Search criteria
15 vulnerabilities found for proficy_historian by ge
FKIE_CVE-2022-46660
Vulnerability from fkie_nvd - Published: 2023-01-18 00:15 - Updated: 2024-11-21 07:30
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
An unauthorized user could alter or write files with full control over the path and content of the file.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 | Permissions Required, Vendor Advisory | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ge | proficy_historian | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ge:proficy_historian:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D11858B0-9F9F-4AA0-95DD-52365A7E18EF",
"versionEndExcluding": "2023",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nAn unauthorized user could alter or write files with full control over the path and content of the file. \n\n \n\n"
},
{
"lang": "es",
"value": "Un usuario no autorizado podr\u00eda alterar o escribir archivos con control total sobre la ruta y el contenido del archivo."
}
],
"id": "CVE-2022-46660",
"lastModified": "2024-11-21T07:30:51.960",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-18T00:15:12.273",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-46331
Vulnerability from fkie_nvd - Published: 2023-01-18 00:15 - Updated: 2024-11-21 07:30
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
An unauthorized user could possibly delete any file on the system.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 | Permissions Required, Vendor Advisory | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ge | proficy_historian | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ge:proficy_historian:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D11858B0-9F9F-4AA0-95DD-52365A7E18EF",
"versionEndExcluding": "2023",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\n\n\nAn unauthorized user could possibly delete any file on the system. \n\n \n\n \n\n \n\n"
},
{
"lang": "es",
"value": "Un usuario no autorizado posiblemente podr\u00eda eliminar cualquier archivo del sistema."
}
],
"id": "CVE-2022-46331",
"lastModified": "2024-11-21T07:30:24.230",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-18T00:15:12.183",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-46732
Vulnerability from fkie_nvd - Published: 2023-01-18 00:15 - Updated: 2025-01-17 22:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 | Permissions Required, Vendor Advisory | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ge | proficy_historian | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ge:proficy_historian:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D11858B0-9F9F-4AA0-95DD-52365A7E18EF",
"versionEndExcluding": "2023",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status."
},
{
"lang": "es",
"value": "ncluso si falla la autenticaci\u00f3n del servicio local, el comando solicitado a\u00fan podr\u00eda ejecutarse independientemente del estado de autenticaci\u00f3n."
}
],
"id": "CVE-2022-46732",
"lastModified": "2025-01-17T22:15:27.260",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-01-18T00:15:12.357",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-43494
Vulnerability from fkie_nvd - Published: 2023-01-18 00:15 - Updated: 2024-11-21 07:26
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An unauthorized user could be able to read any file on the system, potentially exposing sensitive information.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 | Permissions Required, Vendor Advisory | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ge | proficy_historian | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ge:proficy_historian:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D11858B0-9F9F-4AA0-95DD-52365A7E18EF",
"versionEndExcluding": "2023",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\n\nAn unauthorized user could be able to read any file on the system, potentially exposing sensitive information. \n\n \n\n \n\n"
},
{
"lang": "es",
"value": "Un usuario no autorizado podr\u00eda leer cualquier archivo del sistema, exponiendo potencialmente informaci\u00f3n confidencial."
}
],
"id": "CVE-2022-43494",
"lastModified": "2024-11-21T07:26:35.967",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-18T00:15:12.090",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-38469
Vulnerability from fkie_nvd - Published: 2023-01-18 00:15 - Updated: 2024-11-21 07:16
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 | Permissions Required, Vendor Advisory | |
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ge | proficy_historian | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ge:proficy_historian:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D11858B0-9F9F-4AA0-95DD-52365A7E18EF",
"versionEndExcluding": "2023",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\nAn unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords. \n\n \n\n \n\n \n\n \n\n"
},
{
"lang": "es",
"value": "Un usuario no autorizado con acceso a la red y la clave de descifrado podr\u00eda descifrar datos confidenciales, como nombres de usuario y contrase\u00f1as."
}
],
"id": "CVE-2022-38469",
"lastModified": "2024-11-21T07:16:32.490",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-18T00:15:11.897",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-261"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-38469 (GCVE-0-2022-38469)
Vulnerability from cvelistv5 – Published: 2023-01-17 23:50 – Updated: 2025-01-16 22:00
VLAI?
Summary
An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords.
Severity ?
