CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0CVE-2017-7905
https://notcve.org/view.php?id=CVE-2017-7905
30 Jun 2017 — A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware version... • http://www.securityfocus.com/bid/98063 • CWE-261: Weak Encoding for Password CWE-326: Inadequate Encryption Strength CWE-330: Use of Insufficiently Random Values CWE-522: Insufficiently Protected Credentials •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2016-9360
https://notcve.org/view.php?id=CVE-2016-9360
13 Feb 2017 — An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session. Se encontró un problema en General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 y versiones anteriores, Proficy HMI/SCADA CIMPLICITY Versión 9.0 y versiones anteriores y P... • http://www.securityfocus.com/bid/95630 • CWE-522: Insufficiently Protected Credentials •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2016-5788
https://notcve.org/view.php?id=CVE-2016-5788
25 Nov 2016 — General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote attackers to obtain privileged access via unspecified vectors. General Electric (GE) Bently Nevada 3500/22M USB con firmware en versiones anteriores a 5.0 y Bently Nevada 3500/22M Serial tienen puertos abiertos, lo que facilita a atacantes remotos obtener acceso privilegiado a través de vectores no especificados. • http://www.securityfocus.com/bid/93452 • CWE-254: 7PK - Security Features CWE-285: Improper Authorization •
CVSS: 6.3EPSS: 0%CPEs: 27EXPL: 0CVE-2016-5787
https://notcve.org/view.php?id=CVE-2016-5787
15 Jul 2016 — General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors. General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY en versiones anteriores a 8.2 SIM 27 no maneja adecuadamente el servicio DACLs, lo que permite a usuarios locales modificar una configuración de servicio a través de vectores no especificados. • http://www.securityfocus.com/bid/91727 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2016-2310
https://notcve.org/view.php?id=CVE-2016-2310
09 Jun 2016 — General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface. Switches General Electric (GE) Multilink ML800, ML1200, ML1600 y ML2400 con firmware en versiones anteriores a 5.5.0 y switches ML810, ML3000 y ML3100 con firmware en versiones anteriores a 5.5.0k tienen credenciales embebidas, l... • https://ics-cert.us-cert.gov/advisories/ICSA-16-154-01 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2016-0861 – GE Industrial Solutions UPS SNMP Adapter < 4.8 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-0861
04 Feb 2016 — General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands via unspecified vectors. Dispositivos General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter con firmware en versiones anteriores a 4.8 permiten a usuarios remotos autenticados ejecutar comandos arbitrarios a través de vectores no especificados. GE Industrial Solutions UPS SNMP adapter suffers from command injection and clear-text storage of... • https://packetstorm.news/files/id/135586 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 2CVE-2016-0862 – GE Industrial Solutions UPS SNMP Adapter < 4.8 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-0862
04 Feb 2016 — General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors. Dispositivos General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter con firmware en versiones anteriores a 4.8 permiten a usuarios remotos autenticados obtener información de cuenta en texto plano sensible a través de vectores no especificados. GE Industrial Solutions UPS SNMP adapter suffers from... • https://packetstorm.news/files/id/135586 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 31%CPEs: 2EXPL: 0CVE-2015-6459 – GE MDS PulseNET FileDownloadServlet Directory Traversal Information Disclosure And Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2015-6459
16 Sep 2015 — Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname. Vulnerabilidad de salto de ruta absoluta en la funcionalidad de descarga en FileDownloadServlet en GE Digital Energy MDS PulseNET y MDS PulseNET Enterprise en versiones anteriores a 3.1.5, permite a atacantes remotos leer o eliminar archivos arbitrarios a través de un nomb... • http://www.gedigitalenergy.com/app/resources.aspx?prod=pulsenet&type=9 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 5%CPEs: 2EXPL: 0CVE-2015-6456 – GE MDS PulseNET Hidden Support Account Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-6456
16 Sep 2015 — GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 have hardcoded credentials for a support account, which allows remote attackers to obtain administrative access, and consequently execute arbitrary code, by leveraging knowledge of the password. Vulnerabilidad en GE Digital Energy MDS PulseNET y MDS PulseNET Enterprise en versiones anteriores a 3.1.5, tienen credenciales embebidos para la cuenta de soporte, lo que permite a atacantes remotos obtener acceso adminitrativo, y consecuenteme... • http://www.gedigitalenergy.com/app/resources.aspx?prod=pulsenet&type=9 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5409
https://notcve.org/view.php?id=CVE-2014-5409
14 Mar 2015 — The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values. La tarjeta Ethernet 17046 anterior a 94450214LFMT100SEM-L.R3-CL para el GE Digital Energy Hydran M2 no genera de forma adecuada valores aleatrorios de TCP Initial Sequence Numbers (ISNs), lo que hace más fácil a atacantes remotos suplantar paquetes... • http://libraries.ge.com/download?fileid=642886573101&entity_id=31955841101&sid=101 •