2 matches found
CVE-2023-1552
Summary: CVE-2023-1552 concerns GE Gas Power ToolBoxST before 7.10, with a deserialization vulnerability that lets an attacker execute code in a Toolbox user’s context by deserializing an untrusted configuration file. Affected software: ToolboxST versions prior to 7.10 (ToolboxST is a control-sys...
CVE-2021-44477
CVE-2021-44477 affects GE Gas Power ToolBoxST OS running versions prior to 07.09.07C. It is an XML External Entity (XXE) vulnerability in the XML parser when processing project/template XML, using DTD parameter entities, potentially allowing disclosure of arbitrary data on the affected node via a...