CVSS: 4.9EPSS: 0%CPEs: 16EXPL: 0CVE-2022-24120
https://notcve.org/view.php?id=CVE-2022-24120
26 Dec 2022 — Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0. Ciertos productos de General Electric Renewable Energy almacenan credenciales de texto plano en la memoria flash. Esto afecta a iNET e iNET II anteriores a 8.3.0. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3092 – GE CIMPLICITY Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2022-3092
07 Dec 2022 — GE CIMPICITY versions 2022 and prior is vulnerable to an out-of-bounds write, which could allow an attacker to execute arbitrary code. Las versiones 2022 y anteriores de GE CIMPICITY son vulnerables a una escritura fuera de los límites, lo que podría permitir a un atacante ejecutar código arbitrario. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3084 – GE CIMPLICITY Access of Uninitialized Pointer
https://notcve.org/view.php?id=CVE-2022-3084
07 Dec 2022 — GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiRootOptionTable, which could allow an attacker to execute arbitrary code. GE CIMPICITY versiones 2022 y anteriores es vulnerable cuando los datos de una dirección defectuosa controlan el flujo de código a partir de gmmiObj!CGmmiRootOptionTable, lo que podría permitir a un atacante ejecutar código arbitrario. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2952 – GE CIMPLICITY Access of Uninitialized Pointer
https://notcve.org/view.php?id=CVE-2022-2952
07 Dec 2022 — GE CIMPICITY versions 2022 and prior is vulnerable when data from a faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. GE CIMPICITY versiones 2022 y anteriores es vulnerable cuando los datos de una dirección defectuosa controlan el flujo de código a partir de gmmiObj!CGmmiOptionContainer, lo que podría permitir a un atacante ejecutar código arbitrario. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2948 – GE CIMPLICITY Heap-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2022-2948
07 Dec 2022 — GE CIMPICITY versions 2022 and prior is vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code. Las versiones 2022 y anteriores de GE CIMPICITY son vulnerables a un desbordamiento de búfer de almacenamiento dinámico, lo que podría permitir a un atacante ejecutar código arbitrario. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2002 – GE CIMPLICITY Untrusted Pointer Dereference
https://notcve.org/view.php?id=CVE-2022-2002
07 Dec 2022 — GE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code. GE CIMPICITY versiones 2022 y anteriores es vulnerable cuando los datos de la dirección defectuosa controlan el flujo de código que comienza en gmmiObj!CGmmiOptionContainer, lo que podría permitir a un atacante ejecutar código arbitrario. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-326-04 • CWE-822: Untrusted Pointer Dereference •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 1CVE-2022-2825 – Kepware KEPServerEX Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-2825
21 Oct 2022 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://github.com/alej6/MassCyberCenter-Mentorship-Project- • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.4EPSS: 0%CPEs: 8EXPL: 0CVE-2022-2848 – Kepware KEPServerEX Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-2848
21 Oct 2022 — This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX 6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-10 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37952 – WorkstationST - Reflected XSS in iHistorian Data Display Tags
https://notcve.org/view.php?id=CVE-2022-37952
25 Aug 2022 — A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST (
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37953 – WorkstationST - Response Splitting in AM Gateway Challenge-Response
https://notcve.org/view.php?id=CVE-2022-37953
25 Aug 2022 — An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST (