GECVEs & Vulnerabilities

128 CVEs affecting GE products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

intelligent platforms proficy hmi\/scada cimplicity 34intelligent platforms proficy historian 23intelligent platforms proficy real-time information portal 20cimplicity 15intelligent platforms proficy plant applications 12industrial gateway server 10intelligent platforms proficy hmi\/scada ifix 8ifix 7
CVE-2023-5909HIGH

KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.

1 Dec 2023
7.5
CVSS
CVE-2023-5908CRITICAL

KEPServerEX is vulnerable to a buffer overflow which may allow an attacker to crash the product being accessed or leak information.

1 Dec 2023
9.1
CVSS
CVE-2023-0898HIGH

General Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application.

7 Nov 2023
7.3
CVSS
CVE-2023-4487HIGH

GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software.

6 Sep 2023
7.8
CVSS
CVE-2023-3463CRITICAL

All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer overflows, uninitialized pointers, and a heap-based buffer overflow. Successful exploitation could allow an attacker to execute arbitrary code.

19 Jul 2023
9.8
CVSS
CVE-2023-1552HIGH

ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a Toolbox user's context through the deserialization of an untrusted configuration file. Two CVSS scores have been provided to capture the differences between the two aforementioned attack vectors.  Customers are advised to update to ToolboxST 7.10 which can be found in ControlST 7.10. If unable to update at this time customers should ensure they are following the guidance laid out in GE Gas Power's Secure Deployment Guide (GEH-6839). Customers should ensure they are not running ToolboxST as an Administrative user. 

11 Apr 2023
7.8
CVSS
CVE-2022-2848CRITICAL

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16486.

29 Mar 2023
9.1
CVSS
CVE-2022-2825CRITICAL

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-18411.

29 Mar 2023
9.8
CVSS
CVE-2023-0598CRITICAL

GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in the expected web server execution path and gain full control of the HMI software.

16 Mar 2023
9.8
CVSS
CVE-2023-0755CRITICAL

The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code.

24 Feb 2023
9.8
CVSS
CVE-2023-0754CRITICAL

The affected products are vulnerable to an integer overflow or wraparound, which could  allow an attacker to crash the server and remotely execute arbitrary code.

24 Feb 2023
9.8
CVSS
CVE-2022-46732CRITICAL

Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status.

18 Jan 2023
9.8
CVSS
CVE-2022-46660MEDIUM

An unauthorized user could alter or write files with full control over the path and content of the file.

18 Jan 2023
6.5
CVSS
CVE-2022-46331HIGH

An unauthorized user could possibly delete any file on the system.

18 Jan 2023
8.1
CVSS
CVE-2022-43494MEDIUM

An unauthorized user could be able to read any file on the system, potentially exposing sensitive information.

18 Jan 2023
6.5
CVSS
CVE-2022-38469HIGH

An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords.

18 Jan 2023
7.5
CVSS
CVE-2022-43977CRITICAL

An issue was discovered on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. The debug port accessible via TCP (a qconn service) lacks access control.

18 Jan 2023
9.8
CVSS
CVE-2022-43976CRITICAL

An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. Direct access to the API is possible on TCP port 8888 via programs located in the cgi-bin folder without any authentication.

18 Jan 2023
9.8
CVSS
CVE-2022-43975HIGH

An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. A vulnerability in the web server allows arbitrary files and configurations to be read via directory traversal over TCP port 8888.

18 Jan 2023
7.5
CVSS
CVE-2022-24120MEDIUM

Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0.

26 Dec 2022
4.6
CVSS
CVE-2022-24119CRITICAL

Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell. This affects iNET and iNET II before 8.3.0.

26 Dec 2022
9.8
CVSS
CVE-2022-24118CRITICAL

Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.

26 Dec 2022
9.1
CVSS
CVE-2022-24117CRITICAL

Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.

26 Dec 2022
9.8
CVSS
CVE-2022-24116CRITICAL

Certain General Electric Renewable Energy products have inadequate encryption strength. This affects iNET and iNET II before 8.3.0.

26 Dec 2022
9.8
CVSS
CVE-2022-3092HIGH

GE CIMPICITY versions 2022 and prior is vulnerable to an out-of-bounds write, which could allow an attacker to execute arbitrary code.

