Vulnerabilities (CVE)

Filtered by vendor Ge Subscribe
Total 128 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-36548 1 Ge 2 Voluson S8, Voluson S8 Firmware 2024-11-21 7.2 HIGH 5.9 MEDIUM
A vulnerability classified as problematic has been found in GE Voluson S8. Affected is the file /uscgi-bin/users.cgi of the Service Browser. The manipulation leads to improper authentication and elevated access possibilities. It is possible to launch the attack on the local host.
CVE-2020-36547 1 Ge 2 Voluson S8, Voluson S8 Firmware 2024-11-21 7.2 HIGH 5.9 MEDIUM
A vulnerability was found in GE Voluson S8. It has been rated as critical. This issue affects the Service Browser which itroduces hard-coded credentials. Attacking locally is a requirement. It is recommended to change the configuration settings.
CVE-2020-27267 4 Ge, Ptc, Rockwellautomation and 1 more 7 Industrial Gateway Server, Kepware Kepserverex, Opc-aggregator and 4 more 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.
CVE-2020-27265 4 Ge, Ptc, Rockwellautomation and 1 more 7 Industrial Gateway Server, Kepware Kepserverex, Opc-aggregator and 4 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code.
CVE-2020-27263 4 Ge, Ptc, Rockwellautomation and 1 more 7 Industrial Gateway Server, Kepware Kepserverex, Opc-aggregator and 4 more 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.
CVE-2020-25197 1 Ge 6 Rt430, Rt430 Firmware, Rt431 and 3 more 2024-11-21 9.0 HIGH 9.8 CRITICAL
A code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06 that could allow an authenticated remote attacker to execute arbitrary code on the system.
CVE-2020-25193 1 Ge 6 Rt430, Rt430 Firmware, Rt431 and 3 more 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection.
CVE-2020-16246 1 Ge 4 S2020, S2020 Firmware, S2024 and 1 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client.
CVE-2020-16244 1 Ge 1 Asset Performance Management Classic 2024-11-21 4.0 MEDIUM 7.2 HIGH
GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for hash calculation of passwords, making it possible to decrypt passwords. This design flaw, along with the IDOR vulnerability, puts the entire platform at high risk because an authenticated user can retrieve all user account data and then retrieve the actual passwords.
CVE-2020-16242 1 Ge 4 S2020, S2020 Firmware, S2024 and 1 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts.
CVE-2020-16240 1 Ge 1 Asset Performance Management Classic 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference (IDOR) vulnerability allows user account data to be downloaded in JavaScript object notation (JSON) format by users who should not have access to such functionality. An attacker can download sensitive data related to user accounts without having the proper privileges.
CVE-2020-12017 1 Ge 6 Rt430, Rt430 Firmware, Rt431 and 3 more 2024-11-21 9.0 HIGH 9.8 CRITICAL
GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmware versions prior to 08A05. The device’s vulnerability in the web application could allow multiple unauthenticated attacks that could cause serious impact. The vulnerability may allow an unauthenticated attacker to execute arbitrary commands and send a request to a specific URL that could cause the device to become unresponsive. The unauthenticated attacker may change the password of the 'configuration' user account, allowing the attacker to modify the configuration of the device via the web interface using the new password. This vulnerability may also allow an unauthenticated attacker to bypass the authentication required to configure the device and reboot the system.
CVE-2019-6566 1 Ge 1 Ge Communicator 2024-11-21 7.2 HIGH 7.8 HIGH
GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to replace the uninstaller with a malicious version, which could allow an attacker to gain administrator privileges to the system.
CVE-2019-6564 1 Ge 1 Ge Communicator 2024-11-21 6.9 MEDIUM 7.8 HIGH
GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious files within the installer file directory, which may allow an attacker to gain administrative privileges on a system during installation or upgrade.
CVE-2019-6548 1 Ge 1 Ge Communicator 2024-11-21 6.8 MEDIUM 9.8 CRITICAL
GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user.
CVE-2019-6546 1 Ge 1 Ge Communicator 2024-11-21 6.8 MEDIUM 7.8 HIGH
GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements.
CVE-2019-6544 1 Ge 1 Ge Communicator 2024-11-21 6.8 MEDIUM 5.6 MEDIUM
GE Communicator, all versions prior to 4.0.517, has a service running with system privileges that may allow an unprivileged user to perform certain administrative actions, which may allow the execution of scheduled scripts with system administrator privileges. This service is inaccessible to attackers if Windows default firewall settings are used by the end user.
CVE-2019-18267 1 Ge 4 S2020, S2020 Firmware, S2020g and 1 more 2024-11-21 3.5 LOW 5.4 MEDIUM
An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a stored cross-site scripting vulnerability that may allow session hijacking, disclosure of sensitive data, cross-site request forgery (CSRF) attacks, and remote code execution.
CVE-2019-18255 1 Ge 1 Ifix 2024-11-21 2.1 LOW 5.5 MEDIUM
HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through section objects. This may allow privilege escalation.
CVE-2019-18243 1 Ge 1 Ifix 2024-11-21 2.1 LOW 5.5 MEDIUM
HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through the registry. This may allow privilege escalation.