CVE-2023-4487 Information

Description

GE CIMPLICITY 2023 is by a process control vulnerability which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software.

Reference

https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-02 https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Privilege-Escalation-Vulnerability