GE Digital HMI/SCADA iFIX

Monitor6.1ICS-CERT ICSA-21-040-01Feb 9, 2021

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

GE iFIX HMI/SCADA versions 6.1 and earlier contain an improper file permissions vulnerability (CWE-732) that allows users with local workstation access and valid credentials to escalate privileges. The vulnerability does not support remote exploitation. Successful exploitation could allow an attacker to gain engineering-level control of the SCADA system and modify process configurations or setpoints.

What this means

What could happen

An attacker with local access and low-level user credentials could escalate their privileges on the HMI/SCADA system, potentially gaining engineering-level control to modify process parameters, alarm settings, or operational logic without proper authorization.

Who's at risk

This affects energy and manufacturing organizations running GE iFIX HMI/SCADA systems version 6.1 or earlier. Primary concern is for sites where contractors, temporary staff, or operators have local workstation access, and where iFIX is used to manage critical process control (generation, distribution, or manufacturing automation).

How it could be exploited

An attacker with a user account on the iFIX system (e.g., a contractor or disgruntled employee with local workstation access) could exploit improper file permissions to escalate their privileges to administrator or engineering level, allowing them to modify SCADA configurations or process setpoints.

Prerequisites

Local access to a workstation running iFIX
Valid user account on the iFIX system (non-admin)
iFIX version 6.1 or earlier

local access required (not remotely exploitable)user-level credentials requiredno patch available for versions below 6.5affects SCADA/HMI systemsfile permission misconfiguration (CWE-732)

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (1)

ProductAffected VersionsFix Status

HMI/SCADA iFIX:≤ 6.16.5

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict iFIX workstation access to authorized personnel only, following least privilege principles (disable remote access where not required, enforce login requirements)

WORKAROUNDReview and enforce NTFS file permissions on iFIX installation directories to prevent unauthorized privilege escalation

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade iFIX to version 6.5 or later

HARDENINGFollow GE Digital's iFIX Secure Deployment Guide for baseline security configuration

CVEs (2)

CVE-2019-18243 CVE-2019-18255

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/90afa971-90b6-4ac2-a060-c82c517a2b21