CVE-2023-4487 — HIGH (7.8) — White Hats Nepal

Vulnerability Description

GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ge	Cimplicity	2023

Related Weaknesses (CWE)

CWE-114

References

https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Privilege-EscalatiPermissions Required
https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-02Third Party AdvisoryUS Government Resource
https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Privilege-EscalatiPermissions Required
https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-02Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2023-4487?

CVE-2023-4487 is a vulnerability with a CVSS score of 7.8 (HIGH). GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges a...

How severe is CVE-2023-4487?

CVE-2023-4487 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-4487?

Check the references section above for vendor advisories and patch information. Affected products include: Ge Cimplicity.