Vulnerabilities > GE

DATE CVE VULNERABILITY TITLE RISK
2021-01-14 CVE-2020-27267 Out-Of-Bounds Write vulnerability in multiple products
KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow.
6.4
2021-01-14 CVE-2020-27265 Out-Of-Bounds Write vulnerability in multiple products
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow.
7.5
2021-01-14 CVE-2020-27263 Out-Of-Bounds Write vulnerability in multiple products
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow.
6.4
2020-10-20 CVE-2020-16246 Cross-Site Scripting vulnerability in GE S2020 Firmware and S2024 Firmware
The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client.
network
ge CWE-79
4.3
2020-09-25 CVE-2020-16242 Cross-Site Scripting vulnerability in GE S2020 Firmware and S2024 Firmware
The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts.
network
ge CWE-79
4.3
2020-09-23 CVE-2020-16244 USE of A One-Way Hash Without A Salt vulnerability in GE Asset Performance Management Classic 4.4
GE Digital APM Classic, Versions 4.4 and prior.
network
low complexity
ge CWE-759
4.0
2020-09-23 CVE-2020-16240 Authorization Bypass Through User-Controlled KEY vulnerability in GE Asset Performance Management Classic 4.4
GE Digital APM Classic, Versions 4.4 and prior.
network
low complexity
ge CWE-639
5.0
2020-06-02 CVE-2020-12017 Missing Authentication FOR Critical Function vulnerability in GE Rt430 Firmware, Rt431 Firmware and Rt434 Firmware
GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmware versions prior to 08A05.
network
low complexity
ge CWE-306
critical
9.0
2020-04-15 CVE-2020-6992 Improper Privilege Management vulnerability in GE Cimplicity
A local privilege escalation vulnerability has been identified in the GE Digital CIMPLICITY HMI/SCADA product v10.0 and prior.
local
low complexity
ge CWE-269
4.6
2020-04-07 CVE-2019-13559 USE of Hard-Coded Credentials vulnerability in GE Mark VIE Controll System
GE Mark VIe Controller is shipped with pre-configured hard-coded credentials that may allow root-user access to the controller.
local
low complexity
ge CWE-798
7.2