What is CVE-2023-4487?

CVE-2023-4487 is a high-severity vulnerability in Ge Digital Cimplicity, classified under Process Control. CVSS score: 7.8/10. Published 2023-09-05.

How severe is CVE-2023-4487?

High severity. CVSS v3 base score is 7.8 out of 10.

Vulnerability in Ge Digital Cimplicity

CVE-2023-4487

GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI softwar…

EPSS: 0.000 (11.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Ge Digital Cimplicity — versions 2023

Weakness classification (CWE)

CWE-114 — Process Control

References

www.cisa.gov/news-events/ics-advisories/icsa-23-243-02
digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Privilege-Escalation-Vuln…

Frequently asked questions

What is CVE-2023-4487?: CVE-2023-4487 is a high-severity vulnerability in Ge Digital Cimplicity, classified under Process Control. CVSS score: 7.8/10. Published 2023-09-05.
How severe is CVE-2023-4487?: High severity. CVSS v3 base score is 7.8 out of 10.