Vulnerabilities > GE
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-25 | CVE-2022-37953 | Unspecified vulnerability in GE Workstationst An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST (<v07.09.15) and could allow an attacker to compromise a victim's browser/session. | 6.1 |
| 2022-06-17 | CVE-2020-36547 | Use of Hard-coded Credentials vulnerability in GE Voluson S8 Firmware A vulnerability was found in GE Voluson S8. | 7.8 |
| 2022-06-17 | CVE-2020-36548 | Improper Authentication vulnerability in GE Voluson S8 Firmware A vulnerability classified as problematic has been found in GE Voluson S8. | 7.8 |
| 2022-06-17 | CVE-2020-36549 | Unspecified vulnerability in GE Voluson S8 Firmware A vulnerability classified as critical was found in GE Voluson S8. | 7.8 |
| 2022-03-25 | CVE-2021-44477 | XXE vulnerability in GE Toolboxst 04.07.05C GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. | 7.5 |
| 2022-03-23 | CVE-2021-27418 | Cross-site Scripting vulnerability in GE products GE UR firmware versions prior to version 8.1x supports web interface with read-only access. | 6.1 |
| 2022-03-23 | CVE-2021-27420 | Improper Input Validation vulnerability in GE products GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. | 5.3 |
| 2022-03-23 | CVE-2021-27422 | Cleartext Transmission of Sensitive Information vulnerability in GE products GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. | 7.5 |
| 2022-03-23 | CVE-2021-27424 | Exposure of Resource to Wrong Sphere vulnerability in GE products GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. | 5.3 |
| 2022-03-23 | CVE-2021-27426 | Unspecified vulnerability in GE products GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user. | 9.8 |