CVE-2023-0898 MEDIUM

CVE-2023-0898: Uncontrolled Search Path Element in GE MiCOM S1 Agile

Vendor General Electric
Product MiCOM S1 Agile
Weakness CWE-427
Published November 7, 2023
Last update January 16, 2025

CVSS base score

5.3/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H

What the vulnerability does

01Description

General Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application.

Key dates

02Disclosure timeline

November 7, 2023 CVE published
January 16, 2025 Record updated