CVE-2023-3463
Last modified
CVE-2023-3463 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer overflows, uninitialized pointers, and a heap-based buffer overflow. Successful exploitation could allow an attacker to execute arbitrary code. . EPSS estimates a 0.38% chance of exploitation in the next 30 days.
Description
All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer overflows, uninitialized pointers, and a heap-based buffer overflow. Successful exploitation could allow an attacker to execute arbitrary code.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ge | Cimplicity | All versions |
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-06Third Party Advisory, US Government Resource
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-06Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-3463?
How severe is CVE-2023-3463?
How do I fix CVE-2023-3463?
Are you affected by CVE-2023-3463?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST