You are here

GE Mark Vle, EX2100e, EX200e_Reg, and LS2100e (ICSA-18-347-04) – Products Used in the Energy Sector

GE Mark Vle, EX2100e, EX200e_Reg, and LS2100e (ICSA-18-347-04) – Products Used in the Energy Sector

Created: Tuesday, December 18, 2018 - 10:54
Categories:
Cybersecurity

The NCCIC has released an advisory on a path traversal vulnerability in GE Mark Vle, EX2100e, EX200e_Reg, and LS2100e. Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could allow an attacker to access system data, which could result in escalation of privilege and unauthorized access to the controller. The path traversal vulnerability has been corrected by GE. GE recommends users upgrade to the current version of ControlST software as described in CSB25378. The NCCIC also advises on a series of mitigating measures for these vulnerabilities. NCCIC/ICS-CERT.