Vulnerabilities > GE

DATE CVE VULNERABILITY TITLE RISK
2022-06-17 CVE-2020-36547 Use of Hard-coded Credentials vulnerability in GE Voluson S8 Firmware
A vulnerability was found in GE Voluson S8.
local
low complexity
ge CWE-798
7.2
2022-06-17 CVE-2020-36548 Improper Authentication vulnerability in GE Voluson S8 Firmware
A vulnerability classified as problematic has been found in GE Voluson S8.
local
low complexity
ge CWE-287
7.2
2022-06-17 CVE-2020-36549 Unspecified vulnerability in GE Voluson S8 Firmware
A vulnerability classified as critical was found in GE Voluson S8.
local
low complexity
ge
7.2
2022-03-25 CVE-2021-44477 XXE vulnerability in GE Toolboxst
GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack.
network
low complexity
ge CWE-611
5.0
2022-03-23 CVE-2021-27418 Cross-site Scripting vulnerability in GE products
GE UR firmware versions prior to version 8.1x supports web interface with read-only access.
network
ge CWE-79
4.3
2022-03-23 CVE-2021-27420 Improper Input Validation vulnerability in GE products
GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests.
network
low complexity
ge CWE-20
5.0
2022-03-23 CVE-2021-27422 Information Exposure vulnerability in GE products
GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol.
network
low complexity
ge CWE-200
5.0
2022-03-23 CVE-2021-27424 Exposure of Resource to Wrong Sphere vulnerability in GE products
GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide.
network
low complexity
ge CWE-668
5.0
2022-03-23 CVE-2021-27426 Unspecified vulnerability in GE products
GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user.
network
low complexity
ge
7.5
2022-03-23 CVE-2021-27428 Unrestricted Upload of File with Dangerous Type vulnerability in GE products
GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup.
network
low complexity
ge CWE-434
7.5