Vulnerabilities > GE
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-16 | CVE-2023-0598 | Code Injection vulnerability in GE Ifix 2022/6.1/6.5 GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software. | 9.8 |
| 2023-02-23 | CVE-2023-0754 | Integer Overflow or Wraparound vulnerability in multiple products The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to crash the server and remotely execute arbitrary code. | 9.8 |
| 2023-02-23 | CVE-2023-0755 | Improper Validation of Array Index vulnerability in multiple products The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code. | 9.8 |
| 2023-01-18 | CVE-2022-38469 | Inadequate Encryption Strength vulnerability in GE Proficy Historian An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords. | 7.5 |
| 2023-01-18 | CVE-2022-43494 | Improper Access Control vulnerability in GE Proficy Historian An unauthorized user could be able to read any file on the system, potentially exposing sensitive information. | 6.5 |
| 2023-01-18 | CVE-2022-46331 | Improper Access Control vulnerability in GE Proficy Historian An unauthorized user could possibly delete any file on the system. | 8.1 |
| 2023-01-18 | CVE-2022-46660 | Unrestricted Upload of File with Dangerous Type vulnerability in GE Proficy Historian An unauthorized user could alter or write files with full control over the path and content of the file. | 6.5 |
| 2023-01-18 | CVE-2022-46732 | Authentication Bypass Using an Alternate Path or Channel vulnerability in GE Proficy Historian Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status. | 9.8 |
| 2023-01-17 | CVE-2022-43975 | Path Traversal vulnerability in GE MS 3000 Firmware An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. | 7.5 |
| 2023-01-17 | CVE-2022-43976 | Unspecified vulnerability in GE MS 3000 Firmware An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. | 9.8 |