All news with #cimplicity tag

GE Vernova CIMPLICITY: Uncontrolled Search Path Element Risk

⚠️ GE Vernova's CIMPLICITY HMI/SCADA software is affected by an Uncontrolled Search Path Element vulnerability (CVE-2025-7719) in versions 2024, 2023, 2022, and 11.0. CISA reports this flaw could enable a low-privileged local attacker to escalate privileges; a CVSS v4 score of 7.0 and a CVSS v3.1 score of 7.8 were calculated. The issue is not remotely exploitable and no public exploitation has been reported; GE Vernova recommends upgrading to CIMPLICITY 2024 SIM 4 and following the Secure Deployment Guide while CISA advises network isolation and secure remote access.