Filtered by vendor Ge
Subscribe
Total
128 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-27265 | 4 Ge, Ptc, Rockwellautomation and 1 more | 7 Industrial Gateway Server, Kepware Kepserverex, Opc-aggregator and 4 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code. | |||||
| CVE-2019-18243 | 1 Ge | 1 Ifix | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through the registry. This may allow privilege escalation. | |||||
| CVE-2020-16244 | 1 Ge | 1 Asset Performance Management Classic | 2023-12-10 | 4.0 MEDIUM | 7.2 HIGH |
| GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for hash calculation of passwords, making it possible to decrypt passwords. This design flaw, along with the IDOR vulnerability, puts the entire platform at high risk because an authenticated user can retrieve all user account data and then retrieve the actual passwords. | |||||
| CVE-2020-6992 | 1 Ge | 1 Cimplicity | 2023-12-10 | 4.6 MEDIUM | 6.7 MEDIUM |
| A local privilege escalation vulnerability has been identified in the GE Digital CIMPLICITY HMI/SCADA product v10.0 and prior. If exploited, this vulnerability could allow an adversary to modify the system, leading to the arbitrary execution of code. This vulnerability is only exploitable if an attacker has access to an authenticated session. GE Digital CIMPLICITY v11.0, released January 2020, contains mitigation for this local privilege escalation vulnerability. GE Digital recommends all users upgrade to GE CIMPLICITY v11.0 or newer. | |||||
| CVE-2019-13559 | 1 Ge | 1 Mark Vie Controll System | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| GE Mark VIe Controller is shipped with pre-configured hard-coded credentials that may allow root-user access to the controller. A limited application of the affected product may ship without setup and configuration instructions immediately available to the end user. The bulk of controllers go into applications requiring the GE commissioning engineer to change default configurations during the installation process. GE recommends that users reset controller passwords during installation in the operating environment. | |||||
| CVE-2020-12017 | 1 Ge | 6 Rt430, Rt430 Firmware, Rt431 and 3 more | 2023-12-10 | 9.0 HIGH | 9.8 CRITICAL |
| GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmware versions prior to 08A05. The device’s vulnerability in the web application could allow multiple unauthenticated attacks that could cause serious impact. The vulnerability may allow an unauthenticated attacker to execute arbitrary commands and send a request to a specific URL that could cause the device to become unresponsive. The unauthenticated attacker may change the password of the 'configuration' user account, allowing the attacker to modify the configuration of the device via the web interface using the new password. This vulnerability may also allow an unauthenticated attacker to bypass the authentication required to configure the device and reboot the system. | |||||
| CVE-2019-13554 | 1 Ge | 1 Mark Vie Control System | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| GE Mark VIe Controller has an unsecured Telnet protocol that may allow a user to create an authenticated session using generic default credentials. GE recommends that users disable the Telnet service. | |||||
| CVE-2019-18267 | 1 Ge | 4 S2020, S2020 Firmware, S2020g and 1 more | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a stored cross-site scripting vulnerability that may allow session hijacking, disclosure of sensitive data, cross-site request forgery (CSRF) attacks, and remote code execution. | |||||
| CVE-2012-6663 | 1 Ge | 4 D200, D200 Firmware, D20me and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| General Electric D20ME devices are not properly configured and reveal plaintext passwords. | |||||
| CVE-2020-6977 | 1 Ge | 32 Invenia Abus Scan Station, Invenia Abus Scan Station Firmware, Logiq E10 and 29 more | 2023-12-10 | 7.2 HIGH | 6.8 MEDIUM |
| A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access to the underlying operating system. Affected devices include the following GE Ultrasound Products: Vivid products - all versions; LOGIQ - all versions not including LOGIQ 100 Pro; Voluson - all versions; Versana Essential - all versions; Invenia ABUS Scan station - all versions; Venue - all versions not including Venue 40 R1-3 and Venue 50 R4-5 | |||||
| CVE-2019-10966 | 1 Ge | 8 Aespire 7100, Aespire 7100 Firmware, Aespire 7900 and 5 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exists where serial devices are connected via an added unsecured terminal server to a TCP/IP network configuration, which could allow an attacker to remotely modify device configuration and silence alarms. | |||||
| CVE-2019-6544 | 1 Ge | 1 Ge Communicator | 2023-12-10 | 6.8 MEDIUM | 5.6 MEDIUM |
| GE Communicator, all versions prior to 4.0.517, has a service running with system privileges that may allow an unprivileged user to perform certain administrative actions, which may allow the execution of scheduled scripts with system administrator privileges. This service is inaccessible to attackers if Windows default firewall settings are used by the end user. | |||||
| CVE-2019-6564 | 1 Ge | 1 Ge Communicator | 2023-12-10 | 6.9 MEDIUM | 7.8 HIGH |
| GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious files within the installer file directory, which may allow an attacker to gain administrative privileges on a system during installation or upgrade. | |||||
| CVE-2019-6566 | 1 Ge | 1 Ge Communicator | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to replace the uninstaller with a malicious version, which could allow an attacker to gain administrator privileges to the system. | |||||
| CVE-2019-6548 | 1 Ge | 1 Ge Communicator | 2023-12-10 | 6.8 MEDIUM | 9.8 CRITICAL |
| GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user. | |||||
| CVE-2019-6546 | 1 Ge | 1 Ge Communicator | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements. | |||||
| CVE-2018-15362 | 1 Ge | 1 Cimplicity | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0 | |||||
| CVE-2017-7908 | 2 Ge, Gigasoft | 2 Ge Communicator, Proessentials | 2023-12-10 | 6.8 MEDIUM | 7.6 HIGH |
| A heap-based buffer overflow exists in the third-party product Gigasoft, v5 and prior, included in GE Communicator 3.15 and prior. A malicious HTML file that loads the ActiveX controls can trigger the vulnerability via unchecked function calls. | |||||
| CVE-2018-17925 | 1 Ge | 1 Ifix | 2023-12-10 | 4.4 MEDIUM | 4.8 MEDIUM |
| Multiple instances of this vulnerability (Unsafe ActiveX Control Marked Safe For Scripting) have been identified in the third-party ActiveX object provided to GE iFIX versions 2.0 - 5.8 by Gigasoft. Only the independent use of the Gigasoft charting package outside the iFIX product may expose users to the reported vulnerability. The reported method shown to impact Internet Explorer is not exposed in the iFIX product, nor is the core functionality of the iFIX product known to be impacted. | |||||
| CVE-2018-19003 | 1 Ge | 6 Ex2100e, Ex2100e Firmware, Ls2100e and 3 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to 05.02.04C, EX2100e All versions prior to v04.09.00C, EX2100e_Reg All versions prior to v04.09.00C, and LS2100e All versions prior to v04.09.00C The affected versions of the application have a path traversal vulnerability that fails to restrict the ability of an attacker to gain access to restricted information. | |||||