CVE-2018-17925
First published: Wed Oct 10 2018(Updated: )
Multiple instances of this vulnerability (Unsafe ActiveX Control Marked Safe For Scripting) have been identified in the third-party ActiveX object provided to GE iFIX versions 2.0 - 5.8 by Gigasoft. Only the independent use of the Gigasoft charting package outside the iFIX product may expose users to the reported vulnerability. The reported method shown to impact Internet Explorer is not exposed in the iFIX product, nor is the core functionality of the iFIX product known to be impacted.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GE iFIX | >=2.0<=5.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-17925?
CVE-2018-17925 is a vulnerability that involves multiple instances of an unsafe ActiveX control marked safe for scripting.
What software versions are affected by CVE-2018-17925?
CVE-2018-17925 affects GE iFIX versions 2.0 to 5.8.
How severe is CVE-2018-17925?
CVE-2018-17925 has a severity rating of 4.8, which is considered medium.
How can I fix CVE-2018-17925?
To fix CVE-2018-17925, users should update to a patched version of GE iFIX that addresses the vulnerability.
Where can I find more information about CVE-2018-17925?
More information about CVE-2018-17925 can be found at the following references: [SecurityFocus](http://www.securityfocus.com/bid/105540) and [ICS-CERT Advisories](https://ics-cert.us-cert.gov/advisories/ICSA-18-282-01).
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/tags
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/ge
- canonical/ge ifix
- version/ge ifix/2.0
- version/ge ifix/5.8