Filtered by vendor Ge
Subscribe
Total
128 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27440 | 1 Ge | 2 Reason Dr60, Reason Dr60 Firmware | 2022-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1). | |||||
| CVE-2022-37953 | 1 Ge | 1 Workstationst | 2022-08-29 | N/A | 6.1 MEDIUM |
| An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST (<v07.09.15) and could allow an attacker to compromise a victim's browser/session. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater. | |||||
| CVE-2022-37952 | 1 Ge | 1 Workstationst | 2022-08-29 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST (<v07.09.15) could allow an attacker to compromise a victim's browser. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater. | |||||
| CVE-2021-27438 | 1 Ge | 2 Reason Dr60, Reason Dr60 Firmware | 2022-07-29 | 6.5 MEDIUM | 8.8 HIGH |
| The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1). | |||||
| CVE-2018-5473 | 1 Ge | 2 D60 Line Distance Relay, D60 Line Distance Relay Firmware | 2022-04-19 | 10.0 HIGH | 9.8 CRITICAL |
| An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. The SSH functions of the device are vulnerable to buffer overflow conditions that may allow a remote attacker to execute arbitrary code on the device. | |||||
| CVE-2021-44477 | 1 Ge | 1 Toolboxst | 2022-04-04 | 5.0 MEDIUM | 7.5 HIGH |
| GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. The vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project/template file. | |||||
| CVE-2021-27418 | 1 Ge | 38 Multilin B30, Multilin B30 Firmware, Multilin B90 and 35 more | 2022-04-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTML encoding of user-supplied strings. | |||||
| CVE-2021-27420 | 1 Ge | 38 Multilin B30, Multilin B30 Firmware, Multilin B90 and 35 more | 2022-04-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By itself, this is not particularly significant as the relay remains effective in all other functionality and communication channels. | |||||
| CVE-2021-27424 | 1 Ge | 38 Multilin B30, Multilin B30 Firmware, Multilin B90 and 35 more | 2022-04-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information. | |||||
| CVE-2021-27426 | 1 Ge | 38 Multilin B30, Multilin B30 Firmware, Multilin B90 and 35 more | 2022-04-01 | 7.5 HIGH | 9.8 CRITICAL |
| GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user. | |||||
| CVE-2021-27428 | 1 Ge | 38 Multilin B30, Multilin B30 Firmware, Multilin B90 and 35 more | 2022-04-01 | 7.5 HIGH | 9.8 CRITICAL |
| GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without appropriate privileges. The weakness is assessed, and mitigation is implemented in firmware Version 8.10. | |||||
| CVE-2021-27430 | 1 Ge | 1 Ur Bootloader Binary | 2022-03-31 | 4.6 MEDIUM | 6.8 MEDIUM |
| GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR. | |||||
| CVE-2020-25197 | 1 Ge | 6 Rt430, Rt430 Firmware, Rt431 and 3 more | 2022-03-28 | 9.0 HIGH | 8.8 HIGH |
| A code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06 that could allow an authenticated remote attacker to execute arbitrary code on the system. | |||||
| CVE-2022-21798 | 1 Ge | 1 Cimplicity | 2022-03-08 | 7.5 HIGH | 9.8 CRITICAL |
| The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the system. | |||||
| CVE-2022-23921 | 1 Ge | 1 Proficy Cimplicitiy | 2022-03-08 | 3.7 LOW | 7.8 HIGH |
| Exploitation of this vulnerability may result in local privilege escalation and code execution. GE maintains exploitation of this vulnerability is only possible if the attacker has login access to a machine actively running CIMPLICITY, the CIMPLICITY server is not already running a project, and the server is licensed for multiple projects. | |||||
| CVE-2016-5787 | 1 Ge | 1 Cimplicity | 2022-02-03 | 4.6 MEDIUM | 6.3 MEDIUM |
| General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors. | |||||
| CVE-2016-9360 | 1 Ge | 3 Cimplicity, Historian, Ifix | 2022-02-03 | 4.4 MEDIUM | 6.7 MEDIUM |
| An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session. | |||||
| CVE-2020-16244 | 1 Ge | 1 Asset Performance Management Classic | 2021-11-22 | 4.0 MEDIUM | 7.2 HIGH |
| GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for hash calculation of passwords, making it possible to decrypt passwords. This design flaw, along with the IDOR vulnerability, puts the entire platform at high risk because an authenticated user can retrieve all user account data and then retrieve the actual passwords. | |||||
| CVE-2021-31477 | 1 Ge | 2 Reason Rpv311 Firmware, Rpv311 | 2021-06-24 | 7.5 HIGH | 7.3 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware and filesystem contain hard-coded default credentials. An attacker can leverage this vulnerability to execute code in the context of the download user. Was ZDI-CAN-11852. | |||||
| CVE-2021-27454 | 1 Ge | 2 Reason Dr60, Reason Dr60 Firmware | 2021-03-30 | 4.6 MEDIUM | 7.8 HIGH |
| The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 (all firmware versions prior to 02A04.1). | |||||