Vulnerabilities > GE > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-26 | CVE-2022-24116 | Inadequate Encryption Strength vulnerability in GE products Certain General Electric Renewable Energy products have inadequate encryption strength. | 9.8 |
| 2022-12-26 | CVE-2022-24117 | Download of Code Without Integrity Check vulnerability in GE products Certain General Electric Renewable Energy products download firmware without an integrity check. | 9.8 |
| 2022-12-26 | CVE-2022-24118 | Resource Exhaustion vulnerability in GE products Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. | 9.1 |
| 2022-12-26 | CVE-2022-24119 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in GE products Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell. | 9.8 |
| 2022-03-23 | CVE-2021-27426 | Unspecified vulnerability in GE products GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user. | 9.8 |
| 2022-03-23 | CVE-2021-27428 | Unrestricted Upload of File with Dangerous Type vulnerability in GE products GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. | 9.8 |
| 2022-02-25 | CVE-2022-21798 | Cleartext Transmission of Sensitive Information vulnerability in GE Cimplicity The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the system. | 9.8 |
| 2021-03-25 | CVE-2021-27440 | Use of Hard-coded Credentials vulnerability in GE Reason Dr60 Firmware The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1). | 9.8 |
| 2021-01-14 | CVE-2020-27267 | Out-of-bounds Write vulnerability in multiple products KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. | 9.1 |
| 2021-01-14 | CVE-2020-27265 | Out-of-bounds Write vulnerability in multiple products KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. | 9.8 |