Vulnerabilities > GE > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-07 | CVE-2022-2948 | Heap-based Buffer Overflow vulnerability in GE Cimplicity GE CIMPICITY versions 2022 and prior is vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code. | 7.8 |
| 2022-12-07 | CVE-2022-2952 | Access of Uninitialized Pointer vulnerability in GE Cimplicity GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. | 7.8 |
| 2022-06-17 | CVE-2020-36547 | Use of Hard-coded Credentials vulnerability in GE Voluson S8 Firmware A vulnerability was found in GE Voluson S8. | 7.8 |
| 2022-06-17 | CVE-2020-36548 | Improper Authentication vulnerability in GE Voluson S8 Firmware A vulnerability classified as problematic has been found in GE Voluson S8. | 7.8 |
| 2022-06-17 | CVE-2020-36549 | Unspecified vulnerability in GE Voluson S8 Firmware A vulnerability classified as critical was found in GE Voluson S8. | 7.8 |
| 2022-03-25 | CVE-2021-44477 | XXE vulnerability in GE Toolboxst 04.07.05C GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. | 7.5 |
| 2022-03-23 | CVE-2021-27422 | Cleartext Transmission of Sensitive Information vulnerability in GE products GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. | 7.5 |
| 2022-03-18 | CVE-2020-25197 | Code Injection vulnerability in GE Rt430 Firmware, Rt431 Firmware and Rt434 Firmware A code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06 that could allow an authenticated remote attacker to execute arbitrary code on the system. | 8.8 |
| 2022-02-25 | CVE-2022-23921 | Improper Privilege Management vulnerability in GE Proficy Cimplicitiy 11.1 Exploitation of this vulnerability may result in local privilege escalation and code execution. | 7.8 |
| 2021-06-16 | CVE-2021-31477 | Use of Hard-coded Credentials vulnerability in GE Reason Rpv311 Firmware 14A03 This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. | 7.3 |