Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ge vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2023-4487
GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local malicious user to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software.
Ge Cimplicity 2023
7.8
CVSSv3
CVE-2022-23921
Exploitation of this vulnerability may result in local privilege escalation and code execution. GE maintains exploitation of this vulnerability is only possible if the attacker has login access to a machine actively running CIMPLICITY, the CIMPLICITY server is not already running...
Ge Proficy Cimplicitiy
7.8
CVSSv3
CVE-2021-27448
A miscommunication in the file system allows adversaries with access to the MU320E to escalate privileges on the MU320E (all firmware versions prior to v04A00.1).
Ge Mu320e Firmware
NA
CVE-2008-0176
Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI SCADA system 7.0 prior to 7.0 SIM 9, and previous versions versions prior to 6.1 SP6 Hot fix - 010708_162517_6106, allow remote malicious users to execute arbitrary code via unknown vectors.
Ge Fanuc Cimplicity
1 Github repository
6.5
CVSSv3
CVE-2022-43494
An unauthorized user could be able to read any file on the system, potentially exposing sensitive information.
Ge Proficy Historian
NA
CVE-2015-6459
Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise prior to 3.1.5 allows remote malicious users to read or delete arbitrary files via a full pathname.
Ge Mds Pulsenet
7.8
CVSSv3
CVE-2020-36547
A vulnerability was found in GE Voluson S8. It has been rated as critical. This issue affects the Service Browser which itroduces hard-coded credentials. Attacking locally is a requirement. It is recommended to change the configuration settings.
Ge Voluson S8 Firmware -
7.8
CVSSv3
CVE-2020-36548
A vulnerability classified as problematic has been found in GE Voluson S8. Affected is the file /uscgi-bin/users.cgi of the Service Browser. The manipulation leads to improper authentication and elevated access possibilities. It is possible to launch the attack on the local host.
Ge Voluson S8 Firmware -
7.8
CVSSv3
CVE-2020-36549
A vulnerability classified as critical was found in GE Voluson S8. Affected is the underlying Windows XP operating system. Missing patches might introduce an excessive attack surface. Access to the local network is required for this attack to succeed.
Ge Voluson S8 Firmware -
8.8
CVSSv3
CVE-2021-27438
The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions before 02A04.1).
Ge Reason Dr60 Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »