Vendor CVEs
Ge
All CVEs
80 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-6977 | 0.00 | — | 0.00 | Feb 20, 2020 | A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access to the underlying operating system. Affected devices include… | |||
| CVE-2019-13524 | 0.00 | — | 0.02 | Jan 16, 2020 | GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a… | |||
| CVE-2019-18267 | 0.00 | — | 0.02 | Dec 18, 2019 | An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a… | |||
| CVE-2019-10966 | 0.00 | — | 0.01 | Jul 10, 2019 | In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exists where serial devices are connected via an added unsecured terminal server to a TCP/IP network configuration, which could allow an attacker to remotely modify device configuration and silence alarms. | |||
| CVE-2018-19003 | 0.00 | — | 0.03 | Dec 14, 2018 | GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to 05.02.04C, EX2100e All versions prior to v04.09.00C, EX2100e_Reg All versions prior to v04.09.00C, and LS2100e All versions prior to v04.09.00C The affected versions of the application have a path traversal… | |||
| CVE-2018-15362 | 0.00 | — | 0.03 | Dec 7, 2018 | XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0 | |||
| CVE-2018-17925 | 0.00 | — | 0.00 | Oct 10, 2018 | Multiple instances of this vulnerability (Unsafe ActiveX Control Marked Safe For Scripting) have been identified in the third-party ActiveX object provided to GE iFIX versions 2.0 - 5.8 by Gigasoft. Only the independent use of the Gigasoft charting package outside the iFIX… | |||
| CVE-2015-6459 | 0.00 | — | 0.03 | Sep 18, 2015 | Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname. | |||
| CVE-2015-6456 | 0.00 | — | 0.04 | Sep 18, 2015 | GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 have hardcoded credentials for a support account, which allows remote attackers to obtain administrative access, and consequently execute arbitrary code, by leveraging knowledge of the password. | |||
| CVE-2014-5409 | 0.00 | — | 0.03 | Mar 14, 2015 | The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values. | |||
| CVE-2014-9203 | 0.00 | — | 0.02 | Feb 7, 2015 | Buffer overflow in the Field Device Tool (FDT) Frame application in the HART Device Type Manager (DTM) library, as used in MACTek Bullet DTM 1.00.0, GE Vector DTM 1.00.0, GE SVi1000 Positioner DTM 1.00.0, GE SVI II AP Positioner DTM 2.00.1, and GE 12400 Level Transmitter DTM… | |||
| CVE-2014-5419 | 0.00 | — | 0.02 | Jan 17, 2015 | GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key across different customers' installations, which makes it easier for remote… | |||
| CVE-2014-5418 | 0.00 | — | 0.03 | Jan 17, 2015 | GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier allow remote attackers to cause a denial of service (resource consumption or reboot) via crafted packets. | |||
| CVE-2014-2355 | 0.00 | — | 0.01 | Jan 17, 2015 | The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file. | |||
| CVE-2014-0751 | 0.00 | — | 0.03 | Jan 25, 2014 | The CIMPLICITY Web-based access component, CimWebServer, does not check the location of shell files being loaded into the system. By modifying the source location, an attacker could send shell code to the CimWebServer which would deploy the nefarious files as part of any… | |||
| CVE-2013-2823 | 0.00 | — | 0.01 | Nov 22, 2013 | The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow physically proximate… | |||
| CVE-2013-2811 | 0.00 | — | 0.02 | Nov 22, 2013 | The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow remote attackers to… | |||
| CVE-2013-2785 | 0.00 | — | 0.04 | Jul 31, 2013 | Multiple buffer overflows in CimWebServer.exe in the WebView component in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.0 SIM 27, 8.1 before SIM 25, and 8.2 before SIM 19, and Proficy Process Systems with CIMPLICITY, allow remote attackers to execute arbitrary… | |||
| CVE-2013-0654 | 0.00 | — | 0.03 | Jan 27, 2013 | CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary commands or cause a denial of service (daemon crash) via a crafted packet. | |||
