Ge
Products
67- 14 CVEs
- 10 CVEs
- 8 CVEs
- 7 CVEs
- 6 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- View all 67 products →
Recent CVEs
80| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-5788 | Cri | 0.65 | 10.0 | 0.02 | Nov 25, 2016 | General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote attackers to obtain privileged access via unspecified vectors. | ||
| CVE-2018-10611 | Cri | 0.64 | 9.8 | 0.05 | Jun 4, 2018 | Java remote method invocation (RMI) input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to allow unauthenticated users to launch applications and support remote code execution through web services. | ||
| CVE-2017-14008 | Cri | 0.64 | 9.8 | 0.03 | Mar 20, 2018 | GE Centricity PACS RA1000, diagnostic image analysis, all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. | ||
| CVE-2017-14006 | Cri | 0.64 | 9.8 | 0.02 | Mar 20, 2018 | GE Xeleris versions 1.0,1.1,2.1,3.0,3.1, medical imaging systems, all current versions are affected, these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the… | ||
| CVE-2017-14004 | Cri | 0.64 | 9.8 | 0.02 | Mar 20, 2018 | GE GEMNet License server (EchoServer) all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. | ||
| CVE-2017-7905 | Cri | 0.64 | 9.8 | 0.01 | Jun 30, 2017 | A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware… | ||
| CVE-2016-2310 | Cri | 0.64 | 9.8 | 0.03 | Jun 9, 2016 | General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web… | ||
| CVE-2008-0174 | Cri | 0.64 | 9.8 | 0.02 | Jan 29, 2008 | GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges. | ||
| CVE-2016-0861 | Hig | 0.61 | 8.8 | 0.14 | Feb 5, 2016 | General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands via unspecified vectors. | ||
| CVE-2018-10615 | Hig | 0.53 | 8.1 | 0.03 | Jun 4, 2018 | Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior host platform. | ||
| CVE-2018-8867 | Hig | 0.49 | 7.5 | 0.03 | May 18, 2018 | In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystems RSTi-EP CPE 100 all versions, and PACSystems CPU320/CRU320 RXi all versions, the device does not properly validate input, which could… | ||
| CVE-2018-6021 | Hig | 0.48 | 7.4 | 0.01 | May 9, 2018 | Silex SD-320AN version 2.01 and prior and GE MobileLink(GEH-SD-320AN) version GEH-1.1 and prior have a system call parameter that is not properly sanitized, which may allow remote code execution. | ||
| CVE-2016-0862 | Med | 0.46 | 6.5 | 0.10 | Feb 5, 2016 | General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors. | ||
| CVE-2017-12732 | Med | 0.44 | 6.8 | 0.01 | Oct 5, 2017 | A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution. | ||
| CVE-2016-9360 | Med | 0.44 | 6.7 | 0.00 | Feb 13, 2017 | An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if… | ||
| CVE-2018-6020 | Med | 0.42 | 6.5 | 0.01 | May 9, 2018 | In Silex SX-500 all versions and GE MobileLink(GEH-500) version 1.54 and prior, authentication is not verified when making certain POST requests, which may allow attackers to modify system settings. | ||
| CVE-2016-5787 | Med | 0.41 | 6.3 | 0.00 | Jul 15, 2016 | General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors. | ||
| CVE-2015-3976 | Med | 0.35 | 5.4 | 0.01 | Aug 28, 2017 | Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier. | ||
| CVE-2014-0750 | 0.09 | — | 0.70 | Jan 25, 2014 | Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP… | |||
| CVE-2012-2516 | 0.06 | — | 0.40 | Jul 5, 2012 | An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component), as used in GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; Proficy HMI/SCADA iFIX 5.0 and 5.1; Proficy Pulse 1.0; Proficy Batch Execution 5.6; SI7 I/O Driver 7.20… |
- risk 0.65cvss 10.0epss 0.02
General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote attackers to obtain privileged access via unspecified vectors.
- risk 0.64cvss 9.8epss 0.05
Java remote method invocation (RMI) input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to allow unauthenticated users to launch applications and support remote code execution through web services.
- risk 0.64cvss 9.8epss 0.03
GE Centricity PACS RA1000, diagnostic image analysis, all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.
- risk 0.64cvss 9.8epss 0.02
GE Xeleris versions 1.0,1.1,2.1,3.0,3.1, medical imaging systems, all current versions are affected, these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the…
- risk 0.64cvss 9.8epss 0.02
GE GEMNet License server (EchoServer) all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.
- risk 0.64cvss 9.8epss 0.01
A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware…
- risk 0.64cvss 9.8epss 0.03
General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web…
- risk 0.64cvss 9.8epss 0.02
GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges.
- risk 0.61cvss 8.8epss 0.14
General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands via unspecified vectors.
- risk 0.53cvss 8.1epss 0.03
Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior host platform.
- risk 0.49cvss 7.5epss 0.03
In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystems RSTi-EP CPE 100 all versions, and PACSystems CPU320/CRU320 RXi all versions, the device does not properly validate input, which could…
- risk 0.48cvss 7.4epss 0.01
Silex SD-320AN version 2.01 and prior and GE MobileLink(GEH-SD-320AN) version GEH-1.1 and prior have a system call parameter that is not properly sanitized, which may allow remote code execution.
- risk 0.46cvss 6.5epss 0.10
General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors.
- risk 0.44cvss 6.8epss 0.01
A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution.
- risk 0.44cvss 6.7epss 0.00
An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if…
- risk 0.42cvss 6.5epss 0.01
In Silex SX-500 all versions and GE MobileLink(GEH-500) version 1.54 and prior, authentication is not verified when making certain POST requests, which may allow attackers to modify system settings.
- risk 0.41cvss 6.3epss 0.00
General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors.
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier.
- CVE-2014-0750Jan 25, 2014risk 0.09cvss —epss 0.70
Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP…
- CVE-2012-2516Jul 5, 2012risk 0.06cvss —epss 0.40
An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component), as used in GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; Proficy HMI/SCADA iFIX 5.0 and 5.1; Proficy Pulse 1.0; Proficy Batch Execution 5.6; SI7 I/O Driver 7.20…