Vulnerabilities > GE > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-02-19 CVE-2018-5473 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GE D60 Line Distance Relay Firmware 7.11
An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior.
network
low complexity
ge CWE-119
critical
9.8
2017-06-30 CVE-2017-7905 Insufficiently Protected Credentials vulnerability in GE products
A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions.
network
low complexity
ge CWE-522
critical
9.8
2016-11-25 CVE-2016-5788 Improper Authorization vulnerability in GE products
General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote attackers to obtain privileged access via unspecified vectors.
network
low complexity
ge CWE-285
critical
10.0
2016-06-09 CVE-2016-2310 Use of Hard-coded Credentials vulnerability in GE Multilink Firmware 5.4.1/5.5.0
General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface.
network
low complexity
ge CWE-798
critical
9.8
2008-01-29 CVE-2008-0174 Cleartext Storage of Sensitive Information vulnerability in GE Proficy Real-Time Information Portal 2.6
GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges.
network
low complexity
ge CWE-312
critical
9.8