMPLICITY 2023, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software. This vulnerability exists due to a problem with process management.

Recommendations For GE CIMPLICITY version 2023, as a temporary workaround, consider restricting access to the web server execution path to minimize the risk of exploitation. Additionally, monitor the system for any suspicious activity and apply patches as soon as they become available from the vendor. At the moment, there is no information about a newer version that contains a fix for this vulnerability.