Vulnerability Management, Security Program Controls/Technologies, Endpoint/Device Security

Similarities between newly patched GE Cimplicity flaws, Sandworm attacks observed

SecurityWeek reports that several recently addressed memory corruption vulnerabilities in the GE Cimplicity human-machine interface and supervisory control and data acquisition system, tracked as CVE-2023-3463, were noted by cybersecurity researcher Michael Heinzl, who discovered the bugs, to be similar to those exploited in attacks by the Russian state-sponsored threat operation Sandworm nearly a decade ago. Attackers could leverage the 14 flaws to facilitate arbitrary code execution in all Cimplicity versions in their default configurations through the use of a specially crafted .cim project, said Heinzl. The Sandworm group has been reported by Trend Micro and the Cybersecurity and Infrastructure Security Agency to have leveraged a similar flaw, tracked as CVE-2014-0751, to facilitate attacks in 2014 and 2021, with the more recent intrusion used for BlackEnergy malware deployment. However, GE noted that special conditions have to be met in successfully leveraging the recently patched flaw. "Exploit is only possible if an authenticated user with local access to the system obtains and opens a document from a malicious source so secure deployment and strong access management by users is essential," said GE.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.