Filtered by vendor Ge
Subscribe
Total
128 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-43976 | 1 Ge | 2 Ms 3000, Ms 3000 Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. Direct access to the API is possible on TCP port 8888 via programs located in the cgi-bin folder without any authentication. | |||||
CVE-2022-46732 | 1 Ge | 1 Proficy Historian | 2023-12-10 | N/A | 9.8 CRITICAL |
Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status. | |||||
CVE-2022-24119 | 1 Ge | 16 Inet 900, Inet 900 Firmware, Inet Ii 900 and 13 more | 2023-12-10 | N/A | 9.8 CRITICAL |
Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell. This affects iNET and iNET II before 8.3.0. | |||||
CVE-2022-43494 | 1 Ge | 1 Proficy Historian | 2023-12-10 | N/A | 6.5 MEDIUM |
An unauthorized user could be able to read any file on the system, potentially exposing sensitive information. | |||||
CVE-2022-46660 | 1 Ge | 1 Proficy Historian | 2023-12-10 | N/A | 6.5 MEDIUM |
An unauthorized user could alter or write files with full control over the path and content of the file. | |||||
CVE-2022-3084 | 1 Ge | 1 Cimplicity | 2023-12-10 | N/A | 7.8 HIGH |
GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary code. | |||||
CVE-2022-2948 | 1 Ge | 1 Cimplicity | 2023-12-10 | N/A | 7.8 HIGH |
GE CIMPICITY versions 2022 and prior is vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code. | |||||
CVE-2022-2952 | 1 Ge | 1 Cimplicity | 2023-12-10 | N/A | 7.8 HIGH |
GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. | |||||
CVE-2022-24120 | 1 Ge | 16 Inet 900, Inet 900 Firmware, Inet Ii 900 and 13 more | 2023-12-10 | N/A | 4.6 MEDIUM |
Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0. | |||||
CVE-2022-2002 | 1 Ge | 1 Cimplicity | 2023-12-10 | N/A | 7.8 HIGH |
GE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. | |||||
CVE-2022-37952 | 1 Ge | 1 Workstationst | 2023-12-10 | N/A | 6.1 MEDIUM |
A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST (<v07.09.15) could allow an attacker to compromise a victim's browser. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater. | |||||
CVE-2022-37953 | 1 Ge | 1 Workstationst | 2023-12-10 | N/A | 6.1 MEDIUM |
An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST (<v07.09.15) and could allow an attacker to compromise a victim's browser/session. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater. | |||||
CVE-2020-36547 | 1 Ge | 2 Voluson S8, Voluson S8 Firmware | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
A vulnerability was found in GE Voluson S8. It has been rated as critical. This issue affects the Service Browser which itroduces hard-coded credentials. Attacking locally is a requirement. It is recommended to change the configuration settings. | |||||
CVE-2022-23921 | 1 Ge | 1 Proficy Cimplicitiy | 2023-12-10 | 3.7 LOW | 7.8 HIGH |
Exploitation of this vulnerability may result in local privilege escalation and code execution. GE maintains exploitation of this vulnerability is only possible if the attacker has login access to a machine actively running CIMPLICITY, the CIMPLICITY server is not already running a project, and the server is licensed for multiple projects. | |||||
CVE-2021-27418 | 1 Ge | 38 Multilin B30, Multilin B30 Firmware, Multilin B90 and 35 more | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTML encoding of user-supplied strings. | |||||
CVE-2021-27420 | 1 Ge | 38 Multilin B30, Multilin B30 Firmware, Multilin B90 and 35 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By itself, this is not particularly significant as the relay remains effective in all other functionality and communication channels. | |||||
CVE-2022-21798 | 1 Ge | 1 Cimplicity | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the system. | |||||
CVE-2021-27424 | 1 Ge | 38 Multilin B30, Multilin B30 Firmware, Multilin B90 and 35 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information. | |||||
CVE-2021-44477 | 1 Ge | 1 Toolboxst | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. The vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project/template file. | |||||
CVE-2020-25197 | 1 Ge | 6 Rt430, Rt430 Firmware, Rt431 and 3 more | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
A code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06 that could allow an authenticated remote attacker to execute arbitrary code on the system. |