Vulnerabilities > GE
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-30 | CVE-2023-5908 | Classic Buffer Overflow vulnerability in multiple products KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information. | 9.1 |
| 2023-11-30 | CVE-2023-5909 | Improper Certificate Validation vulnerability in multiple products KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect. | 7.5 |
| 2023-11-07 | CVE-2023-0898 | Uncontrolled Search Path Element vulnerability in GE Micom S1 Agile General Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application. | 7.3 |
| 2023-09-05 | CVE-2023-4487 | Process Control vulnerability in GE Cimplicity 2023 GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software. | 7.8 |
| 2023-07-19 | CVE-2023-3463 | Out-of-bounds Write vulnerability in GE Cimplicity All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer overflows, uninitialized pointers, and a heap-based buffer overflow. | 9.8 |
| 2023-04-11 | CVE-2023-1552 | Deserialization of Untrusted Data vulnerability in GE Toolboxst 04.07.05C/07.09.07C ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. | 7.8 |
| 2023-03-29 | CVE-2022-2825 | Stack-based Buffer Overflow vulnerability in multiple products This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. | 9.8 |
| 2023-03-29 | CVE-2022-2848 | Heap-based Buffer Overflow vulnerability in multiple products This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. | 9.1 |
| 2023-03-16 | CVE-2023-0598 | Code Injection vulnerability in GE Ifix 2022/6.1/6.5 GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software. | 9.8 |
| 2023-02-23 | CVE-2023-0754 | Integer Overflow or Wraparound vulnerability in multiple products The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to crash the server and remotely execute arbitrary code. | 9.8 |