"Hackers Can Exploit GE Historian Vulnerabilities for ICS Espionage, Disruption"
Security researchers at Claroty have discovered vulnerabilities in GE’s Proficy Historian product that could be exploited by hackers for espionage and to cause damage and disruption in industrial environments. The US Cybersecurity and Infrastructure Security Agency (CISA) informed organizations about these vulnerabilities on Tuesday. According to the researchers, historian servers are designed to collect data from industrial control systems (ICS) to help organizations monitor and improve their processes. CISA noted that their role and network position can make them a tempting target for threat actors looking to cause disruption or gain further access into a compromised network. The security researchers discovered five critical and high-severity vulnerabilities in the widely used GE Digital Proficy Historian product. The flaws include authentication bypass, arbitrary file upload, information disclosure, and file removal issues. GE patched the vulnerabilities with the release of Proficy Historian 2023. The researchers demonstrated how an attacker could chain two of these vulnerabilities, an authentication bypass tracked as CVE-2022-46732 and a remote code execution bug tracked as CVE-2022-46660, to conduct pre-authentication remote code execution on the Proficy Historian server.