Vulnerabilities > GE > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-11-30 CVE-2023-5908 Classic Buffer Overflow vulnerability in multiple products
KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.
network
low complexity
ptc softwaretoolbox ge rockwellautomation CWE-120
critical
9.1
2023-07-19 CVE-2023-3463 Out-of-bounds Write vulnerability in GE Cimplicity
All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer overflows, uninitialized pointers, and a heap-based buffer overflow.
network
low complexity
ge CWE-787
critical
9.8
2023-03-29 CVE-2022-2825 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0.
network
low complexity
ptc softwaretoolbox rockwellautomation ge
critical
9.8
2023-03-29 CVE-2022-2848 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0.
network
low complexity
ptc softwaretoolbox rockwellautomation ge
critical
9.1
2023-03-16 CVE-2023-0598 Unspecified vulnerability in GE Ifix 2022/6.1/6.5
GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software.
network
low complexity
ge
critical
9.8
2023-02-23 CVE-2023-0754 The affected products are vulnerable to an integer overflow or wraparound, which could  allow an attacker to crash the server and remotely execute arbitrary code.
network
low complexity
rockwellautomation ptc ge
critical
9.8
2023-02-23 CVE-2023-0755 The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.
network
low complexity
ptc rockwellautomation ge
critical
9.8
2023-01-18 CVE-2022-46732 Unspecified vulnerability in GE Proficy Historian
Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status.
network
low complexity
ge
critical
9.8
2023-01-17 CVE-2022-43976 Unspecified vulnerability in GE MS 3000 Firmware
An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0.
network
low complexity
ge
critical
9.8
2023-01-17 CVE-2022-43977 Unspecified vulnerability in GE MS 3000 Firmware
An issue was discovered on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0.
network
low complexity
ge
critical
9.8