CVE-2019-6544
MEDIUMGE Communicator < 4.0.517 - Unauthenticated Privilege Escalation via System Service
Title source: llmDescription
GE Communicator, all versions prior to 4.0.517, has a service running with system privileges that may allow an unprivileged user to perform certain administrative actions, which may allow the execution of scheduled scripts with system administrator privileges. This service is inaccessible to attackers if Windows default firewall settings are used by the end user.
References (1)
Core 1
Core References
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02
Scores
CVSS v3
5.6
EPSS
0.0118
EPSS Percentile
63.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-284
Status
published
Products (1)
ge/ge_communicator
< 4.0.517
Published
May 09, 2019
Tracked Since
Feb 18, 2026