Vulnerability Details : CVE-2018-17925
Multiple instances of this vulnerability (Unsafe ActiveX Control Marked Safe For Scripting) have been identified in the third-party ActiveX object provided to GE iFIX versions 2.0 - 5.8 by Gigasoft. Only the independent use of the Gigasoft charting package outside the iFIX product may expose users to the reported vulnerability. The reported method shown to impact Internet Explorer is not exposed in the iFIX product, nor is the core functionality of the iFIX product known to be impacted.
Products affected by CVE-2018-17925
- cpe:2.3:a:ge:ifix:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-17925
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 14 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-17925
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST | |
|
4.8
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L |
1.3
|
3.4
|
NIST |
CWE ids for CVE-2018-17925
-
An ActiveX control is intended for restricted use, but it has been marked as safe-for-scripting.Assigned by: ics-cert@hq.dhs.gov (Secondary)
References for CVE-2018-17925
-
https://ics-cert.us-cert.gov/advisories/ICSA-18-282-01
GE iFix | CISAThird Party Advisory;US Government Resource
-
http://www.securityfocus.com/bid/105540
General Electric iFix CVE-2018-17925 Unspecified Local Security VulnerabilityThird Party Advisory;VDB Entry
Jump to