Vulnerabilities > GE > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-30 | CVE-2023-5909 | Improper Certificate Validation vulnerability in multiple products KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect. | 7.5 |
| 2023-11-07 | CVE-2023-0898 | Uncontrolled Search Path Element vulnerability in GE Micom S1 Agile General Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application. | 7.3 |
| 2023-09-05 | CVE-2023-4487 | Process Control vulnerability in GE Cimplicity 2023 GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software. | 7.8 |
| 2023-04-11 | CVE-2023-1552 | Deserialization of Untrusted Data vulnerability in GE Toolboxst 04.07.05C/07.09.07C ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. | 7.8 |
| 2023-01-18 | CVE-2022-38469 | Insufficiently Protected Credentials vulnerability in GE Proficy Historian An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords. | 7.5 |
| 2023-01-18 | CVE-2022-46331 | Unspecified vulnerability in GE Proficy Historian An unauthorized user could possibly delete any file on the system. | 8.1 |
| 2023-01-17 | CVE-2022-43975 | Path Traversal vulnerability in GE MS 3000 Firmware An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. | 7.5 |
| 2022-12-08 | CVE-2022-3084 | Access of Uninitialized Pointer vulnerability in GE Cimplicity GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary code. | 7.8 |
| 2022-12-08 | CVE-2022-3092 | Out-of-bounds Write vulnerability in GE Cimplicity GE CIMPICITY versions 2022 and prior is vulnerable to an out-of-bounds write, which could allow an attacker to execute arbitrary code. | 7.8 |
| 2022-12-07 | CVE-2022-2002 | Untrusted Pointer Dereference vulnerability in GE Cimplicity GE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. | 7.8 |