← Back to home
ICSA-18-282-01  ·  Published 2018-10-09  ·  View on CISA ICS-CERT ↗

GE iFix

CVSS 5.3 MEDIUM

Risk Summary

Successful exploitation of this vulnerability could cause a buffer overflow condition.

CVEs (1)

Remediations

  • GE released iFIX 5.9 in June 2017 to address this issue by incorporating Gigasoft Version 8.0
  • GE recommends users only use ActiveX from trusted sources.
  • To obtain the latest versions of the iFIX product, please contact the local GE Digital representative.
  • For more information on this vulnerability and associated software updates, please see GE Security Communication GED SecComm 18-01 dated March 27, 2018 on the GE website

Affected Vendors

General Electric (GE)

Affected Products (5)

General Electric (GE) · iFIX >= 2.0 | <= 5.0
General Electric (GE) · Gigasoft components < 8.0
General Electric (GE) · iFIX 5.8
General Electric (GE) · iFIX 5.5
General Electric (GE) · iFIX 5.1

Affected Sectors

Multiple sectors

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more