Lucene search

[email protected]CVE-2023-3463

HistoryJul 19, 2023 - 2:15 p.m.

CVE-2023-3463

2023-07-1914:15:10

CWE-787

CWE-122

[email protected]

web.nvd.nist.gov

cve-2023-3463

ge digital

cimplicity

memory corruption

input validation

arbitrary code execution

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.1%

JSON

All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer overflows, uninitialized pointers, and a heap-based buffer overflow. Successful exploitation could allow an attacker to execute arbitrary code.

Affected configurations

NVD

Node

gecimplicity

CPENameOperatorVersion
ge:cimplicityge cimplicityeq*

CPE	Name	Operator	Version
ge:cimplicity	ge cimplicity	eq	*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "CIMPLICITY",
    "vendor": "GE Digital",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-23-199-06

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.1%

JSON

Related for CVE-2023-3463

prion1 cvelist1 nvd1 ics1