| CVE-2013-0652 | 0.00 | — | 0.02 | Jan 27, 2013 | GE Intelligent Platforms Proficy Real-Time Information Portal does not restrict access to methods of an unspecified Java class, which allows remote attackers to obtain a username listing via an RMI call. | |||
| CVE-2013-0651 | 0.00 | — | 0.01 | Jan 27, 2013 | The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to read configuration files, and discover data-source credentials, via… | |||
| CVE-2012-4689 | 0.00 | — | 0.01 | Jan 17, 2013 | Integer overflow in CimWebServer.exe in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to cause a denial of service (daemon crash) via a malformed HTTP request. | |||
| CVE-2012-3026 | 0.00 | — | 0.05 | Nov 1, 2012 | rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a… | |||
| CVE-2012-3021 | 0.00 | — | 0.05 | Nov 1, 2012 | rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a… | |||
| CVE-2012-3010 | 0.00 | — | 0.05 | Nov 1, 2012 | rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a… | |||
| CVE-2012-0232 | 0.00 | — | 0.02 | Mar 15, 2012 | Directory traversal vulnerability in rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6, 3.0, 3.0 SP1, and 3.5 allows remote attackers to modify the configuration via crafted strings. | |||
| CVE-2012-0229 | 0.00 | — | 0.05 | Mar 15, 2012 | The Data Archiver service in GE Intelligent Platforms Proficy Historian 4.5 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted session on TCP port 14000 to (1) ihDataArchiver.exe or (2)… | |||
| CVE-2011-3320 | 0.00 | — | 0.01 | Nov 2, 2011 | Cross-site scripting (XSS) vulnerability in the Web Administrator component in GE Intelligent Platforms Proficy Historian 4.x and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||
| CVE-2011-1919 | 0.00 | — | 0.05 | Nov 2, 2011 | Multiple stack-based buffer overflows in GE Intelligent Platforms Proficy Applications before 4.4.1 SIM 101 and 5.x before 5.0 SIM 43 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted TCP message traffic to (1)… | |||
| CVE-2009-0216 | 0.00 | — | 0.03 | Feb 13, 2009 | GE Fanuc iFIX 5.0 and earlier relies on client-side authentication involving a weakly encrypted local password file, which allows remote attackers to bypass intended access restrictions and start privileged server login sessions by recovering a password or by using a modified… |
- CVE-2020-6977Feb 20, 2020risk 0.00cvss —epss 0.00
A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access to the underlying operating system. Affected devices include…
- CVE-2019-13524Jan 16, 2020risk 0.00cvss —epss 0.02
GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a…
- CVE-2019-18267Dec 18, 2019risk 0.00cvss —epss 0.02
An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a…
- CVE-2019-10966Jul 10, 2019risk 0.00cvss —epss 0.01
In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exists where serial devices are connected via an added unsecured terminal server to a TCP/IP network configuration, which could allow an attacker to remotely modify device configuration and silence alarms.
- CVE-2018-19003Dec 14, 2018risk 0.00cvss —epss 0.03
GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to 05.02.04C, EX2100e All versions prior to v04.09.00C, EX2100e_Reg All versions prior to v04.09.00C, and LS2100e All versions prior to v04.09.00C The affected versions of the application have a path traversal…
- CVE-2018-15362Dec 7, 2018risk 0.00cvss —epss 0.03
XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0
- CVE-2018-17925Oct 10, 2018risk 0.00cvss —epss 0.00
Multiple instances of this vulnerability (Unsafe ActiveX Control Marked Safe For Scripting) have been identified in the third-party ActiveX object provided to GE iFIX versions 2.0 - 5.8 by Gigasoft. Only the independent use of the Gigasoft charting package outside the iFIX…
- CVE-2015-6459Sep 18, 2015risk 0.00cvss —epss 0.03
Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname.
- CVE-2015-6456Sep 18, 2015risk 0.00cvss —epss 0.04
GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 have hardcoded credentials for a support account, which allows remote attackers to obtain administrative access, and consequently execute arbitrary code, by leveraging knowledge of the password.
- CVE-2014-5409Mar 14, 2015risk 0.00cvss —epss 0.03
The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values.
