Vulnerabilities > GE > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-01-14 CVE-2020-27263 Out-of-bounds Write vulnerability in multiple products
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow.
network
low complexity
ptc ge rockwellautomation softwaretoolbox CWE-787
critical
9.1
2020-06-02 CVE-2020-12017 Missing Authentication for Critical Function vulnerability in GE Rt430 Firmware, Rt431 Firmware and Rt434 Firmware
GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmware versions prior to 08A05.
network
low complexity
ge CWE-306
critical
9.8
2019-05-09 CVE-2019-6548 Use of Hard-coded Credentials vulnerability in GE Communicator 3.15
GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database.
network
low complexity
ge CWE-798
critical
9.8
2018-12-07 CVE-2018-15362 XXE vulnerability in GE Cimplicity 10.0/9.0R2/9.5
XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0
network
low complexity
ge CWE-611
critical
9.1
2018-06-04 CVE-2018-10611 Improper Authentication vulnerability in GE MDS Pulsenet
Java remote method invocation (RMI) input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to allow unauthenticated users to launch applications and support remote code execution through web services.
network
low complexity
ge CWE-287
critical
9.8
2018-03-20 CVE-2017-14008 Use of Hard-coded Credentials vulnerability in GE Centricity Pacs Ra1000
GE Centricity PACS RA1000, diagnostic image analysis, all current versions are affected these devices use default or hard-coded credentials.
network
low complexity
ge CWE-798
critical
9.8
2018-03-20 CVE-2017-14006 Use of Hard-coded Credentials vulnerability in GE Xeleris
GE Xeleris versions 1.0,1.1,2.1,3.0,3.1, medical imaging systems, all current versions are affected, these devices use default or hard-coded credentials.
network
low complexity
ge CWE-798
critical
9.8
2018-03-20 CVE-2017-14004 Use of Hard-coded Credentials vulnerability in GE Gemnet License Server
GE GEMNet License server (EchoServer) all current versions are affected these devices use default or hard-coded credentials.
network
low complexity
ge CWE-798
critical
9.8
2018-03-20 CVE-2017-14002 Use of Hard-coded Credentials vulnerability in GE Infinia Hawkeye 4 Firmware
GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current versions are affected these devices use default or hard-coded credentials.
network
low complexity
ge CWE-798
critical
9.8
2018-02-19 CVE-2018-5475 Out-of-bounds Write vulnerability in GE D60 Line Distance Relay Firmware 7.11
A Stack-based Buffer Overflow issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior.
network
low complexity
ge CWE-787
critical
9.8