Filtered by vendor Ge
Subscribe
Total
127 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24116 | 1 Ge | 16 Inet 900, Inet 900 Firmware, Inet Ii 900 and 13 more | 2025-04-12 | N/A | 9.8 CRITICAL |
| Certain General Electric Renewable Energy products have inadequate encryption strength. This affects iNET and iNET II before 8.3.0. | |||||
| CVE-2022-24118 | 1 Ge | 16 Inet 900, Inet 900 Firmware, Inet Ii 900 and 13 more | 2025-04-12 | N/A | 9.1 CRITICAL |
| Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6. | |||||
| CVE-2022-24120 | 1 Ge | 16 Inet 900, Inet 900 Firmware, Inet Ii 900 and 13 more | 2025-04-12 | N/A | 4.6 MEDIUM |
| Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0. | |||||
| CVE-2022-24117 | 1 Ge | 16 Inet 900, Inet 900 Firmware, Inet Ii 900 and 13 more | 2025-04-12 | N/A | 9.8 CRITICAL |
| Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6. | |||||
| CVE-2022-24119 | 1 Ge | 16 Inet 900, Inet 900 Firmware, Inet Ii 900 and 13 more | 2025-04-12 | N/A | 9.8 CRITICAL |
| Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell. This affects iNET and iNET II before 8.3.0. | |||||
| CVE-2022-43975 | 1 Ge | 2 Ms 3000, Ms 3000 Firmware | 2025-04-07 | N/A | 7.5 HIGH |
| An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. A vulnerability in the web server allows arbitrary files and configurations to be read via directory traversal over TCP port 8888. | |||||
| CVE-2022-43976 | 1 Ge | 2 Ms 3000, Ms 3000 Firmware | 2025-04-07 | N/A | 9.8 CRITICAL |
| An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. Direct access to the API is possible on TCP port 8888 via programs located in the cgi-bin folder without any authentication. | |||||
| CVE-2022-43977 | 1 Ge | 2 Ms 3000, Ms 3000 Firmware | 2025-04-04 | N/A | 9.8 CRITICAL |
| An issue was discovered on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. The debug port accessible via TCP (a qconn service) lacks access control. | |||||
| CVE-2022-2848 | 4 Ge, Ptc, Rockwellautomation and 1 more | 8 Industrial Gateway Server, Kepware Kepserverex, Opc-aggregator and 5 more | 2025-02-18 | N/A | 9.1 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16486. | |||||
| CVE-2022-2825 | 4 Ge, Ptc, Rockwellautomation and 1 more | 8 Industrial Gateway Server, Kepware Kepserverex, Opc-aggregator and 5 more | 2025-02-18 | N/A | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-18411. | |||||
| CVE-2022-46732 | 1 Ge | 1 Proficy Historian | 2025-01-17 | N/A | 9.8 CRITICAL |
| Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status. | |||||
| CVE-2008-0174 | 1 Ge | 1 Proficy Real-time Information Portal | 2024-02-14 | 5.0 MEDIUM | 9.8 CRITICAL |
| GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges. | |||||
| CVE-2023-5908 | 4 Ge, Ptc, Rockwellautomation and 1 more | 8 Industrial Gateway Server, Keepserverex, Opc-aggregator and 5 more | 2023-12-06 | N/A | 9.1 CRITICAL |
| KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information. | |||||
| CVE-2023-5909 | 4 Ge, Ptc, Rockwellautomation and 1 more | 8 Industrial Gateway Server, Keepserverex, Opc-aggregator and 5 more | 2023-12-06 | N/A | 7.5 HIGH |
| KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect. | |||||
| CVE-2023-0898 | 1 Ge | 1 Micom S1 Agile | 2023-11-14 | N/A | 7.3 HIGH |
| General Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application. | |||||
| CVE-2023-0754 | 3 Ge, Ptc, Rockwellautomation | 9 Digital Industrial Gateway Server, Kepware Server, Kepware Serverex and 6 more | 2023-11-07 | N/A | 9.8 CRITICAL |
| The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to crash the server and remotely execute arbitrary code. | |||||
| CVE-2023-0755 | 3 Ge, Ptc, Rockwellautomation | 9 Digital Industrial Gateway Server, Kepware Server, Kepware Serverex and 6 more | 2023-11-07 | N/A | 9.8 CRITICAL |
| The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code. | |||||
| CVE-2023-0598 | 1 Ge | 1 Ifix | 2023-11-07 | N/A | 9.8 CRITICAL |
| GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software. | |||||
| CVE-2022-46331 | 1 Ge | 1 Proficy Historian | 2023-11-07 | N/A | 8.1 HIGH |
| An unauthorized user could possibly delete any file on the system. | |||||
| CVE-2022-46660 | 1 Ge | 1 Proficy Historian | 2023-11-07 | N/A | 6.5 MEDIUM |
| An unauthorized user could alter or write files with full control over the path and content of the file. | |||||