CVE-2023-0898: Uncontrolled Search Path Element in GE MiCOM S1 Agile
First published: Tue Nov 07 2023(Updated: )
General Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ge Micom S1 Agile |
Remedy
General Electric has released an update that resolves this vulnerability. No action is required by the customer. For more information, see General Electric's Security Advisory https://www.gegridsolutions.com/app/viewfiles.aspx .
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-0898?
CVE-2023-0898 is a vulnerability in General Electric MiCOM S1 Agile that allows an attacker to achieve code execution by placing malicious DLL files in the application directory.
How severe is CVE-2023-0898?
CVE-2023-0898 has a severity rating of 7.3 (high).
How does CVE-2023-0898 affect GE MiCOM S1 Agile?
CVE-2023-0898 affects GE MiCOM S1 Agile by allowing an attacker to achieve code execution through malicious DLL files placed in the application directory.
What is the Common Weakness Enumeration (CWE) ID for CVE-2023-0898?
The Common Weakness Enumeration (CWE) ID for CVE-2023-0898 is 427.
How can I fix CVE-2023-0898 in GE MiCOM S1 Agile?
To fix CVE-2023-0898 in GE MiCOM S1 Agile, apply the necessary patches or updates provided by General Electric and ensure that no unauthorized DLL files are present in the application directory.
- collector/nvd-api
- agent/title
- agent/weakness
- agent/type
- agent/event
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/remedy
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ge
- canonical/ge micom s1 agile