GE Security Vulnerabilities
Path traversal vulnerability in “getAllFolderContents” function of Common Service Desktop, a GE HealthCare ultrasound device...
7.7CVSS
7.2AI Score
Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound...
7.4CVSS
7.3AI Score
Path traversal vulnerability in “deleteFiles” function of Common Service Desktop, a GE HealthCare ultrasound device...
6.2CVSS
7.2AI Score
8.4CVSS
8AI Score
9.6CVSS
7.4AI Score
8.4CVSS
7.3AI Score
6.8CVSS
7.1AI Score
5.7CVSS
7.2AI Score
7.6CVSS
7.2AI Score
GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain...
9.8CVSS
7AI Score
0.011EPSS
KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to...
7.5CVSS
7.2AI Score
0.001EPSS
KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak...
9.1CVSS
7.6AI Score
0.001EPSS
A vulnerability classified as problematic has been found in GE Voluson S8. Affected is the file /uscgi-bin/users.cgi of the Service Browser. The manipulation leads to improper authentication and elevated access possibilities. It is possible to launch the attack on the local...
7.8CVSS
7.4AI Score
0.0004EPSS
GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary...
7.8CVSS
7.8AI Score
0.001EPSS
GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary...
7.8CVSS
7.8AI Score
0.001EPSS
GE CIMPICITY versions 2022 and prior is vulnerable to an out-of-bounds write, which could allow an attacker to execute arbitrary...
7.8CVSS
7.8AI Score
0.001EPSS
A vulnerability classified as critical was found in GE Voluson S8. Affected is the underlying Windows XP operating system. Missing patches might introduce an excessive attack surface. Access to the local network is required for this attack to...
7.8CVSS
7.3AI Score
0.0004EPSS
GE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary...
7.8CVSS
7.9AI Score
0.001EPSS
A vulnerability was found in GE Voluson S8. It has been rated as critical. This issue affects the Service Browser which itroduces hard-coded credentials. Attacking locally is a requirement. It is recommended to change the configuration...
7.8CVSS
7.3AI Score
0.0004EPSS
GE CIMPICITY versions 2022 and prior is vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary...
7.8CVSS
7.9AI Score
0.001EPSS
8.1CVSS
8.5AI Score
0.001EPSS
An unauthorized user could alter or write files with full control over the path and content of the...
6.5CVSS
7AI Score
0.001EPSS
GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI...
9.8CVSS
9.6AI Score
0.002EPSS
Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication...
9.8CVSS
9.5AI Score
0.002EPSS
An unauthorized user could be able to read any file on the system, potentially exposing sensitive...
6.5CVSS
6.8AI Score
0.001EPSS
An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and...
7.5CVSS
7.8AI Score
0.001EPSS
GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI...
7.8CVSS
7.8AI Score
0.0004EPSS
All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer...
9.8CVSS
9.7AI Score
0.001EPSS
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target...
9.1CVSS
9.1AI Score
0.001EPSS
The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to...
7.8CVSS
7.7AI Score
0.0004EPSS
ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a Toolbox user's context through the deserialization of an untrusted...
7.8CVSS
7.7AI Score
0.001EPSS
GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious files within the installer file directory, which may allow an attacker to gain administrative privileges on a system during installation or...
7.8CVSS
9.4AI Score
0.001EPSS
An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. A vulnerability in the web server allows arbitrary files and configurations to be read via directory traversal over TCP port...
7.5CVSS
7.5AI Score
0.001EPSS
An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. Direct access to the API is possible on TCP port 8888 via programs located in the cgi-bin folder without any...
9.8CVSS
9.3AI Score
0.002EPSS
An issue was discovered on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. The debug port accessible via TCP (a qconn service) lacks access...
9.8CVSS
9.4AI Score
0.002EPSS
Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before...
9.8CVSS
9.4AI Score
0.002EPSS
Certain General Electric Renewable Energy products have inadequate encryption strength. This affects iNET and iNET II before...
9.8CVSS
9.4AI Score
0.001EPSS
Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before...
9.1CVSS
9.2AI Score
0.001EPSS
Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell. This affects iNET and iNET II before...
9.8CVSS
9.4AI Score
0.002EPSS
Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before...
4.6CVSS
5.8AI Score
0.001EPSS
GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end...
9.8CVSS
9.2AI Score
0.002EPSS
GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI...
7.8CVSS
9.2AI Score
0.001EPSS
GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without...
7.5CVSS
8.5AI Score
0.002EPSS
By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS...
5.3CVSS
8.5AI Score
0.001EPSS
The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to...
9.8CVSS
9.6AI Score
0.002EPSS
An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST...
6.1CVSS
6.2AI Score
0.001EPSS
A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST...
6.1CVSS
5.9AI Score
0.001EPSS
GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. The vulnerability is triggered when...
7.5CVSS
7.7AI Score
0.002EPSS
GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory”...
9.8CVSS
9.4AI Score
0.002EPSS
GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the...
6.8CVSS
7.9AI Score
0.001EPSS