Vulnerabilities > GE > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-10-10 CVE-2018-17925 Unspecified vulnerability in GE Ifix
Multiple instances of this vulnerability (Unsafe ActiveX Control Marked Safe For Scripting) have been identified in the third-party ActiveX object provided to GE iFIX versions 2.0 - 5.8 by Gigasoft.
local
low complexity
ge
4.8
2017-10-05 CVE-2017-12732 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GE Intelligent Platforms Proficy Hmi/Scada Cimplicity
A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior.
high complexity
ge CWE-119
6.8
2017-08-28 CVE-2015-3976 Cross-site Scripting vulnerability in GE products
Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier.
network
low complexity
ge CWE-79
5.4
2017-02-13 CVE-2016-9360 Insufficiently Protected Credentials vulnerability in GE Cimplicity
An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions.
local
high complexity
ge CWE-522
6.7
2016-07-15 CVE-2016-5787 Exposure of Resource to Wrong Sphere vulnerability in GE Cimplicity
General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors.
local
low complexity
ge CWE-668
6.3
2016-02-05 CVE-2016-0862 Information Exposure vulnerability in GE Snmp/Web Adapter Firmware 4.7
General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors.
network
low complexity
ge CWE-200
6.5