Vulnerabilities > GE

DATE CVE VULNERABILITY TITLE RISK
2023-03-16 CVE-2023-0598 Code Injection vulnerability in GE Ifix 2022/6.1/6.5
GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software.
network
low complexity
ge CWE-94
critical
9.8
2023-02-23 CVE-2023-0754 Integer Overflow or Wraparound vulnerability in multiple products
The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to crash the server and remotely execute arbitrary code.
network
low complexity
rockwellautomation ptc ge CWE-190
critical
9.8
2023-02-23 CVE-2023-0755 Improper Validation of Array Index vulnerability in multiple products
The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.
network
low complexity
ptc rockwellautomation ge CWE-129
critical
9.8
2023-01-18 CVE-2022-38469 Inadequate Encryption Strength vulnerability in GE Proficy Historian
An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords.
network
low complexity
ge CWE-326
7.5
2023-01-18 CVE-2022-43494 Improper Access Control vulnerability in GE Proficy Historian
An unauthorized user could be able to read any file on the system, potentially exposing sensitive information.
network
low complexity
ge CWE-284
6.5
2023-01-18 CVE-2022-46331 Improper Access Control vulnerability in GE Proficy Historian
An unauthorized user could possibly delete any file on the system.
network
low complexity
ge CWE-284
8.1
2023-01-18 CVE-2022-46660 Unrestricted Upload of File with Dangerous Type vulnerability in GE Proficy Historian
An unauthorized user could alter or write files with full control over the path and content of the file.
network
low complexity
ge CWE-434
6.5
2023-01-18 CVE-2022-46732 Authentication Bypass Using an Alternate Path or Channel vulnerability in GE Proficy Historian
Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status.
network
low complexity
ge CWE-288
critical
9.8
2023-01-17 CVE-2022-43975 Path Traversal vulnerability in GE MS 3000 Firmware
An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0.
network
low complexity
ge CWE-22
7.5
2023-01-17 CVE-2022-43976 Unspecified vulnerability in GE MS 3000 Firmware
An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0.
network
low complexity
ge
critical
9.8