CVE-2019-18255
First published: Thu Feb 18 2021(Updated: )
HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through section objects. This may allow privilege escalation.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GE iFIX | <=6.1 | |
| GE Digital HMI/SCADA iFIX | <=6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2019-18255.
What is the severity of CVE-2019-18255?
CVE-2019-18255 has a severity score of 5.5, which is considered medium.
What software versions are affected by CVE-2019-18255?
CVE-2019-18255 affects HMI/SCADA iFIX versions 6.1 and prior.
How can a local authenticated user exploit CVE-2019-18255?
A local authenticated user can exploit CVE-2019-18255 to modify system-wide iFIX configurations through section objects, potentially leading to privilege escalation.
Is there a fix available for CVE-2019-18255?
At the time of this writing, there is no known fix available for CVE-2019-18255. It is recommended to follow the suggestions provided in the referenced advisory to mitigate the risk.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/tags
- agent/last-modified-date
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/ge
- canonical/ge ifix
- version/ge ifix/6.1
- vendor/ge digital
- canonical/ge digital hmi/scada ifix
- version/ge digital hmi/scada ifix/6.1