You are here

GE Profidy (ICSA-18-340-01) – Product Used in the Water and Wastewater and Energy Sectors

GE Profidy (ICSA-18-340-01) – Product Used in the Water and Wastewater and Energy Sectors

Created: Thursday, December 6, 2018 - 17:12
Categories:
Cyber Security

The NCCIC has released an advisory on an XXE vulnerability in GE Profidy. Cimplicity 9.0 R2, 9.5, and 10.0 are affected. Successful exploitation of this vulnerability could allow an attacker to initiate an OPC UA session and retrieve an arbitrary file. GE recommends users update to Version 2.1 or newer. The NCCIC also advises on a series of mitigating measures for this vulnerability. NCCIC/ICS-CERT.