Filtered by vendor Ge
Subscribe
Total
128 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-46331 | 1 Ge | 1 Proficy Historian | 2024-11-21 | N/A | 7.5 HIGH |
| An unauthorized user could possibly delete any file on the system. | |||||
| CVE-2022-43494 | 1 Ge | 1 Proficy Historian | 2024-11-21 | N/A | 7.5 HIGH |
| An unauthorized user could be able to read any file on the system, potentially exposing sensitive information. | |||||
| CVE-2022-3092 | 1 Ge | 1 Cimplicity | 2024-11-21 | N/A | 7.8 HIGH |
| GE CIMPICITY versions 2022 and prior is vulnerable to an out-of-bounds write, which could allow an attacker to execute arbitrary code. | |||||
| CVE-2022-3084 | 1 Ge | 1 Cimplicity | 2024-11-21 | N/A | 7.8 HIGH |
| GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary code. | |||||
| CVE-2022-38469 | 1 Ge | 1 Proficy Historian | 2024-11-21 | N/A | 7.5 HIGH |
| An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords. | |||||
| CVE-2022-37953 | 1 Ge | 1 Workstationst | 2024-11-21 | N/A | 4.7 MEDIUM |
| An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST (<v07.09.15) and could allow an attacker to compromise a victim's browser/session. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater. | |||||
| CVE-2022-37952 | 1 Ge | 1 Workstationst | 2024-11-21 | N/A | 4.7 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST (<v07.09.15) could allow an attacker to compromise a victim's browser. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater. | |||||
| CVE-2022-2952 | 1 Ge | 1 Cimplicity | 2024-11-21 | N/A | 7.8 HIGH |
| GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. | |||||
| CVE-2022-2948 | 1 Ge | 1 Cimplicity | 2024-11-21 | N/A | 7.8 HIGH |
| GE CIMPICITY versions 2022 and prior is vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code. | |||||
| CVE-2022-2002 | 1 Ge | 1 Cimplicity | 2024-11-21 | N/A | 7.8 HIGH |
| GE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. | |||||
| CVE-2022-23921 | 1 Ge | 1 Proficy Cimplicitiy | 2024-11-21 | 3.7 LOW | 7.5 HIGH |
| Exploitation of this vulnerability may result in local privilege escalation and code execution. GE maintains exploitation of this vulnerability is only possible if the attacker has login access to a machine actively running CIMPLICITY, the CIMPLICITY server is not already running a project, and the server is licensed for multiple projects. | |||||
| CVE-2022-21798 | 1 Ge | 1 Cimplicity | 2024-11-21 | 7.5 HIGH | 7.5 HIGH |
| The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the system. | |||||
| CVE-2021-44477 | 1 Ge | 1 Toolboxst | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. The vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project/template file. | |||||
| CVE-2021-31477 | 1 Ge | 2 Reason Rpv311 Firmware, Rpv311 | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware and filesystem contain hard-coded default credentials. An attacker can leverage this vulnerability to execute code in the context of the download user. Was ZDI-CAN-11852. | |||||
| CVE-2021-27454 | 1 Ge | 2 Reason Dr60, Reason Dr60 Firmware | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 (all firmware versions prior to 02A04.1). | |||||
| CVE-2021-27452 | 1 Ge | 2 Mu320e, Mu320e Firmware | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to v04A00.1). | |||||
| CVE-2021-27450 | 1 Ge | 2 Mu320e, Mu320e Firmware | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| SSH server configuration file does not implement some best practices. This could lead to a weakening of the SSH protocol strength, which could lead to additional misconfiguration or be leveraged as part of a larger attack on the MU320E (all firmware versions prior to v04A00.1). | |||||
| CVE-2021-27448 | 1 Ge | 2 Mu320e, Mu320e Firmware | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A miscommunication in the file system allows adversaries with access to the MU320E to escalate privileges on the MU320E (all firmware versions prior to v04A00.1). | |||||
| CVE-2021-27440 | 1 Ge | 2 Reason Dr60, Reason Dr60 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1). | |||||
| CVE-2021-27438 | 1 Ge | 2 Reason Dr60, Reason Dr60 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1). | |||||