Filtered by vendor Ge Subscriptions
Total 128 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-37952 1 Ge 1 Workstationst 2024-11-21 4.7 Medium
A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST (<v07.09.15) could allow an attacker to compromise a victim's browser. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater.
CVE-2022-2952 1 Ge 1 Cimplicity 2024-11-21 7.8 High
GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.
CVE-2022-2948 1 Ge 1 Cimplicity 2024-11-21 7.8 High
GE CIMPICITY versions 2022 and prior is vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code.
CVE-2022-2848 4 Ge, Ptc, Rockwellautomation and 1 more 8 Industrial Gateway Server, Kepware Kepserverex, Opc-aggregator and 5 more 2024-11-21 9.1 Critical
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16486.
CVE-2022-2825 4 Ge, Ptc, Rockwellautomation and 1 more 8 Industrial Gateway Server, Kepware Kepserverex, Opc-aggregator and 5 more 2024-11-21 9.8 Critical
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-18411.
CVE-2022-2002 1 Ge 1 Cimplicity 2024-11-21 7.8 High
GE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.
CVE-2022-24120 1 Ge 16 Inet 900, Inet 900 Firmware, Inet Ii 900 and 13 more 2024-11-21 4.6 Medium
Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0.
CVE-2022-24119 1 Ge 16 Inet 900, Inet 900 Firmware, Inet Ii 900 and 13 more 2024-11-21 9.8 Critical
Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell. This affects iNET and iNET II before 8.3.0.
CVE-2022-24118 1 Ge 16 Inet 900, Inet 900 Firmware, Inet Ii 900 and 13 more 2024-11-21 9.1 Critical
Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.
CVE-2022-24117 1 Ge 16 Inet 900, Inet 900 Firmware, Inet Ii 900 and 13 more 2024-11-21 9.8 Critical
Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.
CVE-2022-24116 1 Ge 16 Inet 900, Inet 900 Firmware, Inet Ii 900 and 13 more 2024-11-21 9.8 Critical
Certain General Electric Renewable Energy products have inadequate encryption strength. This affects iNET and iNET II before 8.3.0.
CVE-2022-23921 1 Ge 1 Proficy Cimplicitiy 2024-11-21 7.5 High
Exploitation of this vulnerability may result in local privilege escalation and code execution. GE maintains exploitation of this vulnerability is only possible if the attacker has login access to a machine actively running CIMPLICITY, the CIMPLICITY server is not already running a project, and the server is licensed for multiple projects.
CVE-2022-21798 1 Ge 1 Cimplicity 2024-11-21 7.5 High
The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the system.
CVE-2021-44477 1 Ge 1 Toolboxst 2024-11-21 7.5 High
GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. The vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project/template file.
CVE-2021-31477 1 Ge 2 Reason Rpv311 Firmware, Rpv311 2024-11-21 7.3 High
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware and filesystem contain hard-coded default credentials. An attacker can leverage this vulnerability to execute code in the context of the download user. Was ZDI-CAN-11852.
CVE-2021-27454 1 Ge 2 Reason Dr60, Reason Dr60 Firmware 2024-11-21 7.8 High
The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 (all firmware versions prior to 02A04.1).
CVE-2021-27452 1 Ge 2 Mu320e, Mu320e Firmware 2024-11-21 7.8 High
The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to v04A00.1).
CVE-2021-27450 1 Ge 2 Mu320e, Mu320e Firmware 2024-11-21 7.8 High
SSH server configuration file does not implement some best practices. This could lead to a weakening of the SSH protocol strength, which could lead to additional misconfiguration or be leveraged as part of a larger attack on the MU320E (all firmware versions prior to v04A00.1).
CVE-2021-27448 1 Ge 2 Mu320e, Mu320e Firmware 2024-11-21 7.8 High
A miscommunication in the file system allows adversaries with access to the MU320E to escalate privileges on the MU320E (all firmware versions prior to v04A00.1).
CVE-2021-27440 1 Ge 2 Reason Dr60, Reason Dr60 Firmware 2024-11-21 9.8 Critical
The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1).