7.5 (High)
CWE
- CWE-261 - Weak Encoding for Password
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GE Digital | Proficy Historian |
Affected:
7.0
|
Credits
Uri Katz of Claroty Research reported these vulnerabilities to GE.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:54:03.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38469",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:57:07.959134Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T22:00:41.329Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Proficy Historian",
"vendor": "GE Digital ",
"versions": [
{
"status": "affected",
"version": "7.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Uri Katz of Claroty Research reported these vulnerabilities to GE.\u00a0"
}
],
"datePublic": "2023-01-17T23:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\nAn unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords. \n\n \n\n \n\n \n\n \n\n"
}
],
"value": "\n\n\n\nAn unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords. \n\n \n\n \n\n \n\n \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-261",
"description": "CWE-261\u00a0Weak Encoding for Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-17T23:50:53.642Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01"
},
{
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nGE Digital released \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ge.com/digital/applications/proficy-historian\"\u003eProficy Historian 2023\u003c/a\u003e\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eto mitigate these vulnerabilities. \u0026nbsp;SIMs have also been released for all affected versions.\u003c/span\u003e\u003cp\u003eUsers can find out more about the vulnerabilities, how to obtain, and install the updates by visiting \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01\"\u003ethis notification document from GE Digital\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "GE Digital released Proficy Historian 2023 https://www.ge.com/digital/applications/proficy-historian \u00a0to mitigate these vulnerabilities. \u00a0SIMs have also been released for all affected versions.Users can find out more about the vulnerabilities, how to obtain, and install the updates by visiting this notification document from GE Digital https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 .\u00a0\u00a0\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-38469",
"datePublished": "2023-01-17T23:50:53.642Z",
"dateReserved": "2022-12-15T18:53:06.212Z",
"dateUpdated": "2025-01-16T22:00:41.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46331 (GCVE-0-2022-46331)
Vulnerability from cvelistv5 – Published: 2023-01-17 23:49 – Updated: 2025-01-16 22:00
VLAI?
Summary
An unauthorized user could possibly delete any file on the system.
Severity ?
7.5 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GE Digital | Proficy Historian |
Affected:
7.0
|
Credits
Uri Katz of Claroty Research reported these vulnerabilities to GE.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:46.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46331",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:57:10.842351Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T22:00:49.355Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Proficy Historian",
"vendor": "GE Digital ",
"versions": [
{
"status": "affected",
"version": "7.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Uri Katz of Claroty Research reported these vulnerabilities to GE.\u00a0"
}
],
"datePublic": "2023-01-17T23:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\nAn unauthorized user could possibly delete any file on the system. \n\n \n\n \n\n \n\n"
}
],
"value": "\n\n\nAn unauthorized user could possibly delete any file on the system. \n\n \n\n \n\n \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-17T23:49:42.351Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01"
},
{
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nGE Digital released \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ge.com/digital/applications/proficy-historian\"\u003eProficy Historian 2023\u003c/a\u003e\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eto mitigate these vulnerabilities. \u0026nbsp;SIMs have also been released for all affected versions.\u003c/span\u003e\u003cp\u003eUsers can find out more about the vulnerabilities, how to obtain, and install the updates by visiting \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01\"\u003ethis notification document from GE Digital\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "GE Digital released Proficy Historian 2023 https://www.ge.com/digital/applications/proficy-historian \u00a0to mitigate these vulnerabilities. \u00a0SIMs have also been released for all affected versions.Users can find out more about the vulnerabilities, how to obtain, and install the updates by visiting this notification document from GE Digital https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 .\u00a0\u00a0\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-46331",
"datePublished": "2023-01-17T23:49:42.351Z",
"dateReserved": "2022-12-15T18:53:06.219Z",
"dateUpdated": "2025-01-16T22:00:49.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43494 (GCVE-0-2022-43494)
Vulnerability from cvelistv5 – Published: 2023-01-17 23:48 – Updated: 2025-01-16 22:00
VLAI?
Summary
An unauthorized user could be able to read any file on the system, potentially exposing sensitive information.
Severity ?
