Search criteria
2 vulnerabilities found for MiCOM S1 Agile by General Electric
CVE-2023-0898 (GCVE-0-2023-0898)
Vulnerability from cvelistv5 – Published: 2023-11-07 16:34 – Updated: 2025-01-16 21:26
VLAI?
Title
Uncontrolled Search Path Element in GE MiCOM S1 Agile
Summary
General Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application.
Severity ?
5.3 (Medium)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| General Electric | MiCOM S1 Agile |
Affected:
All versions
|
Credits
Sushant Mane from CoE-CNDS Lab, VJTI
Anooja Joy from CoE-CNDS Lab, VJTI
Dr. Faruk Kazi from CoE-CNDS Lab, VJTI
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-311-23"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0898",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:18:47.995174Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:26:36.149Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MiCOM S1 Agile",
"vendor": "General Electric",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sushant Mane from CoE-CNDS Lab, VJTI"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Anooja Joy from CoE-CNDS Lab, VJTI"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Dr. Faruk Kazi from CoE-CNDS Lab, VJTI"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eGeneral Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application.\u003c/p\u003e\u003cbr\u003e\n\n"
}
],
"value": "\nGeneral Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application.\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-07T16:34:41.246Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-311-23"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eGeneral Electric has released an update that resolves this vulnerability. No action is required by the customer.\u003c/p\u003e\u003cp\u003eFor more information, see General Electric\u0027s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.gegridsolutions.com/app/viewfiles.aspx?prod=S1Agile\u0026amp;type=21\"\u003eSecurity Advisory\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nGeneral Electric has released an update that resolves this vulnerability. No action is required by the customer.\n\nFor more information, see General Electric\u0027s Security Advisory https://www.gegridsolutions.com/app/viewfiles.aspx .\n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Uncontrolled Search Path Element in GE MiCOM S1 Agile",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-0898",
"datePublished": "2023-11-07T16:34:41.246Z",
"dateReserved": "2023-02-17T21:23:33.224Z",
"dateUpdated": "2025-01-16T21:26:36.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0898 (GCVE-0-2023-0898)
Vulnerability from nvd – Published: 2023-11-07 16:34 – Updated: 2025-01-16 21:26
VLAI?
Title
Uncontrolled Search Path Element in GE MiCOM S1 Agile
Summary
General Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application.
Severity ?
5.3 (Medium)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| General Electric | MiCOM S1 Agile |
Affected:
All versions
|
Credits
Sushant Mane from CoE-CNDS Lab, VJTI
Anooja Joy from CoE-CNDS Lab, VJTI
Dr. Faruk Kazi from CoE-CNDS Lab, VJTI
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:24:34.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-311-23"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0898",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:18:47.995174Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:26:36.149Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MiCOM S1 Agile",
"vendor": "General Electric",
"versions": [
{
"status": "affected",
"version": "All versions "
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Sushant Mane from CoE-CNDS Lab, VJTI"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": " Anooja Joy from CoE-CNDS Lab, VJTI"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Dr. Faruk Kazi from CoE-CNDS Lab, VJTI"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eGeneral Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application.\u003c/p\u003e\u003cbr\u003e\n\n"
}
],
"value": "\nGeneral Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application.\n\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-07T16:34:41.246Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-311-23"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cp\u003eGeneral Electric has released an update that resolves this vulnerability. No action is required by the customer.\u003c/p\u003e\u003cp\u003eFor more information, see General Electric\u0027s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.gegridsolutions.com/app/viewfiles.aspx?prod=S1Agile\u0026amp;type=21\"\u003eSecurity Advisory\u003c/a\u003e.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nGeneral Electric has released an update that resolves this vulnerability. No action is required by the customer.\n\nFor more information, see General Electric\u0027s Security Advisory https://www.gegridsolutions.com/app/viewfiles.aspx .\n\n\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Uncontrolled Search Path Element in GE MiCOM S1 Agile",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-0898",
"datePublished": "2023-11-07T16:34:41.246Z",
"dateReserved": "2023-02-17T21:23:33.224Z",
"dateUpdated": "2025-01-16T21:26:36.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}