CVE-2019-6544

MEDIUM

GE Communicator < 4.0.517 - Unauthenticated Privilege Escalation via System Service

Title source: llm
STIX 2.1

Description

GE Communicator, all versions prior to 4.0.517, has a service running with system privileges that may allow an unprivileged user to perform certain administrative actions, which may allow the execution of scheduled scripts with system administrator privileges. This service is inaccessible to attackers if Windows default firewall settings are used by the end user.

References (1)

Core 1
Core References
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02

Scores

CVSS v3 5.6
EPSS 0.0118
EPSS Percentile 63.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE
CWE-284
Status published
Products (1)
ge/ge_communicator < 4.0.517
Published May 09, 2019
Tracked Since Feb 18, 2026