Security Issue: CERT Reported Vulnerabilities in iFIX Security ka21A000000HYJGQA4 | GE Customer Center

Security Issue: CERT Reported Vulnerabilities in iFIX Security

Description

CERT has reported vulnerabilities in iFIX (versions PDE, 2.0, 2.2, 2.21, 2.5, 2.6, 3.0, 3.5, 4.0, 4.5, and 5.0). The vulnerabilities involve iFIX security, and can be exploited when it is used and an attacker has direct or network access to a HMI/SCADA or VIEW node. The consequence of a successful exploit is that an attacker will have elevated privilege to the HMI/SCADA node.

Resolution

Please review the attached document for further information on these vulnerabilities and mitigating steps.