The NCCIC has released an advisory on an unsafe for ActiveX control marked safe for scripting vulnerability in GE iFix. GE iFix 2.0 to 5.0, 5.1, 5.5, and 5.8 are affected. Successful exploitation of this vulnerability could cause a buffer overflow condition. GE released iFIX 5.9 in June 2017 to address this issue by incorporating Gigasoft Version 8.0. Additionally, GE recommends users only use ActiveX from trusted sources. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.
You are here
Related Resources
Jul 25, 2024 in Cybersecurity, in OT-ICS Security, in Federal & State Resources
Jul 25, 2024 in Cybersecurity, in Security Preparedness
Jul 25, 2024 in Cybersecurity, in Security Preparedness