7.5 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GE Digital | Proficy Historian |
Affected:
7.0
|
Credits
Uri Katz of Claroty Research reported these vulnerabilities to GE.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:59.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43494",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:57:13.703127Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T22:00:56.730Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Proficy Historian",
"vendor": "GE Digital ",
"versions": [
{
"status": "affected",
"version": "7.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Uri Katz of Claroty Research reported these vulnerabilities to GE.\u00a0"
}
],
"datePublic": "2023-01-17T23:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\nAn unauthorized user could be able to read any file on the system, potentially exposing sensitive information. \n\n \n\n \n\n"
}
],
"value": "\n\nAn unauthorized user could be able to read any file on the system, potentially exposing sensitive information. \n\n \n\n \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-17T23:48:30.139Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01"
},
{
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nGE Digital released \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ge.com/digital/applications/proficy-historian\"\u003eProficy Historian 2023\u003c/a\u003e\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eto mitigate these vulnerabilities. \u0026nbsp;SIMs have also been released for all affected versions.\u003c/span\u003e\u003cp\u003eUsers can find out more about the vulnerabilities, how to obtain, and install the updates by visiting \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01\"\u003ethis notification document from GE Digital\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "GE Digital released Proficy Historian 2023 https://www.ge.com/digital/applications/proficy-historian \u00a0to mitigate these vulnerabilities. \u00a0SIMs have also been released for all affected versions.Users can find out more about the vulnerabilities, how to obtain, and install the updates by visiting this notification document from GE Digital https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 .\u00a0\u00a0\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-43494",
"datePublished": "2023-01-17T23:48:30.139Z",
"dateReserved": "2022-12-15T18:53:06.225Z",
"dateUpdated": "2025-01-16T22:00:56.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46660 (GCVE-0-2022-46660)
Vulnerability from cvelistv5 – Published: 2023-01-17 23:47 – Updated: 2025-01-16 22:01
VLAI?
Summary
An unauthorized user could alter or write files with full control over the path and content of the file.
Severity ?
7.5 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GE Digital | Proficy Historian |
Affected:
7.0
|
Credits
Uri Katz of Claroty Research reported these vulnerabilities to GE.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:38.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46660",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:57:16.585209Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T22:01:06.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Proficy Historian",
"vendor": "GE Digital ",
"versions": [
{
"status": "affected",
"version": "7.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Uri Katz of Claroty Research reported these vulnerabilities to GE.\u00a0"
}
],
"datePublic": "2023-01-17T23:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nAn unauthorized user could alter or write files with full control over the path and content of the file. \n\n \n\n"
}
],
"value": "\nAn unauthorized user could alter or write files with full control over the path and content of the file. \n\n \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-17T23:47:18.275Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01"
},
{
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nGE Digital released \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ge.com/digital/applications/proficy-historian\"\u003eProficy Historian 2023\u003c/a\u003e\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eto mitigate these vulnerabilities. \u0026nbsp;SIMs have also been released for all affected versions.\u003c/span\u003e\u003cp\u003eUsers can find out more about the vulnerabilities, how to obtain, and install the updates by visiting \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01\"\u003ethis notification document from GE Digital\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "GE Digital released Proficy Historian 2023 https://www.ge.com/digital/applications/proficy-historian \u00a0to mitigate these vulnerabilities. \u00a0SIMs have also been released for all affected versions.Users can find out more about the vulnerabilities, how to obtain, and install the updates by visiting this notification document from GE Digital https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 .\u00a0\u00a0\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-46660",
"datePublished": "2023-01-17T23:47:18.275Z",
"dateReserved": "2022-12-15T18:53:06.233Z",
"dateUpdated": "2025-01-16T22:01:06.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46732 (GCVE-0-2022-46732)
Vulnerability from cvelistv5 – Published: 2023-01-17 23:31 – Updated: 2025-01-17 22:13
VLAI?
Title
CVE-2022-46732
Summary
Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status.
Severity ?
9.8 (Critical)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GE Digital | Proficy Historian |
Affected:
7.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:38.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-46732",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-17T17:02:46.135828Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T22:13:06.336Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Proficy Historian",
"vendor": "GE Digital",
"versions": [
{
"status": "affected",
"version": "7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-288",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-20T21:46:29.995Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01"
},
{
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2022-46732",
"x_generator": {
"engine": "VINCE 2.0.5",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2022-46732"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-46732",
"datePublished": "2023-01-17T23:31:14.972Z",
"dateReserved": "2022-12-15T18:53:06.238Z",
"dateUpdated": "2025-01-17T22:13:06.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38469 (GCVE-0-2022-38469)
Vulnerability from nvd – Published: 2023-01-17 23:50 – Updated: 2025-01-16 22:00
VLAI?
