Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GE Digital Proficy Code Injection
Vulnerability Description
GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
GE iFIX 代码注入漏洞
Vulnerability Description
GE iFIX是美国通用电气(GE)公司的通过工业级 SCADA 和高性能 HMI 提高生产力和过程控制的平台。 GE iFIX 存在代码注入漏洞。攻击者利用该漏洞可以在预期的 Web 服务器执行路径中插入恶意配置文件并获得对人机界面软件。
CVSS Information
N/A
Vulnerability Type
N/A