GE Digital APM Classic (ICSA-20-266-01) – Product Used in the Water and Wastewater and Energy Sectors
Created: Tuesday, September 22, 2020 - 18:06
Categories: Cybersecurity
CISA has published an advisory on authorization bypass through user-controlled key and use of a one-way hash without a salt vulnerabilities in GE Digital APM Classic. Versions 4.4 and prior are affected. Successful exploitation of these vulnerabilities could allow access to sensitive information. GE Digital APM Classic 4.5 contains mitigations for these vulnerabilities. GE Digital recommends all users upgrade to GE Digital APM Classic 4.5 or newer. CISA recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.