CVE-2019-6544

low-risk
Published 2019-05-09

GE Communicator, all versions prior to 4.0.517, has a service running with system privileges that may allow an unprivileged user to perform certain administrative actions, which may allow the execution of scheduled scripts with system administrator privileges. This service is inaccessible to attackers if Windows default firewall settings are used by the end user.

Do I need to act?

-
0.35% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.6/10 Medium
NETWORK / HIGH complexity

Affected Products (1)

Ge Communicator

Affected Vendors

Ge

References (2)

Mitigation https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02
Mitigation https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02
24
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal