Vulnerabilities > GE > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-09 | CVE-2019-6564 | Uncontrolled Search Path Element vulnerability in GE Communicator 3.15 GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious files within the installer file directory, which may allow an attacker to gain administrative privileges on a system during installation or upgrade. | 7.8 |
| 2019-05-09 | CVE-2019-6546 | Uncontrolled Search Path Element vulnerability in GE Communicator 3.15 GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements. | 7.8 |
| 2018-12-14 | CVE-2018-19003 | Path Traversal vulnerability in GE products GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to 05.02.04C, EX2100e All versions prior to v04.09.00C, EX2100e_Reg All versions prior to v04.09.00C, and LS2100e All versions prior to v04.09.00C The affected versions of the application have a path traversal vulnerability that fails to restrict the ability of an attacker to gain access to restricted information. | 7.5 |
| 2018-10-02 | CVE-2017-7908 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A heap-based buffer overflow exists in the third-party product Gigasoft, v5 and prior, included in GE Communicator 3.15 and prior. | 7.6 |
| 2018-06-04 | CVE-2018-10615 | Path Traversal vulnerability in GE MDS Pulsenet Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior host platform. | 8.1 |
| 2018-06-04 | CVE-2018-10613 | XXE vulnerability in GE MDS Pulsenet Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior. | 7.5 |
| 2018-05-18 | CVE-2018-8867 | Improper Input Validation vulnerability in GE products In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystems RSTi-EP CPE 100 all versions, and PACSystems CPU320/CRU320 RXi all versions, the device does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable. | 7.5 |
| 2016-02-05 | CVE-2016-0861 | Command Injection vulnerability in GE UPS Snmp web Adapter Firmware General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands via unspecified vectors. | 8.8 |