Vulnerabilities > GE
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-11-22 | CVE-2013-2823 | Improper Input Validation vulnerability in multiple products The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line. | 4.7 |
| 2013-11-22 | CVE-2013-2811 | Improper Input Validation vulnerability in multiple products The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet. | 7.1 |
| 2013-07-31 | CVE-2013-2785 | Buffer Errors vulnerability in GE products Multiple buffer overflows in CimWebServer.exe in the WebView component in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.0 SIM 27, 8.1 before SIM 25, and 8.2 before SIM 19, and Proficy Process Systems with CIMPLICITY, allow remote attackers to execute arbitrary code via crafted data in packets to TCP port 10212, aka ZDI-CAN-1621 and ZDI-CAN-1624. | 9.3 |
| 2013-01-27 | CVE-2013-0654 | Improper Input Validation vulnerability in GE products CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary commands or cause a denial of service (daemon crash) via a crafted packet. | 9.3 |
| 2013-01-27 | CVE-2013-0653 | Path Traversal vulnerability in GE products Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to read arbitrary files via a crafted packet. | 4.3 |
| 2013-01-27 | CVE-2013-0652 | Permissions, Privileges, and Access Controls vulnerability in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6/3.0/3.5 GE Intelligent Platforms Proficy Real-Time Information Portal does not restrict access to methods of an unspecified Java class, which allows remote attackers to obtain a username listing via an RMI call. | 5.0 |
| 2013-01-27 | CVE-2013-0651 | Permissions, Privileges, and Access Controls vulnerability in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6/3.0/3.5 The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to read configuration files, and discover data-source credentials, via a direct request. | 5.0 |
| 2013-01-17 | CVE-2012-4689 | Numeric Errors vulnerability in GE products Integer overflow in CimWebServer.exe in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to cause a denial of service (daemon crash) via a malformed HTTP request. | 4.3 |
| 2012-11-01 | CVE-2012-3026 | Improper Input Validation vulnerability in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6/3.0/3.5 rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3010 and CVE-2012-3021. | 10.0 |
| 2012-11-01 | CVE-2012-3021 | Improper Input Validation vulnerability in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6/3.0/3.5 rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary code via long input data, a different vulnerability than CVE-2012-3010 and CVE-2012-3026. | 10.0 |