CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43494
https://notcve.org/view.php?id=CVE-2022-43494
An unauthorized user could be able to read any file on the system, potentially exposing sensitive information. • https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46660
https://notcve.org/view.php?id=CVE-2022-46660
An unauthorized user could alter or write files with full control over the path and content of the file. • https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46732 – CVE-2022-46732
https://notcve.org/view.php?id=CVE-2022-46732
Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status. • https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-01 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43977
https://notcve.org/view.php?id=CVE-2022-43977
An issue was discovered on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. The debug port accessible via TCP (a qconn service) lacks access control. • https://wid.cert-bund.de/.well-known/csaf/white/2022/bsi-2022-0005.json •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43976
https://notcve.org/view.php?id=CVE-2022-43976
An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. Direct access to the API is possible on TCP port 8888 via programs located in the cgi-bin folder without any authentication. • https://wid.cert-bund.de/.well-known/csaf/white/2022/bsi-2022-0005.json •