Vulnerabilities > GE

DATE CVE VULNERABILITY TITLE RISK
2021-06-16 CVE-2021-31477 USE of Hard-Coded Credentials vulnerability in GE Reason Rpv311 Firmware 14A03
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03.
network
low complexity
ge CWE-798
7.5
2021-03-25 CVE-2021-27454 Improper Privilege Management vulnerability in GE Reason Dr60 Firmware
The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 (all firmware versions prior to 02A04.1).
local
low complexity
ge CWE-269
4.6
2021-03-25 CVE-2021-27452 USE of Hard-Coded Credentials vulnerability in GE Mu320E Firmware
The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to v04A00.1).
network
low complexity
ge CWE-798
critical
10.0
2021-03-25 CVE-2021-27450 Inadequate Encryption Strength vulnerability in GE Mu320E Firmware
SSH server configuration file does not implement some best practices.
local
low complexity
ge CWE-326
4.6
2021-03-25 CVE-2021-27448 Improper Privilege Management vulnerability in GE Mu320E Firmware
A miscommunication in the file system allows adversaries with access to the MU320E to escalate privileges on the MU320E (all firmware versions prior to v04A00.1).
local
low complexity
ge CWE-269
4.6
2021-03-25 CVE-2021-27440 USE of Hard-Coded Credentials vulnerability in GE Reason Dr60 Firmware
The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1).
network
low complexity
ge CWE-798
7.5
2021-03-25 CVE-2021-27438 Code Injection vulnerability in GE Reason Dr60 Firmware
The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1).
network
low complexity
ge CWE-94
6.5
2021-02-18 CVE-2019-18243 Incorrect Permission Assignment for Critical Resource vulnerability in GE Ifix
HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through the registry.
local
low complexity
ge CWE-732
2.1
2021-02-18 CVE-2019-18255 Incorrect Permission Assignment for Critical Resource vulnerability in GE Ifix
HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through section objects.
local
low complexity
ge CWE-732
2.1
2021-01-14 CVE-2020-27267 Out-Of-Bounds Write vulnerability in multiple products
KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow.
6.4