Vulnerabilities > GE
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-23 | CVE-2021-27422 | Cleartext Transmission of Sensitive Information vulnerability in GE products GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. | 7.5 |
| 2022-03-23 | CVE-2021-27424 | Exposure of Resource to Wrong Sphere vulnerability in GE products GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. | 5.0 |
| 2022-03-23 | CVE-2021-27426 | Unspecified vulnerability in GE products GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user. | 7.5 |
| 2022-03-23 | CVE-2021-27428 | Unrestricted Upload of File with Dangerous Type vulnerability in GE products GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. | 7.5 |
| 2022-03-23 | CVE-2021-27430 | Use of Hard-coded Credentials vulnerability in GE UR Bootloader Binary 7.00/7.01/7.02 GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. | 4.6 |
| 2022-03-18 | CVE-2020-25193 | Use of Hard-coded Credentials vulnerability in GE Rt430 Firmware, Rt431 Firmware and Rt434 Firmware By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection. | 5.3 |
| 2022-03-18 | CVE-2020-25197 | Code Injection vulnerability in GE Rt430 Firmware, Rt431 Firmware and Rt434 Firmware A code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06 that could allow an authenticated remote attacker to execute arbitrary code on the system. | 9.0 |
| 2022-02-25 | CVE-2022-21798 | Cleartext Transmission of Sensitive Information vulnerability in GE Cimplicity The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the system. | 7.5 |
| 2022-02-25 | CVE-2022-23921 | Improper Privilege Management vulnerability in GE Proficy Cimplicitiy Exploitation of this vulnerability may result in local privilege escalation and code execution. | 3.7 |
| 2021-06-16 | CVE-2021-31477 | Use of Hard-coded Credentials vulnerability in GE Reason Rpv311 Firmware 14A03 This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. | 7.5 |