Summary
An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords.
Severity ?
7.5 (High)
CWE
- CWE-261 - Weak Encoding for Password
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GE Digital | Proficy Historian |
Affected:
7.0
|
Credits
Uri Katz of Claroty Research reported these vulnerabilities to GE.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:54:03.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38469",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:57:07.959134Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T22:00:41.329Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Proficy Historian",
"vendor": "GE Digital ",
"versions": [
{
"status": "affected",
"version": "7.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Uri Katz of Claroty Research reported these vulnerabilities to GE.\u00a0"
}
],
"datePublic": "2023-01-17T23:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\nAn unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords. \n\n \n\n \n\n \n\n \n\n"
}
],
"value": "\n\n\n\nAn unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords. \n\n \n\n \n\n \n\n \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-261",
"description": "CWE-261\u00a0Weak Encoding for Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-17T23:50:53.642Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01"
},
{
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nGE Digital released \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ge.com/digital/applications/proficy-historian\"\u003eProficy Historian 2023\u003c/a\u003e\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eto mitigate these vulnerabilities. \u0026nbsp;SIMs have also been released for all affected versions.\u003c/span\u003e\u003cp\u003eUsers can find out more about the vulnerabilities, how to obtain, and install the updates by visiting \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01\"\u003ethis notification document from GE Digital\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "GE Digital released Proficy Historian 2023 https://www.ge.com/digital/applications/proficy-historian \u00a0to mitigate these vulnerabilities. \u00a0SIMs have also been released for all affected versions.Users can find out more about the vulnerabilities, how to obtain, and install the updates by visiting this notification document from GE Digital https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 .\u00a0\u00a0\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-38469",
"datePublished": "2023-01-17T23:50:53.642Z",
"dateReserved": "2022-12-15T18:53:06.212Z",
"dateUpdated": "2025-01-16T22:00:41.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46331 (GCVE-0-2022-46331)
Vulnerability from nvd – Published: 2023-01-17 23:49 – Updated: 2025-01-16 22:00
VLAI?
Summary
An unauthorized user could possibly delete any file on the system.
Severity ?
7.5 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GE Digital | Proficy Historian |
Affected:
7.0
|
Credits
Uri Katz of Claroty Research reported these vulnerabilities to GE.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:46.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46331",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:57:10.842351Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T22:00:49.355Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Proficy Historian",
"vendor": "GE Digital ",
"versions": [
{
"status": "affected",
"version": "7.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Uri Katz of Claroty Research reported these vulnerabilities to GE.\u00a0"
}
],
"datePublic": "2023-01-17T23:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\nAn unauthorized user could possibly delete any file on the system. \n\n \n\n \n\n \n\n"
}
],
"value": "\n\n\nAn unauthorized user could possibly delete any file on the system. \n\n \n\n \n\n \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-17T23:49:42.351Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01"
},
{
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nGE Digital released \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ge.com/digital/applications/proficy-historian\"\u003eProficy Historian 2023\u003c/a\u003e\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eto mitigate these vulnerabilities. \u0026nbsp;SIMs have also been released for all affected versions.\u003c/span\u003e\u003cp\u003eUsers can find out more about the vulnerabilities, how to obtain, and install the updates by visiting \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01\"\u003ethis notification document from GE Digital\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "GE Digital released Proficy Historian 2023 https://www.ge.com/digital/applications/proficy-historian \u00a0to mitigate these vulnerabilities. \u00a0SIMs have also been released for all affected versions.Users can find out more about the vulnerabilities, how to obtain, and install the updates by visiting this notification document from GE Digital https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 .\u00a0\u00a0\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-46331",
"datePublished": "2023-01-17T23:49:42.351Z",
"dateReserved": "2022-12-15T18:53:06.219Z",
"dateUpdated": "2025-01-16T22:00:49.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43494 (GCVE-0-2022-43494)
Vulnerability from nvd – Published: 2023-01-17 23:48 – Updated: 2025-01-16 22:00
VLAI?
Summary
An unauthorized user could be able to read any file on the system, potentially exposing sensitive information.
Severity ?
