VYPR

Vendor CVEs

Ge

All CVEs

80 total · sorted by risk
  • CVE-2020-6977Feb 20, 2020
    risk 0.00cvss epss 0.00

    A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access to the underlying operating system. Affected devices include…

  • CVE-2019-13524Jan 16, 2020
    risk 0.00cvss epss 0.02

    GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a…

  • CVE-2019-18267Dec 18, 2019
    risk 0.00cvss epss 0.02

    An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a…

  • CVE-2019-10966Jul 10, 2019
    risk 0.00cvss epss 0.01

    In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exists where serial devices are connected via an added unsecured terminal server to a TCP/IP network configuration, which could allow an attacker to remotely modify device configuration and silence alarms.

  • CVE-2018-19003Dec 14, 2018
    risk 0.00cvss epss 0.03

    GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to 05.02.04C, EX2100e All versions prior to v04.09.00C, EX2100e_Reg All versions prior to v04.09.00C, and LS2100e All versions prior to v04.09.00C The affected versions of the application have a path traversal…

  • CVE-2018-15362Dec 7, 2018
    risk 0.00cvss epss 0.03

    XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0

  • CVE-2018-17925Oct 10, 2018
    risk 0.00cvss epss 0.00

    Multiple instances of this vulnerability (Unsafe ActiveX Control Marked Safe For Scripting) have been identified in the third-party ActiveX object provided to GE iFIX versions 2.0 - 5.8 by Gigasoft. Only the independent use of the Gigasoft charting package outside the iFIX…

  • CVE-2015-6459Sep 18, 2015
    risk 0.00cvss epss 0.03

    Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname.

  • CVE-2015-6456Sep 18, 2015
    risk 0.00cvss epss 0.04

    GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 have hardcoded credentials for a support account, which allows remote attackers to obtain administrative access, and consequently execute arbitrary code, by leveraging knowledge of the password.

  • CVE-2014-5409Mar 14, 2015
    risk 0.00cvss epss 0.03

    The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values.

  • CVE-2014-9203Feb 7, 2015
    risk 0.00cvss epss 0.02

    Buffer overflow in the Field Device Tool (FDT) Frame application in the HART Device Type Manager (DTM) library, as used in MACTek Bullet DTM 1.00.0, GE Vector DTM 1.00.0, GE SVi1000 Positioner DTM 1.00.0, GE SVI II AP Positioner DTM 2.00.1, and GE 12400 Level Transmitter DTM…

  • CVE-2014-5419Jan 17, 2015
    risk 0.00cvss epss 0.02

    GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key across different customers' installations, which makes it easier for remote…

  • CVE-2014-5418Jan 17, 2015
    risk 0.00cvss epss 0.03

    GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier allow remote attackers to cause a denial of service (resource consumption or reboot) via crafted packets.

  • CVE-2014-2355Jan 17, 2015
    risk 0.00cvss epss 0.01

    The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file.

  • CVE-2014-0751Jan 25, 2014
    risk 0.00cvss epss 0.03

    The CIMPLICITY Web-based access component, CimWebServer, does not check the location of shell files being loaded into the system. By modifying the source location, an attacker could send shell code to the CimWebServer which would deploy the nefarious files as part of any…

  • CVE-2013-2823Nov 22, 2013
    risk 0.00cvss epss 0.01

    The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow physically proximate…

  • CVE-2013-2811Nov 22, 2013
    risk 0.00cvss epss 0.02

    The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow remote attackers to…

  • CVE-2013-2785Jul 31, 2013
    risk 0.00cvss epss 0.04

    Multiple buffer overflows in CimWebServer.exe in the WebView component in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.0 SIM 27, 8.1 before SIM 25, and 8.2 before SIM 19, and Proficy Process Systems with CIMPLICITY, allow remote attackers to execute arbitrary…

  • CVE-2013-0654Jan 27, 2013
    risk 0.00cvss epss 0.03

    CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary commands or cause a denial of service (daemon crash) via a crafted packet.

  • CVE-2013-0652Jan 27, 2013
    risk 0.00cvss epss 0.02

    GE Intelligent Platforms Proficy Real-Time Information Portal does not restrict access to methods of an unspecified Java class, which allows remote attackers to obtain a username listing via an RMI call.

  • CVE-2013-0651Jan 27, 2013
    risk 0.00cvss epss 0.01

    The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to read configuration files, and discover data-source credentials, via…

  • CVE-2012-4689Jan 17, 2013
    risk 0.00cvss epss 0.01

    Integer overflow in CimWebServer.exe in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to cause a denial of service (daemon crash) via a malformed HTTP request.

  • CVE-2012-3026Nov 1, 2012
    risk 0.00cvss epss 0.05

    rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a…

  • CVE-2012-3021Nov 1, 2012
    risk 0.00cvss epss 0.05

    rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a…

  • CVE-2012-3010Nov 1, 2012
    risk 0.00cvss epss 0.05

    rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a…

  • CVE-2012-0232Mar 15, 2012
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6, 3.0, 3.0 SP1, and 3.5 allows remote attackers to modify the configuration via crafted strings.

  • CVE-2012-0229Mar 15, 2012
    risk 0.00cvss epss 0.05

    The Data Archiver service in GE Intelligent Platforms Proficy Historian 4.5 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted session on TCP port 14000 to (1) ihDataArchiver.exe or (2)…

  • CVE-2011-3320Nov 2, 2011
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Web Administrator component in GE Intelligent Platforms Proficy Historian 4.x and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

  • CVE-2011-1919Nov 2, 2011
    risk 0.00cvss epss 0.05

    Multiple stack-based buffer overflows in GE Intelligent Platforms Proficy Applications before 4.4.1 SIM 101 and 5.x before 5.0 SIM 43 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted TCP message traffic to (1)…

  • CVE-2009-0216Feb 13, 2009
    risk 0.00cvss epss 0.03

    GE Fanuc iFIX 5.0 and earlier relies on client-side authentication involving a weakly encrypted local password file, which allows remote attackers to bypass intended access restrictions and start privileged server login sessions by recovering a password or by using a modified…

Page 2 of 2