Filtered by vendor Ge
Subscribe
Total
127 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43494 | 1 Ge | 1 Proficy Historian | 2023-11-07 | N/A | 6.5 MEDIUM |
| An unauthorized user could be able to read any file on the system, potentially exposing sensitive information. | |||||
| CVE-2022-38469 | 1 Ge | 1 Proficy Historian | 2023-11-07 | N/A | 7.5 HIGH |
| An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords. | |||||
| CVE-2022-3084 | 1 Ge | 1 Cimplicity | 2023-11-07 | N/A | 7.8 HIGH |
| GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary code. | |||||
| CVE-2022-3092 | 1 Ge | 1 Cimplicity | 2023-11-07 | N/A | 7.8 HIGH |
| GE CIMPICITY versions 2022 and prior is vulnerable to an out-of-bounds write, which could allow an attacker to execute arbitrary code. | |||||
| CVE-2022-2952 | 1 Ge | 1 Cimplicity | 2023-11-07 | N/A | 7.8 HIGH |
| GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. | |||||
| CVE-2022-2948 | 1 Ge | 1 Cimplicity | 2023-11-07 | N/A | 7.8 HIGH |
| GE CIMPICITY versions 2022 and prior is vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code. | |||||
| CVE-2022-2002 | 1 Ge | 1 Cimplicity | 2023-11-07 | N/A | 7.8 HIGH |
| GE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. | |||||
| CVE-2020-36549 | 1 Ge | 2 Voluson S8, Voluson S8 Firmware | 2023-11-07 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability classified as critical was found in GE Voluson S8. Affected is the underlying Windows XP operating system. Missing patches might introduce an excessive attack surface. Access to the local network is required for this attack to succeed. | |||||
| CVE-2020-36547 | 1 Ge | 2 Voluson S8, Voluson S8 Firmware | 2023-11-07 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability was found in GE Voluson S8. It has been rated as critical. This issue affects the Service Browser which itroduces hard-coded credentials. Attacking locally is a requirement. It is recommended to change the configuration settings. | |||||
| CVE-2020-36548 | 1 Ge | 2 Voluson S8, Voluson S8 Firmware | 2023-11-07 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability classified as problematic has been found in GE Voluson S8. Affected is the file /uscgi-bin/users.cgi of the Service Browser. The manipulation leads to improper authentication and elevated access possibilities. It is possible to launch the attack on the local host. | |||||
| CVE-2023-3463 | 1 Ge | 1 Cimplicity | 2023-07-28 | N/A | 9.8 CRITICAL |
| All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer overflows, uninitialized pointers, and a heap-based buffer overflow. Successful exploitation could allow an attacker to execute arbitrary code. | |||||
| CVE-2021-27452 | 1 Ge | 2 Mu320e, Mu320e Firmware | 2023-05-05 | 7.2 HIGH | 7.8 HIGH |
| The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to v04A00.1). | |||||
| CVE-2023-1552 | 1 Ge | 1 Toolboxst | 2023-04-20 | N/A | 7.8 HIGH |
| ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a Toolbox user's context through the deserialization of an untrusted configuration file. Two CVSS scores have been provided to capture the differences between the two aforementioned attack vectors. Customers are advised to update to ToolboxST 7.10 which can be found in ControlST 7.10. If unable to update at this time customers should ensure they are following the guidance laid out in GE Gas Power's Secure Deployment Guide (GEH-6839). Customers should ensure they are not running ToolboxST as an Administrative user. | |||||
| CVE-2020-16242 | 1 Ge | 4 S2020, S2020 Firmware, S2024 and 1 more | 2023-01-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts. | |||||
| CVE-2019-6564 | 1 Ge | 1 Ge Communicator | 2023-01-31 | 6.9 MEDIUM | 7.8 HIGH |
| GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious files within the installer file directory, which may allow an attacker to gain administrative privileges on a system during installation or upgrade. | |||||
| CVE-2019-6548 | 1 Ge | 1 Ge Communicator | 2022-11-30 | 6.8 MEDIUM | 9.8 CRITICAL |
| GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user. | |||||
| CVE-2019-6546 | 1 Ge | 1 Ge Communicator | 2022-11-30 | 6.8 MEDIUM | 7.8 HIGH |
| GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements. | |||||
| CVE-2021-27422 | 1 Ge | 38 Multilin B30, Multilin B30 Firmware, Multilin B90 and 35 more | 2022-10-24 | 5.0 MEDIUM | 7.5 HIGH |
| GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication. | |||||
| CVE-2020-25193 | 1 Ge | 6 Rt430, Rt430 Firmware, Rt431 and 3 more | 2022-10-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection. | |||||
| CVE-2021-27440 | 1 Ge | 2 Reason Dr60, Reason Dr60 Firmware | 2022-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1). | |||||