{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-46331", "ASSIGNER": "ics-cert@hq.dhs.gov", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "An unauthorized user could possibly delete any file on the system." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-284 Improper Access Control", "cweId": "CWE-284" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "GE Digital ", "product": { "product_data": [ { "product_name": "Proficy Historian", "version": { "version_data": [ { "version_value": "7.0", "version_affected": "=" } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01", "refsource": "MISC", "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01" }, { "url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01", "refsource": "MISC", "name": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01" } ] }, "generator": { "engine": "Vulnogram 0.1.0-dev" }, "source": { "discovery": "EXTERNAL" }, "solution": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\nGE Digital released Proficy Historian 2023 to mitigate these vulnerabilities.  SIMs have also been released for all affected versions.

Users can find out more about the vulnerabilities, how to obtain, and install the updates by visiting this notification document from GE Digital.  

" } ], "value": "GE Digital released Proficy Historian 2023 https://www.ge.com/digital/applications/proficy-historian \u00a0to mitigate these vulnerabilities. \u00a0SIMs have also been released for all affected versions.Users can find out more about the vulnerabilities, how to obtain, and install the updates by visiting this notification document from GE Digital https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 .\u00a0\u00a0\n\n" } ], "credits": [ { "lang": "en", "value": "Uri Katz of Claroty Research reported these vulnerabilities to GE.\u00a0" } ], "impact": { "cvss": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" } ] } }