The NCCIC has released an advisory on an unsafe for ActiveX control marked safe for scripting vulnerability in GE iFix. GE iFix 2.0 to 5.0, 5.1, 5.5, and 5.8 are affected. Successful exploitation of this vulnerability could cause a buffer overflow condition. GE released iFIX 5.9 in June 2017 to address this issue by incorporating Gigasoft Version 8.0. Additionally, GE recommends users only use ActiveX from trusted sources. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.
You are here
Related Resources
Dec 12, 2024 in Cybersecurity, in Federal & State Resources, in Security Preparedness
Dec 12, 2024 in Cybersecurity, in OT-ICS Security, in Security Preparedness
Dec 12, 2024 in Cybersecurity, in OT-ICS Security, in Federal & State Resources
