CVE-2023-0598

Name of the Vulnerable Software and Affected Versions GE Digital Proficy iFIX versions 6.1 through 6.5 GE Digital Proficy iFIX 2022

Description The issue is related to incorrect code generation management in the GE Proficy HMI/SCADA iFIX software, which may allow an attacker to gain full control of the HMI software by inserting malicious configuration files in the expected web server execution path. This can be achieved through code injection, potentially enabling an attacker to exploit the software remotely.

Recommendations For GE Digital Proficy iFIX versions 6.1 through 6.5, consider disabling the web server execution path until a patch is available to prevent malicious configuration files from being inserted. For GE Digital Proficy iFIX 2022, restrict access to the configuration files to minimize the risk of exploitation. As a temporary workaround, avoid using the expected web server execution path in the affected software until the issue is resolved.