Vulnerabilities > GE

DATE CVE VULNERABILITY TITLE RISK
2018-02-19 CVE-2018-5475 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GE D60 Line Distance Relay Firmware
A Stack-based Buffer Overflow issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior.
network
low complexity
ge CWE-119
7.5
2018-02-19 CVE-2018-5473 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GE D60 Line Distance Relay Firmware 7.11
An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior.
network
low complexity
ge CWE-119
critical
10.0
2017-10-05 CVE-2017-12732 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GE Intelligent Platforms Proficy Hmi/Scada Cimplicity
A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior.
4.9
2017-08-28 CVE-2015-3976 Cross-site Scripting vulnerability in GE products
Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier.
network
ge CWE-79
3.5
2017-06-30 CVE-2017-7905 Use of Insufficiently Random Values vulnerability in GE products
A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions.
network
low complexity
ge CWE-330
5.0
2017-02-13 CVE-2016-9360 Insufficiently Protected Credentials vulnerability in GE Cimplicity
An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions.
local
ge CWE-522
4.4
2016-11-25 CVE-2016-5788 Improper Authorization vulnerability in GE products
General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote attackers to obtain privileged access via unspecified vectors.
network
low complexity
ge CWE-285
critical
10.0
2016-07-15 CVE-2016-5787 Exposure of Resource to Wrong Sphere vulnerability in GE Cimplicity
General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors.
local
low complexity
ge CWE-668
4.6
2016-06-09 CVE-2016-2310 Use of Hard-coded Credentials vulnerability in GE Multilink Firmware
General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface.
network
low complexity
ge CWE-798
critical
10.0
2016-02-05 CVE-2016-0862 Information Exposure vulnerability in GE Snmp/Web Adapter Firmware 4.7
General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors.
network
low complexity
ge CWE-200
4.0