Search criteria
3 vulnerabilities
CVE-2023-1552 (GCVE-0-2023-1552)
Vulnerability from cvelistv5 – Published: 2023-04-11 14:38 – Updated: 2025-02-06 21:44
VLAI?
Summary
ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a Toolbox user's context through the deserialization of an untrusted configuration file. Two CVSS scores have been provided to capture the differences between the two aforementioned attack vectors.
Customers are advised to update to ToolboxST 7.10 which can be found in ControlST 7.10. If unable to update at this time customers should ensure they are following the guidance laid out in GE Gas Power's Secure Deployment Guide (GEH-6839). Customers should ensure they are not running ToolboxST as an Administrative user.
Severity ?
6.4 (Medium)
CWE
- CVE-502
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GE Gas Power | ToolboxST |
Affected:
0 , < 7.10
(custom)
|
Credits
Sharon Brizinov of Claroty
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2023-03-23_ToolboxST_Deserialization_of_Untrusted_Configuration_Data.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1552",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T21:43:10.282154Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T21:44:02.467Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "ToolboxST",
"vendor": "GE Gas Power",
"versions": [
{
"lessThan": "7.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sharon Brizinov of Claroty"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a Toolbox user\u0027s context through the deserialization of an untrusted configuration file.\u0026nbsp;Two CVSS scores have been provided to capture the differences between the two aforementioned attack vectors.\u0026nbsp;\u003cbr\u003e\u003cbr\u003eCustomers are advised to update to ToolboxST 7.10 which can be found in ControlST 7.10. If unable to update at this time customers should ensure they are following the guidance laid out in GE Gas Power\u0027s Secure Deployment Guide (GEH-6839). Customers should ensure they are not running ToolboxST as an Administrative user.\u0026nbsp;"
}
],
"value": "ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a Toolbox user\u0027s context through the deserialization of an untrusted configuration file.\u00a0Two CVSS scores have been provided to capture the differences between the two aforementioned attack vectors.\u00a0\n\nCustomers are advised to update to ToolboxST 7.10 which can be found in ControlST 7.10. If unable to update at this time customers should ensure they are following the guidance laid out in GE Gas Power\u0027s Secure Deployment Guide (GEH-6839). Customers should ensure they are not running ToolboxST as an Administrative user.\u00a0"
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Gas Power Deployment - Local Attack"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Gas Power Deployment - Social Engineering Attack"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CVE-502",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T14:38:16.504Z",
"orgId": "2cf0fb33-79e2-44e0-beb8-826cc5ce3250",
"shortName": "GE GP"
},
"references": [
{
"url": "https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2023-03-23_ToolboxST_Deserialization_of_Untrusted_Configuration_Data.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to ToolboxST version \u0026gt;=7.10 (available in ControlST \u0026gt;=7.10)"
}
],
"value": "Update to ToolboxST version \u003e=7.10 (available in ControlST \u003e=7.10)"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ToolboxST Deserialization of Untrusted Configuration Data",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "2cf0fb33-79e2-44e0-beb8-826cc5ce3250",
"assignerShortName": "GE GP",
"cveId": "CVE-2023-1552",
"datePublished": "2023-04-11T14:38:16.504Z",
"dateReserved": "2023-03-21T18:08:24.597Z",
"dateUpdated": "2025-02-06T21:44:02.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37952 (GCVE-0-2022-37952)
Vulnerability from cvelistv5 – Published: 2022-08-25 17:26 – Updated: 2024-09-17 01:41
VLAI?
Summary
A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST (<v07.09.15) could allow an attacker to compromise a victim's browser. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater.
Severity ?
4.7 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GE Gas Power | WorkstationST |
Affected:
unspecified , < 07.09.15
(custom)
|
Credits
GE Gas Power would like to thank Ammar Majali for his evaluation and responsible disclosure of this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-08-23_WorkstationST_Reflected_XSS.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WorkstationST",
"vendor": "GE Gas Power",
"versions": [
{
"lessThan": "07.09.15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "GE Gas Power would like to thank Ammar Majali for his evaluation and responsible disclosure of this vulnerability."
