GE Mark Vle, EX2100e, EX200e_Reg, and LS2100e (ICSA-18-347-04) – Products Used in the Energy Sector
The NCCIC has released an advisory on a path traversal vulnerability in GE Mark Vle, EX2100e, EX200e_Reg, and LS2100e. Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could allow an attacker to access system data, which could result in escalation of privilege and unauthorized access to the controller. The path traversal vulnerability has been corrected by GE. GE recommends users upgrade to the current version of ControlST software as described in CSB25378.