Filtered by vendor Ge
Subscribe
Total
118 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-14004 | 1 Ge | 1 Gemnet License Server | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
GE GEMNet License server (EchoServer) all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. | |||||
CVE-2017-14002 | 1 Ge | 2 Infinia Hawkeye 4, Infinia Hawkeye 4 Firmware | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. | |||||
CVE-2017-14008 | 1 Ge | 1 Centricity Pacs Ra1000 | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
GE Centricity PACS RA1000, diagnostic image analysis, all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices. | |||||
CVE-2017-12732 | 1 Ge | 1 Intelligent Platforms Proficy Hmi\/scada Cimplicity | 2019-10-09 | 4.9 MEDIUM | 6.8 MEDIUM |
A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution. | |||||
CVE-2018-15362 | 1 Ge | 1 Cimplicity | 2019-02-06 | 6.4 MEDIUM | 9.1 CRITICAL |
XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0 | |||||
CVE-2016-0862 | 1 Ge | 5 Snmp\/web Adapter 1024746, Snmp\/web Adapter 1024747, Snmp\/web Adapter 1024748 and 2 more | 2018-10-17 | 4.0 MEDIUM | 6.5 MEDIUM |
General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors. | |||||
CVE-2012-0231 | 1 Ge | 1 Intelligent Platforms Proficy Plant Applications | 2018-01-10 | 10.0 HIGH | N/A |
PRLicenseMgr.exe in the Proficy Server License Manager in GE Intelligent Platforms Proficy Plant Applications 5.0 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TCP session on port 12401. | |||||
CVE-2012-0230 | 1 Ge | 1 Intelligent Platforms Proficy Plant Applications | 2018-01-10 | 10.0 HIGH | N/A |
PRRDS.exe in the Proficy Remote Data Service in GE Intelligent Platforms Proficy Plant Applications 5.0 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TCP session on port 12299. | |||||
CVE-2012-0229 | 1 Ge | 1 Intelligent Platforms Proficy Historian | 2018-01-03 | 10.0 HIGH | N/A |
The Data Archiver service in GE Intelligent Platforms Proficy Historian 4.5 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted session on TCP port 14000 to (1) ihDataArchiver.exe or (2) ihDataArchiver_x64.exe. | |||||
CVE-2016-0861 | 1 Ge | 1 Ups Snmp Web Adapter Firmware | 2017-09-09 | 9.0 HIGH | 8.8 HIGH |
General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands via unspecified vectors. | |||||
CVE-2015-3976 | 1 Ge | 14 Multilink Ml1200, Multilink Ml1200 Firmware, Multilink Ml1600 and 11 more | 2017-09-06 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier. | |||||
CVE-2016-5788 | 1 Ge | 4 Bently Nevada 3500\/22m Serial, Bently Nevada 3500\/22m Serial Firmware, Bently Nevada 3500\/22m Usb and 1 more | 2016-11-28 | 10.0 HIGH | 10.0 CRITICAL |
General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote attackers to obtain privileged access via unspecified vectors. | |||||
CVE-2015-6459 | 1 Ge | 1 Mds Pulsenet | 2015-09-23 | 10.0 HIGH | N/A |
Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname. | |||||
CVE-2015-6456 | 1 Ge | 1 Mds Pulsenet | 2015-09-23 | 9.0 HIGH | N/A |
GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 have hardcoded credentials for a support account, which allows remote attackers to obtain administrative access, and consequently execute arbitrary code, by leveraging knowledge of the password. | |||||
CVE-2014-5409 | 1 Ge | 1 Hydran M2 | 2015-03-16 | 5.0 MEDIUM | N/A |
The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values. | |||||
CVE-2014-9203 | 2 Ge, Mactek | 4 12400 Level Transmitter Device Type Manager, Svi Ii Ap Positioner Device Type Manager, Vector Device Type Manager and 1 more | 2015-02-09 | 5.0 MEDIUM | N/A |
Buffer overflow in the Field Device Tool (FDT) Frame application in the HART Device Type Manager (DTM) library, as used in MACTek Bullet DTM 1.00.0, GE Vector DTM 1.00.0, GE SVi1000 Positioner DTM 1.00.0, GE SVI II AP Positioner DTM 2.00.1, and GE 12400 Level Transmitter DTM 1.00.0, allows remote attackers to cause a denial of service (DTM outage) via crafted packets. | |||||
CVE-2014-5418 | 1 Ge | 14 Multilink Ml1200, Multilink Ml1200 Firmware, Multilink Ml1600 and 11 more | 2015-01-21 | 7.8 HIGH | N/A |
GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier allow remote attackers to cause a denial of service (resource consumption or reboot) via crafted packets. | |||||
CVE-2014-2355 | 1 Ge | 1 Intelligent Platforms Proficy Hmi\/scada Cimplicity | 2015-01-21 | 6.9 MEDIUM | N/A |
The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file. | |||||
CVE-2014-5419 | 1 Ge | 14 Multilink Ml1200, Multilink Ml1200 Firmware, Multilink Ml1600 and 11 more | 2015-01-21 | 5.0 MEDIUM | N/A |
GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key across different customers' installations, which makes it easier for remote attackers to obtain the cleartext content of network traffic by reading this key from a firmware image and then sniffing the network. | |||||
CVE-2014-0751 | 1 Ge | 3 Intelligent Platforms Proficy Hmi\%2fscada Cimplicity, Intelligent Platforms Proficy Hmi\/scada Cimplicity, Intelligent Platforms Proficy Process Systems With Cimplicity | 2014-02-20 | 7.5 HIGH | N/A |
Directory traversal vulnerability in CimWebServer.exe (aka the WebView component) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted message to TCP port 10212, aka ZDI-CAN-1623. |