Vulnerabilities > GE
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-26 | CVE-2022-24117 | Download of Code Without Integrity Check vulnerability in GE products Certain General Electric Renewable Energy products download firmware without an integrity check. | 9.8 |
| 2022-12-26 | CVE-2022-24118 | Resource Exhaustion vulnerability in GE products Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. | 9.1 |
| 2022-12-26 | CVE-2022-24119 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in GE products Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell. | 9.8 |
| 2022-12-26 | CVE-2022-24120 | Cleartext Storage of Sensitive Information vulnerability in GE products Certain General Electric Renewable Energy products store cleartext credentials in flash memory. | 4.6 |
| 2022-12-08 | CVE-2022-3084 | Unspecified vulnerability in GE Cimplicity GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary code. | 7.8 |
| 2022-12-08 | CVE-2022-3092 | Out-of-bounds Write vulnerability in GE Cimplicity GE CIMPICITY versions 2022 and prior is vulnerable to an out-of-bounds write, which could allow an attacker to execute arbitrary code. | 7.8 |
| 2022-12-07 | CVE-2022-2002 | Unspecified vulnerability in GE Cimplicity GE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. | 7.8 |
| 2022-12-07 | CVE-2022-2948 | Unspecified vulnerability in GE Cimplicity GE CIMPICITY versions 2022 and prior is vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code. | 7.8 |
| 2022-12-07 | CVE-2022-2952 | Unspecified vulnerability in GE Cimplicity GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. | 7.8 |
| 2022-08-25 | CVE-2022-37952 | Cross-site Scripting vulnerability in GE Workstationst A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST (<v07.09.15) could allow an attacker to compromise a victim's browser. | 6.1 |