Vulnerabilities > GE
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-14 | CVE-2020-27263 | Out-of-bounds Write vulnerability in multiple products KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. | 6.4 |
| 2020-10-20 | CVE-2020-16246 | Cross-site Scripting vulnerability in GE S2020 Firmware and S2024 Firmware The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client. | 4.3 |
| 2020-09-25 | CVE-2020-16242 | Cross-site Scripting vulnerability in GE S2020 Firmware and S2024 Firmware The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts. | 6.1 |
| 2020-09-23 | CVE-2020-16244 | Unspecified vulnerability in GE Asset Performance Management Classic 4.4 GE Digital APM Classic, Versions 4.4 and prior. | 4.0 |
| 2020-09-23 | CVE-2020-16240 | Authorization Bypass Through User-Controlled Key vulnerability in GE Asset Performance Management Classic 4.4 GE Digital APM Classic, Versions 4.4 and prior. | 5.0 |
| 2020-06-02 | CVE-2020-12017 | Missing Authentication for Critical Function vulnerability in GE Rt430 Firmware, Rt431 Firmware and Rt434 Firmware GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmware versions prior to 08A05. | 9.0 |
| 2020-04-15 | CVE-2020-6992 | Improper Privilege Management vulnerability in GE Cimplicity A local privilege escalation vulnerability has been identified in the GE Digital CIMPLICITY HMI/SCADA product v10.0 and prior. | 4.6 |
| 2020-04-07 | CVE-2019-13559 | Use of Hard-coded Credentials vulnerability in GE Mark VIE Controll System GE Mark VIe Controller is shipped with pre-configured hard-coded credentials that may allow root-user access to the controller. | 7.2 |
| 2020-04-07 | CVE-2019-13554 | Incorrect Authorization vulnerability in GE Mark VIE Control System GE Mark VIe Controller has an unsecured Telnet protocol that may allow a user to create an authenticated session using generic default credentials. | 6.5 |
| 2020-02-20 | CVE-2020-6977 | Improper Input Validation vulnerability in GE products A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. | 7.2 |