← Back to home
ICSA-25-240-06  ·  Published 2025-08-28  ·  View on CISA ICS-CERT ↗

GE Vernova CIMPLICITY

CVSS 7.8 HIGH

Risk Summary

Successful exploitation of this vulnerability could allow a low-privileged local attacker to escalate privileges.

CVEs (1)

Remediations

  • GE Vernova recommends users upgrade to CIMPLICITY 2024 SIM 4. The SIM is posted to the KB as article: 000071725.
  • Direct Link (Login Required): https://digitalsupport.ge.com/s/article/CIMPLICITY-2024-SIM-4?language=en_US.
  • The most complete method to address the vulnerability is upgrading to CIMPLICITY 2024 SIM 4. However, if users are currently unable to upgrade and/or choose not to, it is recommended they reach out to GE Vernova support for guidance to further mitigate the issue on their version(s).
  • Users are strongly advised to follow the Secure Deployment Guide (SDG) instructions. The complete SDG can be found at CIMPLICITY SDG (Login Required).

Affected Vendors

GE Vernova

Affected Products (1)

GE Vernova · CIMPLICITY 2024_2023_2022_11.0

Affected Sectors

Critical Manufacturing

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more