What is CVE-2023-1552?

CVE-2023-1552 is a deserialization vulnerability affecting ToolboxST prior to version 7.10.

How does CVE-2023-1552 impact the affected software?

CVE-2023-1552 allows an attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator to execute code in a Toolbox user's context through the deserialization of an untrusted configuration.

What is the severity of CVE-2023-1552?

The severity of CVE-2023-1552 is high with a CVSS score of 7.8.

How can CVE-2023-1552 be fixed?

To fix CVE-2023-1552, update ToolboxST to version 7.10 or above.

Where can I find more information about CVE-2023-1552?

You can find more information about CVE-2023-1552 in the reference provided by GE: [Link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2023-03-23_ToolboxST_Deserialization_of_Untrusted_Configuration_Data.pdf).

Vulnerability/
CVE-2023-1552

high

7.8

CWE

502

11/4/2023

2/8/2024

CVE-2023-1552: ToolboxST Deserialization of Untrusted Configuration Data

First published: Tue Apr 11 2023(Updated: )

ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a Toolbox user's context through the deserialization of an untrusted configuration file. Two CVSS scores have been provided to capture the differences between the two aforementioned attack vectors. Customers are advised to update to ToolboxST 7.10 which can be found in ControlST 7.10. If unable to update at this time customers should ensure they are following the guidance laid out in GE Gas Power's Secure Deployment Guide (GEH-6839). Customers should ensure they are not running ToolboxST as an Administrative user.

Credit: GEPowerCVD@ge.com

Affected Software	Affected Version	How to fix
Ge Toolboxst	<7.10

Remedy

Update to ToolboxST version >=7.10 (available in ControlST >=7.10)

Never miss a vulnerability like this again

Reference Links

https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2023-03-23_ToolboxST_Deserialization_of_Untrusted_Configuration_Data.pdf

Frequently Asked Questions

What is CVE-2023-1552?
CVE-2023-1552 is a deserialization vulnerability affecting ToolboxST prior to version 7.10.
How does CVE-2023-1552 impact the affected software?
CVE-2023-1552 allows an attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator to execute code in a Toolbox user's context through the deserialization of an untrusted configuration.
What is the severity of CVE-2023-1552?
The severity of CVE-2023-1552 is high with a CVSS score of 7.8.
How can CVE-2023-1552 be fixed?
To fix CVE-2023-1552, update ToolboxST to version 7.10 or above.
Where can I find more information about CVE-2023-1552?
You can find more information about CVE-2023-1552 in the reference provided by GE: [Link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2023-03-23_ToolboxST_Deserialization_of_Untrusted_Configuration_Data.pdf).

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/title
agent/weakness
agent/references
agent/severity
agent/last-modified-date
agent/author
agent/remedy
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/ge
canonical/ge toolboxst

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.