{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2022-46660", "ASSIGNER": "ics-cert@hq.dhs.gov", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "An unauthorized user could alter or write files with full control over the path and content of the file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", "cweId": "CWE-434" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "GE Digital ", "product": { "product_data": [ { "product_name": "Proficy Historian", "version": { "version_data": [ { "version_value": "7.0", "version_affected": "=" } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01", "refsource": "MISC", "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01" }, { "url": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01", "refsource": "MISC", "name": "https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01" } ] }, "generator": { "engine": "Vulnogram 0.1.0-dev" }, "source": { "discovery": "EXTERNAL" }, "solution": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\nGE Digital released Proficy Historian 2023 to mitigate these vulnerabilities.  SIMs have also been released for all affected versions.

Users can find out more about the vulnerabilities, how to obtain, and install the updates by visiting this notification document from GE Digital.  

" } ], "value": "GE Digital released Proficy Historian 2023 https://www.ge.com/digital/applications/proficy-historian \u00a0to mitigate these vulnerabilities. \u00a0SIMs have also been released for all affected versions.Users can find out more about the vulnerabilities, how to obtain, and install the updates by visiting this notification document from GE Digital https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 .\u00a0\u00a0\n\n" } ], "credits": [ { "lang": "en", "value": "Uri Katz of Claroty Research reported these vulnerabilities to GE.\u00a0" } ], "impact": { "cvss": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" } ] } }