GE Communicator

Monitor7.6ICS-CERT ICSA-18-275-02Oct 2, 2018

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

GE Communicator versions 3.15 and earlier include a vulnerable version of third-party library Gigasoft (v5 and prior) that contains a buffer overflow or memory corruption vulnerability (CWE-122). Exploitation could allow an attacker to execute arbitrary code on the Communicator host or cause a denial-of-service condition by crashing the application. The vulnerability is remotely exploitable and requires no authentication, though user interaction (such as opening a file or clicking a link) may be involved depending on the specific attack vector. No known public exploits currently target this vulnerability.

What this means

What could happen

An attacker could execute arbitrary code on the Communicator host or cause the application to crash, disrupting access to grid operations data and control capabilities at generation, transmission, or distribution facilities.

Who's at risk

Energy and oil/gas operations that use GE Communicator for grid management, power plant monitoring, or control system access. This includes generation facilities, transmission operators, distribution utilities, and refineries that rely on Communicator for SCADA data visualization and command interface.

How it could be exploited

An attacker with network access to the Communicator application (typically on a corporate or engineering network) could send a malformed request or file to the embedded Gigasoft component, triggering a buffer overflow or memory corruption that allows arbitrary code execution. Alternatively, the attacker could trigger a crash to deny service to operators monitoring grid systems.

Prerequisites

Network access to the Communicator application (port and protocol depend on deployment)
User interaction may be required (user must open a crafted file or visit a malicious URL, depending on attack vector)
Communicator version 3.15 or earlier running embedded Gigasoft v5 or prior

remotely exploitableno authentication requiredlow complexityhigh impact (arbitrary code execution or denial of service)affects energy critical infrastructure

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (1)

ProductAffected VersionsFix Status

Third party product Gigasoft: v5 and prior included in Communicator 3.15 and prior≤ 5No fix yet

Remediation & Mitigation

0/3

Do now

0/2

HARDENINGIsolate Communicator systems from the Internet and place behind firewalls; restrict network access to authorized engineering workstations and control network devices only

HARDENINGIf remote access to Communicator is required, use a VPN connection and ensure the VPN client and gateway are patched to current versions

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate GE Communicator to version 4.0 or later

CVEs (1)

CVE-2017-7908

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a2958c99-1d55-4a9f-ae46-d0df6115330e