← Back to home
ICSA-23-073-03  ·  Published 2023-03-29  ·  View on CISA ICS-CERT ↗

GE iFIX

CVSS 7.8 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow for privilege escalation and full control of the system.

CVEs (1)

Remediations

  • GE Digital recommends that users upgrade to Proficy iFIX 2023. GE Digital recommends that any users choosing not to upgrade at this time apply the Simulation Drivers (SIMs) provided below to their earlier GE Digital Proficy iFIX versions (login required):
  • iFIX 2023 - select “Download Software Updates”: iFIX 2022 SIM iFIX v6.1 SIM iFIX v6.5 SIM
  • iFIX 2022 SIM
  • iFIX v6.1 SIM
  • iFIX v6.5 SIM
  • Also, users are strongly advised to refer the Secure Deployment Guide (SDG) instructions on how to set-up and configure Access Control List (ACLs). The complete SDG can be found here.

Affected Vendors

GE Digital

Affected Products (3)

GE Digital · GE Digital Proficy iFIX 2022
GE Digital · GE Digital Proficy iFIX 6.1
GE Digital · GE Digital Proficy iFIX 6.5

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more