}
],
"datePublic": "2022-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST (\u003cv07.09.15) could allow an attacker to compromise a victim\u0027s browser. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T17:26:10",
"orgId": "2cf0fb33-79e2-44e0-beb8-826cc5ce3250",
"shortName": "GE GP"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-08-23_WorkstationST_Reflected_XSS.pdf"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Workstation \u003e= 7.09.15 which can be found in ControlST 7.09.07c SP8 and higher."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WorkstationST - Reflected XSS in iHistorian Data Display Tags",
"workarounds": [
{
"lang": "en",
"value": "Customers should follow the guidance laid out in GEH-6839. The best practices described in that document limit the likelihood and impact of a wide variety of attacks."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "GEPowerCVD@ge.com",
"DATE_PUBLIC": "2022-08-23T21:00:00.000Z",
"ID": "CVE-2022-37952",
"STATE": "PUBLIC",
"TITLE": "WorkstationST - Reflected XSS in iHistorian Data Display Tags"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WorkstationST",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "07.09.15"
}
]
}
}
]
},
"vendor_name": "GE Gas Power"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "GE Gas Power would like to thank Ammar Majali for his evaluation and responsible disclosure of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST (\u003cv07.09.15) could allow an attacker to compromise a victim\u0027s browser. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-08-23_WorkstationST_Reflected_XSS.pdf",
"refsource": "CONFIRM",
"url": "https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-08-23_WorkstationST_Reflected_XSS.pdf"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to Workstation \u003e= 7.09.15 which can be found in ControlST 7.09.07c SP8 and higher."
}
],
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Customers should follow the guidance laid out in GEH-6839. The best practices described in that document limit the likelihood and impact of a wide variety of attacks."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "2cf0fb33-79e2-44e0-beb8-826cc5ce3250",
"assignerShortName": "GE GP",
"cveId": "CVE-2022-37952",
"datePublished": "2022-08-25T17:26:10.090096Z",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-09-17T01:41:41.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37953 (GCVE-0-2022-37953)
Vulnerability from cvelistv5 – Published: 2022-08-25 17:26 – Updated: 2024-09-16 18:09
VLAI?
Summary
An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST (<v07.09.15) and could allow an attacker to compromise a victim's browser/session. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater.
Severity ?
4.7 (Medium)
CWE
- CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GE Gas Power | WorkstationST |
Affected:
unspecified , < 07.09.15
(custom)
|
Credits
GE Gas Power would like to thank Ammar Majali for his evaluation and responsible disclosure of this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:37:42.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-08-23_WorkstationST_Response_Splitting.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WorkstationST",
"vendor": "GE Gas Power",
"versions": [
{
"lessThan": "07.09.15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "GE Gas Power would like to thank Ammar Majali for his evaluation and responsible disclosure of this vulnerability."
}
],
"datePublic": "2022-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST (\u003cv07.09.15) and could allow an attacker to compromise a victim\u0027s browser/session. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-113",
"description": "CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Response Splitting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T17:26:02",
"orgId": "2cf0fb33-79e2-44e0-beb8-826cc5ce3250",
"shortName": "GE GP"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-08-23_WorkstationST_Response_Splitting.pdf"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to Workstation \u003e= 7.09.15 which can be found in ControlST 7.09.07c SP8 and higher."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WorkstationST - Response Splitting in AM Gateway Challenge-Response",
"workarounds": [
{
"lang": "en",
"value": "Customers should follow the guidance laid out in GEH-6839. The best practices described in that document limit the likelihood and impact of a wide variety of attacks."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "GEPowerCVD@ge.com",
"DATE_PUBLIC": "2022-08-23T21:00:00.000Z",
"ID": "CVE-2022-37953",
"STATE": "PUBLIC",
"TITLE": "WorkstationST - Response Splitting in AM Gateway Challenge-Response"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WorkstationST",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "07.09.15"
}
]
}
}
]
},
"vendor_name": "GE Gas Power"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "GE Gas Power would like to thank Ammar Majali for his evaluation and responsible disclosure of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST (\u003cv07.09.15) and could allow an attacker to compromise a victim\u0027s browser/session. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Response Splitting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-08-23_WorkstationST_Response_Splitting.pdf",
"refsource": "CONFIRM",
"url": "https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-08-23_WorkstationST_Response_Splitting.pdf"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to Workstation \u003e= 7.09.15 which can be found in ControlST 7.09.07c SP8 and higher."
}
],
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Customers should follow the guidance laid out in GEH-6839. The best practices described in that document limit the likelihood and impact of a wide variety of attacks."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "2cf0fb33-79e2-44e0-beb8-826cc5ce3250",
"assignerShortName": "GE GP",
"cveId": "CVE-2022-37953",
"datePublished": "2022-08-25T17:26:02.044195Z",
"dateReserved": "2022-08-08T00:00:00",
"dateUpdated": "2024-09-16T18:09:11.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}