- CVE-2014-9203Feb 7, 2015risk 0.00cvss —epss 0.02
Buffer overflow in the Field Device Tool (FDT) Frame application in the HART Device Type Manager (DTM) library, as used in MACTek Bullet DTM 1.00.0, GE Vector DTM 1.00.0, GE SVi1000 Positioner DTM 1.00.0, GE SVI II AP Positioner DTM 2.00.1, and GE 12400 Level Transmitter DTM…
- CVE-2014-5419Jan 17, 2015risk 0.00cvss —epss 0.02
GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key across different customers' installations, which makes it easier for remote…
- CVE-2014-5418Jan 17, 2015risk 0.00cvss —epss 0.03
GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier allow remote attackers to cause a denial of service (resource consumption or reboot) via crafted packets.
- CVE-2014-2355Jan 17, 2015risk 0.00cvss —epss 0.01
The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file.
- CVE-2014-0751Jan 25, 2014risk 0.00cvss —epss 0.03
The CIMPLICITY Web-based access component, CimWebServer, does not check the location of shell files being loaded into the system. By modifying the source location, an attacker could send shell code to the CimWebServer which would deploy the nefarious files as part of any…
- CVE-2013-2823Nov 22, 2013risk 0.00cvss —epss 0.01
The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow physically proximate…
- CVE-2013-2811Nov 22, 2013risk 0.00cvss —epss 0.02
The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow remote attackers to…
- CVE-2013-2785Jul 31, 2013risk 0.00cvss —epss 0.04
Multiple buffer overflows in CimWebServer.exe in the WebView component in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.0 SIM 27, 8.1 before SIM 25, and 8.2 before SIM 19, and Proficy Process Systems with CIMPLICITY, allow remote attackers to execute arbitrary…
- CVE-2013-0654Jan 27, 2013risk 0.00cvss —epss 0.03
CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary commands or cause a denial of service (daemon crash) via a crafted packet.
- CVE-2013-0652Jan 27, 2013risk 0.00cvss —epss 0.02
GE Intelligent Platforms Proficy Real-Time Information Portal does not restrict access to methods of an unspecified Java class, which allows remote attackers to obtain a username listing via an RMI call.
- CVE-2013-0651Jan 27, 2013risk 0.00cvss —epss 0.01
The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to read configuration files, and discover data-source credentials, via…
- CVE-2012-4689Jan 17, 2013risk 0.00cvss —epss 0.01
Integer overflow in CimWebServer.exe in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to cause a denial of service (daemon crash) via a malformed HTTP request.
- CVE-2012-3026Nov 1, 2012risk 0.00cvss —epss 0.05
rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a…
- CVE-2012-3021Nov 1, 2012risk 0.00cvss —epss 0.05
rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a…
- CVE-2012-3010Nov 1, 2012risk 0.00cvss —epss 0.05
rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a…
- CVE-2012-0232Mar 15, 2012risk 0.00cvss —epss 0.02
Directory traversal vulnerability in rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6, 3.0, 3.0 SP1, and 3.5 allows remote attackers to modify the configuration via crafted strings.
- CVE-2012-0229Mar 15, 2012risk 0.00cvss —epss 0.05
The Data Archiver service in GE Intelligent Platforms Proficy Historian 4.5 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted session on TCP port 14000 to (1) ihDataArchiver.exe or (2)…
- CVE-2011-3320Nov 2, 2011risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Web Administrator component in GE Intelligent Platforms Proficy Historian 4.x and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
- CVE-2011-1919Nov 2, 2011risk 0.00cvss —epss 0.05
Multiple stack-based buffer overflows in GE Intelligent Platforms Proficy Applications before 4.4.1 SIM 101 and 5.x before 5.0 SIM 43 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted TCP message traffic to (1)…
- CVE-2009-0216Feb 13, 2009risk 0.00cvss —epss 0.03
GE Fanuc iFIX 5.0 and earlier relies on client-side authentication involving a weakly encrypted local password file, which allows remote attackers to bypass intended access restrictions and start privileged server login sessions by recovering a password or by using a modified…
Page 2 of 2