CISA has published an advisory on an improper privilege management vulnerability in GE Digital CIMPLICITY. Versions 10.0 and prior are affected. Successful exploitation of this vulnerability could allow an adversary to modify the systemwide CIMPLICITY configuration, leading to the arbitrary execution of code. GE Digital CIMPLICITY v11.0, released January 2020, contains mitigation for this local privilege escalation vulnerability. GE Digital recommends all users upgrade to GE CIMPLICITY v11.0 or newer. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.