CVE-2019-6544
Last modified
CVE-2019-6544 is a medium-severity vulnerability rated 5.6/10 on the CVSS scale. GE Communicator, all versions prior to 4.0.517, has a service running with system privileges that may allow an unprivileged user to perform certain administrative actions, which may allow the execution of scheduled scripts with system administrator privileges. This service is inaccessible to attackers if Windows default firewall settings are used by the end user.. EPSS estimates a 1.18% chance of exploitation in the next 30 days.
Description
GE Communicator, all versions prior to 4.0.517, has a service running with system privileges that may allow an unprivileged user to perform certain administrative actions, which may allow the execution of scheduled scripts with system administrator privileges. This service is inaccessible to attackers if Windows default firewall settings are used by the end user.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ge | Ge Communicator | < 4.0.517 |
References
- https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02Mitigation, Third Party Advisory, US Government Resource
- https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02Mitigation, Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-6544?
How severe is CVE-2019-6544?
How do I fix CVE-2019-6544?
Are you affected by CVE-2019-6544?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST