GE Releases New Version of Communicator

Thursday, July 13, 2017 @ 04:07 PM gHale


GE released version 4.0 of its Communicator software that mitigates a heap-based buffer overflow, according to a report with ICS-CERT.

Communicator 3.15 and prior suffer from the remotely exploitable vulnerability, discovered by Kimiya, working with iDefense Labs (now part of Accenture Security). Communicator is an application for programming and monitoring supported metering devices.

RELATED STORIES
Siemens Clears SIMATIC Sm@rtClient Android App
Siemens Fixes SiPass Integrated
Siemens Upgrades SIMATIC Logon Software
Fuji Mitigates Electric V-Server Issue

Exploitation of the vulnerability could allow attackers to execute arbitrary code or create a denial-of-service condition.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

A malicious HTML file that loads the ActiveX controls could trigger the vulnerabilities via unchecked function calls.

CVE-2017-7908 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.6.

The product sees action in the critical manufacturing and energy sectors. It also sees use on a global basis.

Boston, MA-based GE recommends users update to the latest release, Version 4.0, to mitigate this vulnerability. Click here to obtain the latest version.



Leave a Reply

You must be logged in to post a comment.