Vulnerabilities > GE
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-23 | CVE-2012-6663 | Insufficiently Protected Credentials vulnerability in GE D200 Firmware and D20Me Firmware General Electric D20ME devices are not properly configured and reveal plaintext passwords. | 5.0 |
| 2019-12-18 | CVE-2019-18267 | Cross-site Scripting vulnerability in GE S2020 Firmware and S2020G Firmware An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. | 3.5 |
| 2019-07-10 | CVE-2019-10966 | Improper Authentication vulnerability in GE products In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exists where serial devices are connected via an added unsecured terminal server to a TCP/IP network configuration, which could allow an attacker to remotely modify device configuration and silence alarms. | 5.0 |
| 2019-05-09 | CVE-2019-6566 | Unspecified vulnerability in GE Communicator 3.15 GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to replace the uninstaller with a malicious version, which could allow an attacker to gain administrator privileges to the system. | 7.2 |
| 2019-05-09 | CVE-2019-6564 | Uncontrolled Search Path Element vulnerability in GE Communicator 3.15 GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious files within the installer file directory, which may allow an attacker to gain administrative privileges on a system during installation or upgrade. | 7.8 |
| 2019-05-09 | CVE-2019-6548 | Use of Hard-coded Credentials vulnerability in GE Communicator 3.15 GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. | 9.8 |
| 2019-05-09 | CVE-2019-6546 | Uncontrolled Search Path Element vulnerability in GE Communicator 3.15 GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements. | 7.8 |
| 2019-05-09 | CVE-2019-6544 | Unspecified vulnerability in GE Communicator 3.15 GE Communicator, all versions prior to 4.0.517, has a service running with system privileges that may allow an unprivileged user to perform certain administrative actions, which may allow the execution of scheduled scripts with system administrator privileges. network ge | 6.8 |
| 2018-12-14 | CVE-2018-19003 | Path Traversal vulnerability in GE products GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to 05.02.04C, EX2100e All versions prior to v04.09.00C, EX2100e_Reg All versions prior to v04.09.00C, and LS2100e All versions prior to v04.09.00C The affected versions of the application have a path traversal vulnerability that fails to restrict the ability of an attacker to gain access to restricted information. | 5.0 |
| 2018-12-07 | CVE-2018-15362 | XXE vulnerability in GE Cimplicity 10.0/9.0R2/9.5 XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0 | 6.4 |