You are here

GE iFix (ICSA-18-282-01)

GE iFix (ICSA-18-282-01)

Created: Thursday, October 11, 2018 - 18:15
Categories:
Cybersecurity

The NCCIC has released an advisory on an unsafe for ActiveX control marked safe for scripting vulnerability in GE iFix. GE iFix 2.0 to 5.0, 5.1, 5.5, and 5.8 are affected. Successful exploitation of this vulnerability could cause a buffer overflow condition. GE released iFIX 5.9 in June 2017 to address this issue by incorporating Gigasoft Version 8.0. Additionally, GE recommends users only use ActiveX from trusted sources. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.