Filtered by vendor Ge
Subscribe
Total
128 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27450 | 1 Ge | 2 Mu320e, Mu320e Firmware | 2021-03-29 | 4.6 MEDIUM | 7.8 HIGH |
| SSH server configuration file does not implement some best practices. This could lead to a weakening of the SSH protocol strength, which could lead to additional misconfiguration or be leveraged as part of a larger attack on the MU320E (all firmware versions prior to v04A00.1). | |||||
| CVE-2016-2310 | 1 Ge | 8 Multilink Firmware, Multilink Ml1200, Multilink Ml1600 and 5 more | 2021-03-29 | 10.0 HIGH | 9.8 CRITICAL |
| General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface. | |||||
| CVE-2021-27448 | 1 Ge | 2 Mu320e, Mu320e Firmware | 2021-03-29 | 4.6 MEDIUM | 7.8 HIGH |
| A miscommunication in the file system allows adversaries with access to the MU320E to escalate privileges on the MU320E (all firmware versions prior to v04A00.1). | |||||
| CVE-2019-18255 | 1 Ge | 1 Ifix | 2021-02-24 | 2.1 LOW | 5.5 MEDIUM |
| HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through section objects. This may allow privilege escalation. | |||||
| CVE-2019-18243 | 1 Ge | 1 Ifix | 2021-02-24 | 2.1 LOW | 5.5 MEDIUM |
| HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through the registry. This may allow privilege escalation. | |||||
| CVE-2020-27265 | 4 Ge, Ptc, Rockwellautomation and 1 more | 7 Industrial Gateway Server, Kepware Kepserverex, Opc-aggregator and 4 more | 2021-01-21 | 7.5 HIGH | 9.8 CRITICAL |
| KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code. | |||||
| CVE-2020-27267 | 4 Ge, Ptc, Rockwellautomation and 1 more | 7 Industrial Gateway Server, Kepware Kepserverex, Opc-aggregator and 4 more | 2021-01-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data. | |||||
| CVE-2020-27263 | 4 Ge, Ptc, Rockwellautomation and 1 more | 7 Industrial Gateway Server, Kepware Kepserverex, Opc-aggregator and 4 more | 2021-01-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data. | |||||
| CVE-2020-16246 | 1 Ge | 4 S2020, S2020 Firmware, S2024 and 1 more | 2020-11-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client. | |||||
| CVE-2019-6566 | 1 Ge | 1 Ge Communicator | 2020-10-16 | 7.2 HIGH | 7.8 HIGH |
| GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to replace the uninstaller with a malicious version, which could allow an attacker to gain administrator privileges to the system. | |||||
| CVE-2019-6544 | 1 Ge | 1 Ge Communicator | 2020-10-16 | 6.8 MEDIUM | 5.6 MEDIUM |
| GE Communicator, all versions prior to 4.0.517, has a service running with system privileges that may allow an unprivileged user to perform certain administrative actions, which may allow the execution of scheduled scripts with system administrator privileges. This service is inaccessible to attackers if Windows default firewall settings are used by the end user. | |||||
| CVE-2019-13554 | 1 Ge | 1 Mark Vie Control System | 2020-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| GE Mark VIe Controller has an unsecured Telnet protocol that may allow a user to create an authenticated session using generic default credentials. GE recommends that users disable the Telnet service. | |||||
| CVE-2020-16240 | 1 Ge | 1 Asset Performance Management Classic | 2020-10-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference (IDOR) vulnerability allows user account data to be downloaded in JavaScript object notation (JSON) format by users who should not have access to such functionality. An attacker can download sensitive data related to user accounts without having the proper privileges. | |||||
| CVE-2019-10966 | 1 Ge | 8 Aespire 7100, Aespire 7100 Firmware, Aespire 7900 and 5 more | 2020-10-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exists where serial devices are connected via an added unsecured terminal server to a TCP/IP network configuration, which could allow an attacker to remotely modify device configuration and silence alarms. | |||||
| CVE-2018-5475 | 1 Ge | 2 D60 Line Distance Relay, D60 Line Distance Relay Firmware | 2020-09-18 | 7.5 HIGH | 9.8 CRITICAL |
| A Stack-based Buffer Overflow issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. Multiple stack-based buffer overflow vulnerabilities have been identified, which may allow remote code execution. | |||||
| CVE-2020-12017 | 1 Ge | 6 Rt430, Rt430 Firmware, Rt431 and 3 more | 2020-06-08 | 9.0 HIGH | 9.8 CRITICAL |
| GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmware versions prior to 08A05. The device’s vulnerability in the web application could allow multiple unauthenticated attacks that could cause serious impact. The vulnerability may allow an unauthenticated attacker to execute arbitrary commands and send a request to a specific URL that could cause the device to become unresponsive. The unauthenticated attacker may change the password of the 'configuration' user account, allowing the attacker to modify the configuration of the device via the web interface using the new password. This vulnerability may also allow an unauthenticated attacker to bypass the authentication required to configure the device and reboot the system. | |||||
| CVE-2020-6992 | 1 Ge | 1 Cimplicity | 2020-04-22 | 4.6 MEDIUM | 6.7 MEDIUM |
| A local privilege escalation vulnerability has been identified in the GE Digital CIMPLICITY HMI/SCADA product v10.0 and prior. If exploited, this vulnerability could allow an adversary to modify the system, leading to the arbitrary execution of code. This vulnerability is only exploitable if an attacker has access to an authenticated session. GE Digital CIMPLICITY v11.0, released January 2020, contains mitigation for this local privilege escalation vulnerability. GE Digital recommends all users upgrade to GE CIMPLICITY v11.0 or newer. | |||||
| CVE-2019-13559 | 1 Ge | 1 Mark Vie Controll System | 2020-04-08 | 7.2 HIGH | 7.8 HIGH |
| GE Mark VIe Controller is shipped with pre-configured hard-coded credentials that may allow root-user access to the controller. A limited application of the affected product may ship without setup and configuration instructions immediately available to the end user. The bulk of controllers go into applications requiring the GE commissioning engineer to change default configurations during the installation process. GE recommends that users reset controller passwords during installation in the operating environment. | |||||
| CVE-2020-6977 | 1 Ge | 32 Invenia Abus Scan Station, Invenia Abus Scan Station Firmware, Logiq E10 and 29 more | 2020-03-05 | 7.2 HIGH | 6.8 MEDIUM |
| A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access to the underlying operating system. Affected devices include the following GE Ultrasound Products: Vivid products - all versions; LOGIQ - all versions not including LOGIQ 100 Pro; Voluson - all versions; Versana Essential - all versions; Invenia ABUS Scan station - all versions; Venue - all versions not including Venue 40 R1-3 and Venue 50 R4-5 | |||||
| CVE-2012-6663 | 1 Ge | 4 D200, D200 Firmware, D20me and 1 more | 2020-01-28 | 5.0 MEDIUM | 7.5 HIGH |
| General Electric D20ME devices are not properly configured and reveal plaintext passwords. | |||||