ICSA-14-287-01
·
Published 2025-06-06
·
View on CISA ICS-CERT ↗
GE Proficy HMI/SCADA DNP3 Driver Input Validation
CVSS 7.1
HIGH
CVEs (1)
Remediations
- Installing Version 7.20L of the DNP driver or newer will address this issue for the products below: iFix (all versions) please install DNP driver Version 7.20L (7.20.62.7) or newer (http://support.ge-ip.com/support/index?page=dwchannel&comp=iodetail&id=DG309)
- CIMPLICITY 8.2 and prior please install DNP driver Version 8.2.62.7 or newer: (http://support.ge-ip.com/support/index?page=dwchannel&id=DN4244)
- CIMPLICITY 9.0 please install DNP driver Version 9.0.62.7 or newer: (http://support.ge-ip.com/support/index?page=dwchannel&id=DN4244)
- To obtain the latest version of any I/O driver please visit GE’s web site at (http://support.ge-ip.com) and, in the right column, look for “Quick Picks” > “Downloads” > “I/O Drivers.”
Affected Vendors
GE
Affected Products (8)
GE
·
iFix
vers:all/*
GE
·
Catapult
v7.20.62
GE
·
CIMPLICITY
<=8.2_:_Catapult:_v8.2.62
GE
·
CIMPLICITY
9.0
GE
·
Catapult
v9.0.62
GE
·
Proficy HMI/SCADA DNP3 I/O Driver (DNP)
v7.20k
GE
·
Catapult
<=v7.20.60
GE
·
Proficy HMI/SCADA – iFIX or CIMPLICITY servers with the vulnerable I/O Driver installed (this includes iFIX or CIMPLICITY installations that are part of Proficy Process Systems
vers:all/*
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more