CVE-2022-21798 is a vulnerability in GE Cimplicity
Published on February 25, 2022
ICSA-22-053-02 GE Proficy CIMPLICITY-Cleartext
The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the system.
Vulnerability Analysis
Weakness Type
Cleartext Transmission of Sensitive Information
The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. Many communication channels can be "sniffed" by attackers during data transmission. For example, network traffic can often be sniffed by any attacker who has access to a network interface. This significantly lowers the difficulty of exploitation by attackers.
Products Associated with CVE-2022-21798
Want to know whenever a new CVE is published for GE Cimplicity? stack.watch will email you.
Affected Versions
General Electric Proficy CIMPLICITY Version all is affected by CVE-2022-21798Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.