CVE-2019-6546

HIGH

GE Communicator < 4.0.517 - Uncontrolled Search Path Element

Title source: llm
STIX 2.1

Description

GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements.

References (1)

Core 1
Core References
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02

Scores

CVSS v3 7.8
EPSS 0.0083
EPSS Percentile 52.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-427
Status published
Products (1)
ge/ge_communicator < 4.0.517
Published May 09, 2019
Tracked Since Feb 18, 2026