Vulnerabilities > GE > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-25 | CVE-2021-27452 | Use of Hard-coded Credentials vulnerability in GE Mu320E Firmware The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to v04A00.1). | 7.8 |
| 2021-01-14 | CVE-2020-27265 | Out-of-bounds Write vulnerability in multiple products KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions are vulnerable to a stack-based buffer overflow. | 7.5 |
| 2020-04-07 | CVE-2019-13559 | Use of Hard-coded Credentials vulnerability in GE Mark VIE Controll System GE Mark VIe Controller is shipped with pre-configured hard-coded credentials that may allow root-user access to the controller. | 7.2 |
| 2020-02-20 | CVE-2020-6977 | Improper Input Validation vulnerability in GE products A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. | 7.2 |
| 2019-05-09 | CVE-2019-6566 | Unspecified vulnerability in GE Communicator 3.15 GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to replace the uninstaller with a malicious version, which could allow an attacker to gain administrator privileges to the system. | 7.2 |
| 2019-05-09 | CVE-2019-6564 | Uncontrolled Search Path Element vulnerability in GE Communicator 3.15 GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious files within the installer file directory, which may allow an attacker to gain administrative privileges on a system during installation or upgrade. | 7.8 |
| 2019-05-09 | CVE-2019-6546 | Uncontrolled Search Path Element vulnerability in GE Communicator 3.15 GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements. | 7.8 |
| 2018-06-04 | CVE-2018-10611 | Improper Authentication vulnerability in GE MDS Pulsenet Java remote method invocation (RMI) input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to allow unauthenticated users to launch applications and support remote code execution through web services. | 7.5 |
| 2018-05-18 | CVE-2018-8867 | Improper Input Validation vulnerability in GE products In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystems RSTi-EP CPE 100 all versions, and PACSystems CPU320/CRU320 RXi all versions, the device does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable. | 7.8 |
| 2018-03-20 | CVE-2017-14008 | Use of Hard-coded Credentials vulnerability in GE Centricity Pacs Ra1000 GE Centricity PACS RA1000, diagnostic image analysis, all current versions are affected these devices use default or hard-coded credentials. | 7.5 |