CVE-2023-3463 MEDIUM

CVE-2023-3463: GE Digital CIMPLICITY Heap-based Buffer Overflow

Vendor Ge Digital
Product CIMPLICITY
Weakness CWE-122
Published July 19, 2023
Last update October 21, 2024

CVSS base score

6.6/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

What the vulnerability does

01Description

All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer overflows, uninitialized pointers, and a heap-based buffer overflow. Successful exploitation could allow an attacker to execute arbitrary code.

Key dates

02Disclosure timeline

July 19, 2023 CVE published
October 21, 2024 Record updated