Shodan
Vulnerabilities
Vulnerable Software
Ge:  Security Vulnerabilities
CVE-2023-0755
The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.016
Published
2023-02-23
CVE-2022-43494
An unauthorized user could be able to read any file on the system, potentially exposing sensitive information.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-01-18
CVE-2022-46331
An unauthorized user could possibly delete any file on the system.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-01-18
CVE-2022-46660
An unauthorized user could alter or write files with full control over the path and content of the file.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-01-18
CVE-2022-46732
Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-01-18
CVE-2022-38469
An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-01-18
CVE-2022-43977
An issue was discovered on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. The debug port accessible via TCP (a qconn service) lacks access control.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-01-17
CVE-2022-43975
An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. A vulnerability in the web server allows arbitrary files and configurations to be read via directory traversal over TCP port 8888.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-01-17
CVE-2022-43976
An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. Direct access to the API is possible on TCP port 8888 via programs located in the cgi-bin folder without any authentication.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-01-17
CVE-2022-24118
Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.
CVSS Score
9.1
EPSS Score
0.0
Published
2022-12-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved