Ge: Security Vulnerabilities
Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell. This affects iNET and iNET II before 8.3.0.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-12-26
Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0.
CVSS Score
4.6
EPSS Score
0.0
Published
2022-12-26
Certain General Electric Renewable Energy products have inadequate encryption strength. This affects iNET and iNET II before 8.3.0.
CVSS Score
9.8
EPSS Score
0.0
Published
2022-12-26
Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-12-26
GE CIMPICITY versions 2022 and prior is
vulnerable to an out-of-bounds write, which could allow an attacker to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-12-08
GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-12-08
GE CIMPICITY versions 2022 and prior is
vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-12-07
GE CIMPICITY versions 2022 and prior is
vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-12-07
GE CIMPICITY versions 2022 and prior is
vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-12-07
A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST (<v07.09.15) could allow an attacker to compromise a victim's browser. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater.
CVSS Score
4.7
EPSS Score
0.003
Published
2022-08-25