ICSA-11-243-02
·
Published 2025-06-05
·
View on CISA ICS-CERT ↗
GE Proficy Historian Web Administrator XSS
CVSS 4.3
MEDIUM
CVEs (1)
Remediations
- GE Intelligent Platforms does not recommend that customers install or use the Historian Web Administrator component with Proficy Historian. According to GE, the Historian Web Administrator is a legacy product component that should be removed from systems running the affected software to reduce the potential attack surface. According to GE, the “Administrative Website” option will be removed from the Historian Install Wizard in future versions of the Historian product.
- GE recommends that customers follow these steps to remove installed copies of the Historian Web Administrator: Open Windows Explorer. Navigate to the Windows directory where the Historian Web Administrator is installed. By default, this is in the IIS directory C:\inetpub\wwwroot. Right click on the “Historian” folder and select “Delete” to delete that folder.
- GE Intelligent Platforms advises customers to follow the recommendations in the security advisory which can be found at: (http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB14493). Access to the advisory requires a valid GE SSO ID and Customer Service Number.
Affected Vendors
GE
Affected Products (5)
GE
·
Proficy Historian
vers:all/*
GE
·
Proficy HMI/SCADA - CIMPLICITY If Historian is installed
8.1
GE
·
Proficy HMI/SCADA - CIMPLICITY If Historian is installed
8.2
GE
·
Proficy HMI/SCADA - iFIX If Historian is installed
5.0
GE
·
Proficy HMI/SCADA - iFIX If Historian is installed
5.1
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more