8 Dec 2022
7.8
CVSS
CVE-2022-3084HIGH

GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary code.

8 Dec 2022
7.8
CVSS
CVE-2022-2952HIGH

GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.

8 Dec 2022
7.8
CVSS
CVE-2022-2948HIGH

GE CIMPICITY versions 2022 and prior is vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code.

8 Dec 2022
7.8
CVSS
CVE-2022-2002HIGH

GE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.

8 Dec 2022
7.8
CVSS
CVE-2022-37953MEDIUM

An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST (<v07.09.15) and could allow an attacker to compromise a victim's browser/session. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater.

25 Aug 2022
6.1
CVSS
CVE-2022-37952MEDIUM

A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST (<v07.09.15) could allow an attacker to compromise a victim's browser. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater.

25 Aug 2022
6.1
CVSS
CVE-2020-36549HIGH

A vulnerability classified as critical was found in GE Voluson S8. Affected is the underlying Windows XP operating system. Missing patches might introduce an excessive attack surface. Access to the local network is required for this attack to succeed.

17 Jun 2022
7.8
CVSS
CVE-2020-36548HIGH

A vulnerability classified as problematic has been found in GE Voluson S8. Affected is the file /uscgi-bin/users.cgi of the Service Browser. The manipulation leads to improper authentication and elevated access possibilities. It is possible to launch the attack on the local host.

17 Jun 2022
7.8
CVSS
CVE-2020-36547HIGH

A vulnerability was found in GE Voluson S8. It has been rated as critical. This issue affects the Service Browser which itroduces hard-coded credentials. Attacking locally is a requirement. It is recommended to change the configuration settings.

17 Jun 2022
7.8
CVSS
CVE-2021-44477HIGH

GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. The vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project/template file.

25 Mar 2022
7.5
CVSS
CVE-2021-27430MEDIUM

GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR.

23 Mar 2022
6.8
CVSS
CVE-2021-27428CRITICAL

GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without appropriate privileges. The weakness is assessed, and mitigation is implemented in firmware Version 8.10.

23 Mar 2022
9.8
CVSS
CVE-2021-27426CRITICAL

GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user.

23 Mar 2022
9.8
CVSS
CVE-2021-27424MEDIUM

GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the communications guide. GE was made aware a “Last-key pressed” MODBUS register can be used to gain unauthorized information.

23 Mar 2022
5.3
CVSS
CVE-2021-27422HIGH

GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication.

23 Mar 2022
7.5
CVSS
CVE-2021-27420MEDIUM

GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By itself, this is not particularly significant as the relay remains effective in all other functionality and communication channels.

23 Mar 2022
5.3
CVSS
CVE-2021-27418MEDIUM

GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTML encoding of user-supplied strings.

23 Mar 2022
6.1
CVSS
CVE-2020-25197HIGH

A code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06 that could allow an authenticated remote attacker to execute arbitrary code on the system.

18 Mar 2022
8.8
CVSS
CVE-2020-25193MEDIUM

By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection.

18 Mar 2022
5.3
CVSS
CVE-2022-23921HIGH

Exploitation of this vulnerability may result in local privilege escalation and code execution. GE maintains exploitation of this vulnerability is only possible if the attacker has login access to a machine actively running CIMPLICITY, the CIMPLICITY server is not already running a project, and the server is licensed for multiple projects.

25 Feb 2022
7.8
CVSS
CVE-2022-21798CRITICAL

The affected product is vulnerable due to cleartext transmission of credentials seen in the CIMPLICITY network, which can be easily spoofed and used to log in to make operational changes to the system.

25 Feb 2022
9.8
CVSS
CVE-2021-31477HIGH

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware and filesystem contain hard-coded default credentials. An attacker can leverage this vulnerability to execute code in the context of the download user. Was ZDI-CAN-11852.

17 Jun 2021
7.3
CVSS
CVE-2021-27454HIGH

The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 (all firmware versions prior to 02A04.1).

25 Mar 2021
7.8
CVSS
← PrevPage 1 / 3Next →
GE CVEs & Vulnerabilities — 128 Tracked