Vulnerabilities > GE > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-02-18 | CVE-2019-18243 | Incorrect Permission Assignment for Critical Resource vulnerability in GE Ifix HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through the registry. | 5.5 |
2021-02-18 | CVE-2019-18255 | Incorrect Permission Assignment for Critical Resource vulnerability in GE Ifix HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through section objects. | 5.5 |
2020-10-20 | CVE-2020-16246 | Unspecified vulnerability in GE S2020 Firmware and S2024 Firmware The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client. | 6.1 |
2020-09-25 | CVE-2020-16242 | Unspecified vulnerability in GE S2020 Firmware and S2024 Firmware The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts. | 6.1 |
2020-09-23 | CVE-2020-16240 | Unspecified vulnerability in GE Asset Performance Management Classic 4.4 GE Digital APM Classic, Versions 4.4 and prior. | 5.3 |
2020-04-15 | CVE-2020-6992 | Improper Privilege Management vulnerability in GE Cimplicity A local privilege escalation vulnerability has been identified in the GE Digital CIMPLICITY HMI/SCADA product v10.0 and prior. | 6.7 |
2020-02-20 | CVE-2020-6977 | Unspecified vulnerability in GE products A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. low complexity ge | 6.8 |
2019-12-18 | CVE-2019-18267 | Cross-site Scripting vulnerability in GE S2020 Firmware and S2020G Firmware An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. | 5.4 |
2019-07-10 | CVE-2019-10966 | Improper Authentication vulnerability in GE products In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exists where serial devices are connected via an added unsecured terminal server to a TCP/IP network configuration, which could allow an attacker to remotely modify device configuration and silence alarms. | 5.3 |
2019-05-09 | CVE-2019-6544 | Unspecified vulnerability in GE Communicator 3.15 GE Communicator, all versions prior to 4.0.517, has a service running with system privileges that may allow an unprivileged user to perform certain administrative actions, which may allow the execution of scheduled scripts with system administrator privileges. | 5.6 |