Your one-stop web resource providing safety and security information to manufacturers

GE released version 4.0 of its Communicator software that mitigates a heap-based buffer overflow, according to a report with ICS-CERT.

Communicator 3.15 and prior suffer from the remotely exploitable vulnerability, discovered by Kimiya, working with iDefense Labs (now part of Accenture Security). Communicator is an application for programming and monitoring supported metering devices.

Siemens Clears SIMATIC Sm@rtClient Android App
Siemens Fixes SiPass Integrated
Siemens Upgrades SIMATIC Logon Software
Fuji Mitigates Electric V-Server Issue

Exploitation of the vulnerability could allow attackers to execute arbitrary code or create a denial-of-service condition.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

Schneider Bold

A malicious HTML file that loads the ActiveX controls could trigger the vulnerabilities via unchecked function calls.

CVE-2017-7908 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.6.

The product sees action in the critical manufacturing and energy sectors. It also sees use on a global basis.

Boston, MA-based GE recommends users update to the latest release, Version 4.0, to mitigate this vulnerability. Click here to obtain the latest version.

Pin It on Pinterest

Share This