Vulnerabilities > GE > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-18 | CVE-2022-43494 | Unspecified vulnerability in GE Proficy Historian An unauthorized user could be able to read any file on the system, potentially exposing sensitive information. | 6.5 |
| 2023-01-18 | CVE-2022-46660 | Unrestricted Upload of File with Dangerous Type vulnerability in GE Proficy Historian An unauthorized user could alter or write files with full control over the path and content of the file. | 6.5 |
| 2022-03-25 | CVE-2021-44477 | XXE vulnerability in GE Toolboxst GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. | 5.0 |
| 2022-03-23 | CVE-2021-27418 | Cross-site Scripting vulnerability in GE products GE UR firmware versions prior to version 8.1x supports web interface with read-only access. | 4.3 |
| 2022-03-23 | CVE-2021-27420 | Improper Input Validation vulnerability in GE products GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. | 5.0 |
| 2022-03-23 | CVE-2021-27424 | Exposure of Resource to Wrong Sphere vulnerability in GE products GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. | 5.0 |
| 2022-03-23 | CVE-2021-27430 | Use of Hard-coded Credentials vulnerability in GE UR Bootloader Binary 7.00/7.01/7.02 GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. | 4.6 |
| 2022-03-18 | CVE-2020-25193 | Use of Hard-coded Credentials vulnerability in GE Rt430 Firmware, Rt431 Firmware and Rt434 Firmware By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection. | 5.3 |
| 2021-03-25 | CVE-2021-27454 | Improper Privilege Management vulnerability in GE Reason Dr60 Firmware The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 (all firmware versions prior to 02A04.1). | 4.6 |
| 2021-03-25 | CVE-2021-27450 | Inadequate Encryption Strength vulnerability in GE Mu320E Firmware SSH server configuration file does not implement some best practices. | 4.6 |