CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-9203
https://notcve.org/view.php?id=CVE-2014-9203
07 Feb 2015 — Buffer overflow in the Field Device Tool (FDT) Frame application in the HART Device Type Manager (DTM) library, as used in MACTek Bullet DTM 1.00.0, GE Vector DTM 1.00.0, GE SVi1000 Positioner DTM 1.00.0, GE SVI II AP Positioner DTM 2.00.1, and GE 12400 Level Transmitter DTM 1.00.0, allows remote attackers to cause a denial of service (DTM outage) via crafted packets. Desbordamiento de buffer en la aplicación Frame Field Device Tool (FDT) en la libraría HART Device Type Manager (DTM), utilizada en MACTek Bu... • http://www.geoilandgas.com/securityadvisory • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2014-5419
https://notcve.org/view.php?id=CVE-2014-5419
17 Jan 2015 — GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key across different customers' installations, which makes it easier for remote attackers to obtain the cleartext content of network traffic by reading this key from a firmware image and then sniffing the network. Los switches GE Multilink ML800, ML1200, ML1600, y ML2400 con firmware 4.2.1 y anteriores y los switches... • http://www.gedigitalenergy.com/products/support/multilink/MLSB1214.pdf • CWE-310: Cryptographic Issues •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2355
https://notcve.org/view.php?id=CVE-2014-2355
17 Jan 2015 — The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file. Los componentes (1) CimView y (2) CimEdit en GE Proficy HMI/SCADA-CIMPLICITY 8.2 y anteriores permiten a atacantes remotos ganar privilegios a través de un fichero de pantalla CIMPLICITY manipulado (también conocido como .CIM). • https://ics-cert.us-cert.gov/advisories/ICSA-14-289-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2014-5418
https://notcve.org/view.php?id=CVE-2014-5418
17 Jan 2015 — GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier allow remote attackers to cause a denial of service (resource consumption or reboot) via crafted packets. Los switches GE Multilink ML800, ML1200, ML1600, y ML2400 con firmware 4.2.1 y anteriores y los switches Multilink ML810, ML3000, y ML3100 con firmware 5.2.0 y anteriores permiten a atacantes remotos causar una denegación de servicio (co... • http://www.gedigitalenergy.com/products/support/multilink/MLSB1214.pdf • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 22%CPEs: 7EXPL: 0CVE-2014-0751 – GE Proficy CIMPLICITY CimWebServer File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0751
25 Jan 2014 — Directory traversal vulnerability in CimWebServer.exe (aka the WebView component) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted message to TCP port 10212, aka ZDI-CAN-1623. Vulnerabilidad de salto de directorio en CimWebServer.exe (también conocido como el componente WebView) en GE Intelligent Platforms Proficy HMI / SCADA - CIMPLICITY anterior a 8.2 SIM 24 y Proficy P... • http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 28%CPEs: 7EXPL: 2CVE-2014-0750 – GE Proficy CIMPLICITY gefebt.exe File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0750
25 Jan 2014 — Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP request, aka ZDI-CAN-1622. Vulnerabilidad de recorrido de directorios en gefebt.exe en los componentes WebView CimWeb de GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY hasta 8.2 SIM 24, y Proficy Process Systems with CIMPLICITY, ... • https://packetstorm.news/files/id/125467 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2013-2811
https://notcve.org/view.php?id=CVE-2013-2811
22 Nov 2013 — The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow remote attackers to cause a denial of service (infinite loop) via a crafted DNP3 TCP packet. El driver (1) Catapult DNP3 I/O anterior a la versión 7.2.0.60 y (2) el driver GE Intelligent Platforms Proficy DNP3 I/O anterior a 7.20k, tal y como se usa en DN... • http://ics-cert.us-cert.gov/advisories/ICSA-13-297-01 • CWE-20: Improper Input Validation •
CVSS: 6.2EPSS: 0%CPEs: 19EXPL: 0CVE-2013-2823
https://notcve.org/view.php?id=CVE-2013-2823
22 Nov 2013 — The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and iFIX, allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over a serial line. El driver (1) Catapult DNP3 I/O anterior a la versión 7.2.0.60 y el driver (2) GE Intelligent Platforms Proficy DNP3 I/O anterior a la versió... • http://ics-cert.us-cert.gov/advisories/ICSA-13-297-01 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 31%CPEs: 4EXPL: 0CVE-2013-2785 – GE Proficy CIMPLICITY CimWebServer Broadcase/Init Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-2785
26 Jul 2013 — Multiple buffer overflows in CimWebServer.exe in the WebView component in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.0 SIM 27, 8.1 before SIM 25, and 8.2 before SIM 19, and Proficy Process Systems with CIMPLICITY, allow remote attackers to execute arbitrary code via crafted data in packets to TCP port 10212, aka ZDI-CAN-1621 and ZDI-CAN-1624. Múltiples vulnerabilidades de desbordamiento de búfer en GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY anterior a 8.0 SIM 27, 8.1 anter... • http://ics-cert.us-cert.gov/advisories/ICSA-13-170-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2013-0652
https://notcve.org/view.php?id=CVE-2013-0652
27 Jan 2013 — GE Intelligent Platforms Proficy Real-Time Information Portal does not restrict access to methods of an unspecified Java class, which allows remote attackers to obtain a username listing via an RMI call. GE Intelligent Platforms Proficy Real-Time Information Portal no restringe el acceso a los métodos de una clase Java no especificada, que permite a atacantes remotos obtener una lista de nombres de usuario a través de una llamada RMI. • http://www.us-cert.gov/control_systems/pdf/ICSA-13-022-01.pdf • CWE-264: Permissions, Privileges, and Access Controls •