Vulnerabilities > GE > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-02-18 CVE-2019-18243 Incorrect Permission Assignment for Critical Resource vulnerability in GE Ifix
HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through the registry.
local
low complexity
ge CWE-732
5.5
2021-02-18 CVE-2019-18255 Incorrect Permission Assignment for Critical Resource vulnerability in GE Ifix
HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide iFIX configurations through section objects.
local
low complexity
ge CWE-732
5.5
2020-10-20 CVE-2020-16246 Unspecified vulnerability in GE S2020 Firmware and S2024 Firmware
The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client.
network
low complexity
ge
6.1
2020-09-25 CVE-2020-16242 Unspecified vulnerability in GE S2020 Firmware and S2024 Firmware
The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts.
network
low complexity
ge
6.1
2020-09-23 CVE-2020-16240 Unspecified vulnerability in GE Asset Performance Management Classic 4.4
GE Digital APM Classic, Versions 4.4 and prior.
network
low complexity
ge
5.3
2020-04-15 CVE-2020-6992 Improper Privilege Management vulnerability in GE Cimplicity
A local privilege escalation vulnerability has been identified in the GE Digital CIMPLICITY HMI/SCADA product v10.0 and prior.
local
low complexity
ge CWE-269
6.7
2020-02-20 CVE-2020-6977 Unspecified vulnerability in GE products
A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices.
low complexity
ge
6.8
2019-12-18 CVE-2019-18267 Cross-site Scripting vulnerability in GE S2020 Firmware and S2020G Firmware
An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior.
network
low complexity
ge CWE-79
5.4
2019-07-10 CVE-2019-10966 Improper Authentication vulnerability in GE products
In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exists where serial devices are connected via an added unsecured terminal server to a TCP/IP network configuration, which could allow an attacker to remotely modify device configuration and silence alarms.
network
low complexity
ge CWE-287
5.3
2019-05-09 CVE-2019-6544 Unspecified vulnerability in GE Communicator 3.15
GE Communicator, all versions prior to 4.0.517, has a service running with system privileges that may allow an unprivileged user to perform certain administrative actions, which may allow the execution of scheduled scripts with system administrator privileges.
network
high complexity
ge
5.6