critical
9.8
CWE
122 119 20 416 787
Advisory Published
Updated

CVE-2023-3463: GE Digital CIMPLICITY Heap-based Buffer Overflow

First published: Wed Jul 19 2023(Updated: )

All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer overflows, uninitialized pointers, and a heap-based buffer overflow. Successful exploitation could allow an attacker to execute arbitrary code.

Credit: ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov

Affected SoftwareAffected VersionHow to fix
GE CIMPLICITY
GE Digital CIMPLICITY

Remedy

To obtain the latest versions of GE CIMPLICITY, contact your local GE Digital representative at https://digitalsupport.ge.com/s/contactsupport https://digitalsupport.ge.com/s/contactsupport . Exploit is only possible if an authenticated user with local access to the system obtains and opens a document from a malicious source so secure deployment and strong access management by users is essential. GE Digital and customers have a shared responsibility for security and users are required to adhere to the most recent Secure Deployment Guide (SDG) instructions https://digitalsupport.ge.com/s/article/CIMPLICITY-Secure-Deployment-Guide2 . Please refer to GE Digital’s security bulletin https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Memory-Corruption-Vulnerability  for more information.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is CVE-2023-3463?

    CVE-2023-3463 is a vulnerability found in all versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources.

  • What is the severity of CVE-2023-3463?

    The severity of CVE-2023-3463 is critical with a CVSS score of 9.8.

  • How does CVE-2023-3463 affect GE CIMPLICITY?

    CVE-2023-3463 affects all versions of GE CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources.

  • What are the potential issues caused by CVE-2023-3463?

    CVE-2023-3463 can lead to memory corruption issues, including out-of-bounds reads and writes, use-after-free, and stack-based buffer overflow.

  • Is there a fix for CVE-2023-3463?

    To fix CVE-2023-3463, it is recommended to follow the SDG guidance and ensure that GE CIMPLICITY does not accept documents from untrusted sources.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203