← Back to home
ICSA-22-053-01  ·  Published 2022-02-22  ·  View on CISA ICS-CERT ↗

GE Proficy CIMPLICITY-IPM

CVSS 7.5 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to achieve both code execution and local privilege escalation.

CVEs (1)

Remediations

  • GE Digital recommends users upgrade all instances of the affected software to GE Digital's Proficy CIMPLICITY, released January 2022 (Upgrade) and follow the instructions in the Secure Deployment Guide to restrict which CIMPLICITY projects are allowed to run.
  • The upgrade contains what GE believes are mitigation measures to help ensure the vulnerability cannot be exploited.
  • Users are encouraged to contact a GE Digital representative for the latest versions of the update.
  • For users who choose to not implement the upgrade, GE Digital recommends applying the instructions in CIMPLICITY's Secure Deployment Guide to ensure access to the CIMPLICITY machines and directories are properly controlled via access control limits.

Affected Vendors

General Electric (GE)

Affected Products (1)

General Electric (GE) · Proficy CIMPLICITIY <= 11.1

Affected Sectors

Multiple Sectors

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more