Vulnerabilities > GE
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-10 | CVE-2018-17925 | Unspecified vulnerability in GE Ifix Multiple instances of this vulnerability (Unsafe ActiveX Control Marked Safe For Scripting) have been identified in the third-party ActiveX object provided to GE iFIX versions 2.0 - 5.8 by Gigasoft. local ge | 4.4 |
| 2018-10-02 | CVE-2017-7908 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A heap-based buffer overflow exists in the third-party product Gigasoft, v5 and prior, included in GE Communicator 3.15 and prior. | 6.8 |
| 2018-06-04 | CVE-2018-10615 | Path Traversal vulnerability in GE MDS Pulsenet Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior host platform. | 6.5 |
| 2018-06-04 | CVE-2018-10613 | XXE vulnerability in GE MDS Pulsenet Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior. | 5.0 |
| 2018-06-04 | CVE-2018-10611 | Improper Authentication vulnerability in GE MDS Pulsenet Java remote method invocation (RMI) input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to allow unauthenticated users to launch applications and support remote code execution through web services. | 7.5 |
| 2018-05-18 | CVE-2018-8867 | Improper Input Validation vulnerability in GE products In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystems RSTi-EP CPE 100 all versions, and PACSystems CPU320/CRU320 RXi all versions, the device does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable. | 7.8 |
| 2018-03-20 | CVE-2017-14008 | Use of Hard-coded Credentials vulnerability in GE Centricity Pacs Ra1000 GE Centricity PACS RA1000, diagnostic image analysis, all current versions are affected these devices use default or hard-coded credentials. | 7.5 |
| 2018-03-20 | CVE-2017-14006 | Use of Hard-coded Credentials vulnerability in GE Xeleris GE Xeleris versions 1.0,1.1,2.1,3.0,3.1, medical imaging systems, all current versions are affected, these devices use default or hard-coded credentials. | 7.5 |
| 2018-03-20 | CVE-2017-14004 | Use of Hard-coded Credentials vulnerability in GE Gemnet License Server GE GEMNet License server (EchoServer) all current versions are affected these devices use default or hard-coded credentials. | 7.5 |
| 2018-03-20 | CVE-2017-14002 | Use of Hard-coded Credentials vulnerability in GE Infinia Hawkeye 4 Firmware GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current versions are affected these devices use default or hard-coded credentials. | 10.0 |