GE CIMPLICITY (ICSA-17-278-01) – Product Used in the Water and Wastewater and Energy Sectors – Updated October 10, 2017

October 12, 2017
ICS-CERT has updated this advisory with mitigation details. ICS-CERT.

October 5, 2017
ICS-CERT has released an advisory on a GE CIMPLICITY vulnerability. Versions 9.0 and prior are affected. Successful exploitation of this vulnerability could cause the device that the attacker is accessing to crash; a buffer overflow condition may allow arbitrary remote code execution. GE has released CIMPLICITY software Version 9.5 and recommends users update to that or the latest version. ICS-CERT.