Filtered by vendor Ge
Subscribe
Total
128 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10615 | 1 Ge | 1 Mds Pulsenet | 2023-12-10 | 6.5 MEDIUM | 8.1 HIGH |
| Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior host platform. | |||||
| CVE-2017-14002 | 1 Ge | 2 Infinia Hawkeye 4, Infinia Hawkeye 4 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. | |||||
| CVE-2018-10611 | 1 Ge | 1 Mds Pulsenet | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Java remote method invocation (RMI) input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to allow unauthenticated users to launch applications and support remote code execution through web services. | |||||
| CVE-2018-10613 | 1 Ge | 1 Mds Pulsenet | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior. | |||||
| CVE-2017-14008 | 1 Ge | 1 Centricity Pacs Ra1000 | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| GE Centricity PACS RA1000, diagnostic image analysis, all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. | |||||
| CVE-2017-14006 | 1 Ge | 1 Xeleris | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| GE Xeleris versions 1.0,1.1,2.1,3.0,3.1, medical imaging systems, all current versions are affected, these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. | |||||
| CVE-2018-5475 | 1 Ge | 2 D60 Line Distance Relay, D60 Line Distance Relay Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A Stack-based Buffer Overflow issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. Multiple stack-based buffer overflow vulnerabilities have been identified, which may allow remote code execution. | |||||
| CVE-2017-14004 | 1 Ge | 1 Gemnet License Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| GE GEMNet License server (EchoServer) all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. | |||||
| CVE-2018-5473 | 1 Ge | 2 D60 Line Distance Relay, D60 Line Distance Relay Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. The SSH functions of the device are vulnerable to buffer overflow conditions that may allow a remote attacker to execute arbitrary code on the device. | |||||
| CVE-2018-8867 | 1 Ge | 16 Pacsystems Cpu320, Pacsystems Cpu320 Firmware, Pacsystems Cru320 and 13 more | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
| In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystems RSTi-EP CPE 100 all versions, and PACSystems CPU320/CRU320 RXi all versions, the device does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable. | |||||
| CVE-2017-7905 | 1 Ge | 20 Multilin Sr 369 Motor Protection Relay, Multilin Sr 369 Motor Protection Relay Firmware, Multilin Sr 469 Motor Protection Relay and 17 more | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands. | |||||
| CVE-2017-12732 | 1 Ge | 1 Intelligent Platforms Proficy Hmi\/scada Cimplicity | 2023-12-10 | 4.9 MEDIUM | 6.8 MEDIUM |
| A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution. | |||||
| CVE-2015-3976 | 1 Ge | 14 Multilink Ml1200, Multilink Ml1200 Firmware, Multilink Ml1600 and 11 more | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier. | |||||
| CVE-2016-9360 | 1 Ge | 3 Cimplicity, Historian, Ifix | 2023-12-10 | 4.4 MEDIUM | 6.7 MEDIUM |
| An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session. | |||||
| CVE-2016-5788 | 1 Ge | 4 Bently Nevada 3500\/22m Serial, Bently Nevada 3500\/22m Serial Firmware, Bently Nevada 3500\/22m Usb and 1 more | 2023-12-10 | 10.0 HIGH | 10.0 CRITICAL |
| General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote attackers to obtain privileged access via unspecified vectors. | |||||
| CVE-2016-0862 | 1 Ge | 5 Snmp\/web Adapter 1024746, Snmp\/web Adapter 1024747, Snmp\/web Adapter 1024748 and 2 more | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors. | |||||
| CVE-2016-2310 | 1 Ge | 8 Multilink Firmware, Multilink Ml1200, Multilink Ml1600 and 5 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface. | |||||
| CVE-2016-0861 | 1 Ge | 1 Ups Snmp Web Adapter Firmware | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
| General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2015-6456 | 1 Ge | 1 Mds Pulsenet | 2023-12-10 | 9.0 HIGH | N/A |
| GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 have hardcoded credentials for a support account, which allows remote attackers to obtain administrative access, and consequently execute arbitrary code, by leveraging knowledge of the password. | |||||
| CVE-2016-5787 | 1 Ge | 1 Cimplicity | 2023-12-10 | 4.6 MEDIUM | 6.3 MEDIUM |
| General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors. | |||||