Vulnerabilities > GE > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-25 | CVE-2021-27454 | Improper Privilege Management vulnerability in GE Reason Dr60 Firmware The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 (all firmware versions prior to 02A04.1). | 7.8 |
| 2021-03-25 | CVE-2021-27452 | Use of Hard-coded Credentials vulnerability in GE Mu320E Firmware The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to v04A00.1). | 7.8 |
| 2021-03-25 | CVE-2021-27450 | Inadequate Encryption Strength vulnerability in GE Mu320E Firmware SSH server configuration file does not implement some best practices. | 7.8 |
| 2021-03-25 | CVE-2021-27448 | Improper Privilege Management vulnerability in GE Mu320E Firmware A miscommunication in the file system allows adversaries with access to the MU320E to escalate privileges on the MU320E (all firmware versions prior to v04A00.1). | 7.8 |
| 2021-03-25 | CVE-2021-27438 | Use of Hard-coded Credentials vulnerability in GE Reason Dr60 Firmware The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1). | 8.8 |
| 2020-09-23 | CVE-2020-16244 | Unspecified vulnerability in GE Asset Performance Management Classic 4.4 GE Digital APM Classic, Versions 4.4 and prior. | 7.2 |
| 2020-04-07 | CVE-2019-13559 | Use of Hard-coded Credentials vulnerability in GE Mark VIE Controll System GE Mark VIe Controller is shipped with pre-configured hard-coded credentials that may allow root-user access to the controller. | 7.8 |
| 2020-04-07 | CVE-2019-13554 | Unspecified vulnerability in GE Mark VIE Control System GE Mark VIe Controller has an unsecured Telnet protocol that may allow a user to create an authenticated session using generic default credentials. | 8.8 |
| 2020-01-23 | CVE-2012-6663 | Insufficiently Protected Credentials vulnerability in GE D200 Firmware and D20Me Firmware General Electric D20ME devices are not properly configured and reveal plaintext passwords. | 7.5 |
| 2019-05-09 | CVE-2019-6566 | Unspecified vulnerability in GE Communicator 3.15 GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to replace the uninstaller with a malicious version, which could allow an attacker to gain administrator privileges to the system. | 7.8 |