Filtered by vendor Ge
Subscriptions
Total
128 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-3463 | 1 Ge | 1 Cimplicity | 2024-10-21 | 6.6 Medium |
All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer overflows, uninitialized pointers, and a heap-based buffer overflow. Successful exploitation could allow an attacker to execute arbitrary code. | ||||
CVE-2022-23921 | 1 Ge | 1 Proficy Cimplicitiy | 2024-09-17 | 7.5 High |
Exploitation of this vulnerability may result in local privilege escalation and code execution. GE maintains exploitation of this vulnerability is only possible if the attacker has login access to a machine actively running CIMPLICITY, the CIMPLICITY server is not already running a project, and the server is licensed for multiple projects. | ||||
CVE-2013-0652 | 1 Ge | 1 Intelligent Platforms Proficy Real-time Information Portal | 2024-09-17 | N/A |
GE Intelligent Platforms Proficy Real-Time Information Portal does not restrict access to methods of an unspecified Java class, which allows remote attackers to obtain a username listing via an RMI call. | ||||
CVE-2017-7908 | 2 Ge, Gigasoft | 2 Ge Communicator, Proessentials | 2024-09-17 | N/A |
A heap-based buffer overflow exists in the third-party product Gigasoft, v5 and prior, included in GE Communicator 3.15 and prior. A malicious HTML file that loads the ActiveX controls can trigger the vulnerability via unchecked function calls. | ||||
CVE-2017-14002 | 1 Ge | 2 Infinia Hawkeye 4, Infinia Hawkeye 4 Firmware | 2024-09-17 | N/A |
GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. | ||||
CVE-2022-37952 | 1 Ge | 1 Workstationst | 2024-09-17 | 4.7 Medium |
A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST (<v07.09.15) could allow an attacker to compromise a victim's browser. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater. | ||||
CVE-2020-16246 | 1 Ge | 4 S2020, S2020 Firmware, S2024 and 1 more | 2024-09-17 | 6.1 Medium |
The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client. | ||||
CVE-2020-16242 | 1 Ge | 4 S2020, S2020 Firmware, S2024 and 1 more | 2024-09-17 | 6.1 Medium |
The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts. | ||||
CVE-2021-44477 | 1 Ge | 1 Toolboxst | 2024-09-17 | 7.5 High |
GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. The vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project/template file. | ||||
CVE-2018-10615 | 1 Ge | 1 Mds Pulsenet | 2024-09-16 | N/A |
Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior host platform. | ||||
CVE-2018-17925 | 1 Ge | 1 Ifix | 2024-09-16 | N/A |
Multiple instances of this vulnerability (Unsafe ActiveX Control Marked Safe For Scripting) have been identified in the third-party ActiveX object provided to GE iFIX versions 2.0 - 5.8 by Gigasoft. Only the independent use of the Gigasoft charting package outside the iFIX product may expose users to the reported vulnerability. The reported method shown to impact Internet Explorer is not exposed in the iFIX product, nor is the core functionality of the iFIX product known to be impacted. | ||||
CVE-2017-14006 | 1 Ge | 1 Xeleris | 2024-09-16 | N/A |
GE Xeleris versions 1.0,1.1,2.1,3.0,3.1, medical imaging systems, all current versions are affected, these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. | ||||
CVE-2013-2785 | 1 Ge | 2 Intelligent Platforms Proficy Hmi\/scada Cimplicity, Intelligent Platforms Proficy Process Systems With Cimplicity | 2024-09-16 | N/A |
Multiple buffer overflows in CimWebServer.exe in the WebView component in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.0 SIM 27, 8.1 before SIM 25, and 8.2 before SIM 19, and Proficy Process Systems with CIMPLICITY, allow remote attackers to execute arbitrary code via crafted data in packets to TCP port 10212, aka ZDI-CAN-1621 and ZDI-CAN-1624. | ||||
CVE-2011-3320 | 1 Ge | 1 Intelligent Platforms Proficy Historian | 2024-09-16 | N/A |
Cross-site scripting (XSS) vulnerability in the Web Administrator component in GE Intelligent Platforms Proficy Historian 4.x and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||||
CVE-2012-2516 | 1 Ge | 5 Intelligent Platforms Proficy Batch Execution, Intelligent Platforms Proficy Historian, Intelligent Platforms Proficy Hmi\/scada Ifix and 2 more | 2024-09-16 | N/A |
An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component), as used in GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; Proficy HMI/SCADA iFIX 5.0 and 5.1; Proficy Pulse 1.0; Proficy Batch Execution 5.6; SI7 I/O Driver 7.20 through 7.42; and other products, allows remote attackers to execute arbitrary commands via crafted input, related to a "command injection vulnerability." | ||||
CVE-2022-21798 | 1 Ge | 1 Cimplicity | 2024-09-16 | 7.5 High |
The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the system. | ||||
CVE-2013-0654 | 1 Ge | 3 Intelligent Platforms Proficy Hmi\/scada Cimplicity, Intelligent Platforms Proficy Process Systems, Intelligent Platforms Proficy Process Systems With Cimplicity | 2024-09-16 | N/A |
CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary commands or cause a denial of service (daemon crash) via a crafted packet. | ||||
CVE-2018-8867 | 1 Ge | 16 Pacsystems Cpu320, Pacsystems Cpu320 Firmware, Pacsystems Cru320 and 13 more | 2024-09-16 | N/A |
In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystems RSTi-EP CPE 100 all versions, and PACSystems CPU320/CRU320 RXi all versions, the device does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable. | ||||
CVE-2018-10611 | 1 Ge | 1 Mds Pulsenet | 2024-09-16 | N/A |
Java remote method invocation (RMI) input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to allow unauthenticated users to launch applications and support remote code execution through web services. | ||||
CVE-2013-0651 | 1 Ge | 1 Intelligent Platforms Proficy Real-time Information Portal | 2024-09-16 | N/A |
The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to read configuration files, and discover data-source credentials, via a direct request. |