7.5 (High)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GE Digital | Proficy Historian |
Affected:
7.0
|
Credits
Uri Katz of Claroty Research reported these vulnerabilities to GE.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:32:59.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43494",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:57:13.703127Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T22:00:56.730Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Proficy Historian",
"vendor": "GE Digital ",
"versions": [
{
"status": "affected",
"version": "7.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Uri Katz of Claroty Research reported these vulnerabilities to GE.\u00a0"
}
],
"datePublic": "2023-01-17T23:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\nAn unauthorized user could be able to read any file on the system, potentially exposing sensitive information. \n\n \n\n \n\n"
}
],
"value": "\n\nAn unauthorized user could be able to read any file on the system, potentially exposing sensitive information. \n\n \n\n \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-17T23:48:30.139Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01"
},
{
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nGE Digital released \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ge.com/digital/applications/proficy-historian\"\u003eProficy Historian 2023\u003c/a\u003e\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eto mitigate these vulnerabilities. \u0026nbsp;SIMs have also been released for all affected versions.\u003c/span\u003e\u003cp\u003eUsers can find out more about the vulnerabilities, how to obtain, and install the updates by visiting \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01\"\u003ethis notification document from GE Digital\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "GE Digital released Proficy Historian 2023 https://www.ge.com/digital/applications/proficy-historian \u00a0to mitigate these vulnerabilities. \u00a0SIMs have also been released for all affected versions.Users can find out more about the vulnerabilities, how to obtain, and install the updates by visiting this notification document from GE Digital https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 .\u00a0\u00a0\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-43494",
"datePublished": "2023-01-17T23:48:30.139Z",
"dateReserved": "2022-12-15T18:53:06.225Z",
"dateUpdated": "2025-01-16T22:00:56.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46660 (GCVE-0-2022-46660)
Vulnerability from nvd – Published: 2023-01-17 23:47 – Updated: 2025-01-16 22:01
VLAI?
Summary
An unauthorized user could alter or write files with full control over the path and content of the file.
Severity ?
7.5 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GE Digital | Proficy Historian |
Affected:
7.0
|
Credits
Uri Katz of Claroty Research reported these vulnerabilities to GE.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:38.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46660",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:57:16.585209Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T22:01:06.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Proficy Historian",
"vendor": "GE Digital ",
"versions": [
{
"status": "affected",
"version": "7.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Uri Katz of Claroty Research reported these vulnerabilities to GE.\u00a0"
}
],
"datePublic": "2023-01-17T23:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nAn unauthorized user could alter or write files with full control over the path and content of the file. \n\n \n\n"
}
],
"value": "\nAn unauthorized user could alter or write files with full control over the path and content of the file. \n\n \n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-17T23:47:18.275Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01"
},
{
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nGE Digital released \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ge.com/digital/applications/proficy-historian\"\u003eProficy Historian 2023\u003c/a\u003e\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eto mitigate these vulnerabilities. \u0026nbsp;SIMs have also been released for all affected versions.\u003c/span\u003e\u003cp\u003eUsers can find out more about the vulnerabilities, how to obtain, and install the updates by visiting \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01\"\u003ethis notification document from GE Digital\u003c/a\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "GE Digital released Proficy Historian 2023 https://www.ge.com/digital/applications/proficy-historian \u00a0to mitigate these vulnerabilities. \u00a0SIMs have also been released for all affected versions.Users can find out more about the vulnerabilities, how to obtain, and install the updates by visiting this notification document from GE Digital https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 .\u00a0\u00a0\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-46660",
"datePublished": "2023-01-17T23:47:18.275Z",
"dateReserved": "2022-12-15T18:53:06.233Z",
"dateUpdated": "2025-01-16T22:01:06.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46732 (GCVE-0-2022-46732)
Vulnerability from nvd – Published: 2023-01-17 23:31 – Updated: 2025-01-17 22:13
VLAI?
Title
CVE-2022-46732
Summary
Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status.
Severity ?
9.8 (Critical)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GE Digital | Proficy Historian |
Affected:
7.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:38.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-46732",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-17T17:02:46.135828Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T22:13:06.336Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Proficy Historian",
"vendor": "GE Digital",
"versions": [
{
"status": "affected",
"version": "7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-288",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-20T21:46:29.995Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01"
},
{
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2022-46732",
"x_generator": {
"engine": "VINCE 2.0.5",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2022-46732"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-46732",
"datePublished": "2023-01-17T23:31:14.972Z",
"dateReserved": "2022-12-15T18:53:06.238Z",
"dateUpdated": "2025-01-17T22:13:06.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}