CVE-2022-23921

Published: Feb 25, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Exploitation of this vulnerability may result in local privilege escalation and code execution. GE maintains exploitation of this vulnerability is only possible if the attacker has login access to a machine actively running CIMPLICITY, the CIMPLICITY server is not already running a project, and the server is licensed for multiple projects.

Affected (1)

Products: Ge: Proficy Cimplicitiy

1 product

Proficy Cimplicitiy

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ge Proficy Cimplicitiy	Up to 11.1

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://www.cisa.gov/uscert/ics/advisories/icsa-22-053-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.cisa.gov/uscert/ics/advisories/icsa-22-053-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.