Filtered by vendor Ge
Subscriptions
Total
128 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-2823 | 2 Catapultsoftware, Ge | 4 Catapult Dnp3 I\/o Driver, Intelligent Platforms Proficy Dnp3 I\/o Driver, Intelligent Platforms Proficy Hmi\/scada Cimplicity and 1 more | 2025-04-11 | N/A |
| The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line. | ||||
| CVE-2012-4689 | 1 Ge | 3 Intelligent Platforms Proficy Hmi\/scada Cimplicity, Intelligent Platforms Proficy Process Systems, Intelligent Platforms Proficy Process Systems With Cimplicity | 2025-04-11 | N/A |
| Integer overflow in CimWebServer.exe in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to cause a denial of service (daemon crash) via a malformed HTTP request. | ||||
| CVE-2012-0231 | 1 Ge | 1 Intelligent Platforms Proficy Plant Applications | 2025-04-11 | N/A |
| PRLicenseMgr.exe in the Proficy Server License Manager in GE Intelligent Platforms Proficy Plant Applications 5.0 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TCP session on port 12401. | ||||
| CVE-2008-0174 | 1 Ge | 1 Proficy Real-time Information Portal | 2025-04-09 | 9.8 Critical |
| GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges. | ||||
| CVE-2022-43975 | 1 Ge | 2 Ms 3000, Ms 3000 Firmware | 2025-04-07 | 7.5 High |
| An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. A vulnerability in the web server allows arbitrary files and configurations to be read via directory traversal over TCP port 8888. | ||||
| CVE-2022-43976 | 1 Ge | 2 Ms 3000, Ms 3000 Firmware | 2025-04-07 | 9.8 Critical |
| An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. Direct access to the API is possible on TCP port 8888 via programs located in the cgi-bin folder without any authentication. | ||||
| CVE-2022-43977 | 1 Ge | 2 Ms 3000, Ms 3000 Firmware | 2025-04-04 | 9.8 Critical |
| An issue was discovered on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. The debug port accessible via TCP (a qconn service) lacks access control. | ||||
| CVE-2022-2848 | 4 Ge, Ptc, Rockwellautomation and 1 more | 8 Industrial Gateway Server, Kepware Kepserverex, Opc-aggregator and 5 more | 2025-02-18 | 9.1 Critical |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16486. | ||||
| CVE-2022-2825 | 4 Ge, Ptc, Rockwellautomation and 1 more | 8 Industrial Gateway Server, Kepware Kepserverex, Opc-aggregator and 5 more | 2025-02-18 | 9.8 Critical |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-18411. | ||||
| CVE-2023-1552 | 1 Ge | 1 Toolboxst | 2025-02-06 | 6.4 Medium |
| ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a Toolbox user's context through the deserialization of an untrusted configuration file. Two CVSS scores have been provided to capture the differences between the two aforementioned attack vectors. Customers are advised to update to ToolboxST 7.10 which can be found in ControlST 7.10. If unable to update at this time customers should ensure they are following the guidance laid out in GE Gas Power's Secure Deployment Guide (GEH-6839). Customers should ensure they are not running ToolboxST as an Administrative user. | ||||
| CVE-2022-46732 | 1 Ge | 1 Proficy Historian | 2025-01-17 | 9.8 Critical |
| Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status. | ||||
| CVE-2022-46660 | 1 Ge | 1 Proficy Historian | 2025-01-16 | 7.5 High |
| An unauthorized user could alter or write files with full control over the path and content of the file. | ||||
| CVE-2022-43494 | 1 Ge | 1 Proficy Historian | 2025-01-16 | 7.5 High |
| An unauthorized user could be able to read any file on the system, potentially exposing sensitive information. | ||||
| CVE-2022-46331 | 1 Ge | 1 Proficy Historian | 2025-01-16 | 7.5 High |
| An unauthorized user could possibly delete any file on the system. | ||||
| CVE-2022-38469 | 1 Ge | 1 Proficy Historian | 2025-01-16 | 7.5 High |
| An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords. | ||||
| CVE-2023-0755 | 3 Ge, Ptc, Rockwellautomation | 9 Digital Industrial Gateway Server, Kepware Server, Kepware Serverex and 6 more | 2025-01-16 | 9.8 Critical |
| The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code. | ||||
| CVE-2023-0754 | 3 Ge, Ptc, Rockwellautomation | 9 Digital Industrial Gateway Server, Kepware Server, Kepware Serverex and 6 more | 2025-01-16 | 9.8 Critical |
| The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to crash the server and remotely execute arbitrary code. | ||||
| CVE-2023-0598 | 1 Ge | 1 Ifix | 2025-01-16 | 7.8 High |
| GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software. | ||||
| CVE-2023-4487 | 1 Ge | 1 Cimplicity | 2025-01-16 | 7.8 High |
| GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software. | ||||
| CVE-2023-0898 | 1 Ge | 1 Micom S1 Agile | 2025-01-16 | 5.3 Medium |
| General Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application. | ||||