Vulnerabilities > GE
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-23 | CVE-2021-27428 | Unrestricted Upload of File with Dangerous Type vulnerability in GE products GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. | 9.8 |
| 2022-03-23 | CVE-2021-27430 | Use of Hard-coded Credentials vulnerability in GE UR Bootloader Binary 7.00/7.01/7.02 GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. | 6.8 |
| 2022-03-18 | CVE-2020-25193 | Use of Hard-coded Credentials vulnerability in GE Rt430 Firmware, Rt431 Firmware and Rt434 Firmware By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection. | 5.3 |
| 2022-03-18 | CVE-2020-25197 | Code Injection vulnerability in GE Rt430 Firmware, Rt431 Firmware and Rt434 Firmware A code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06 that could allow an authenticated remote attacker to execute arbitrary code on the system. | 8.8 |
| 2022-02-25 | CVE-2022-21798 | Cleartext Transmission of Sensitive Information vulnerability in GE Cimplicity The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the system. | 9.8 |
| 2022-02-25 | CVE-2022-23921 | Improper Privilege Management vulnerability in GE Proficy Cimplicitiy 11.1 Exploitation of this vulnerability may result in local privilege escalation and code execution. | 7.8 |
| 2021-06-16 | CVE-2021-31477 | Unspecified vulnerability in GE Reason Rpv311 Firmware 14A03 This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. | 7.3 |
| 2021-03-25 | CVE-2021-27454 | Improper Privilege Management vulnerability in GE Reason Dr60 Firmware The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 (all firmware versions prior to 02A04.1). | 7.8 |
| 2021-03-25 | CVE-2021-27452 | Use of Hard-coded Credentials vulnerability in GE Mu320E Firmware The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to v04A00.1). | 7.8 |
| 2021-03-25 | CVE-2021-27450 | Unspecified vulnerability in GE Mu320E Firmware SSH server configuration file does not implement some best practices. | 7.8 |