CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6566
https://notcve.org/view.php?id=CVE-2019-6566
09 May 2019 — GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to replace the uninstaller with a malicious version, which could allow an attacker to gain administrator privileges to the system. GE Communicator, en todas las versiones anteriores a la 4.0.517, permite que un usuario no administrativo reemplace el desinstalador con una versión maliciosa,que podría permitir a un atacante conseguir privilegios de administrador del sistema. • https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02 • CWE-284: Improper Access Control •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6544
https://notcve.org/view.php?id=CVE-2019-6544
09 May 2019 — GE Communicator, all versions prior to 4.0.517, has a service running with system privileges that may allow an unprivileged user to perform certain administrative actions, which may allow the execution of scheduled scripts with system administrator privileges. This service is inaccessible to attackers if Windows default firewall settings are used by the end user. GE Communicator, todas las versiones anteriores a 4.0.517, permite que un atacante ponga archivos maliciosos en el directorio de trabajo del progr... • https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6548
https://notcve.org/view.php?id=CVE-2019-6548
09 May 2019 — GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user. GE Communicator, todas las versiones anteriores a 4.0.517, contiene dos cuentas backdoor con credenciales cifradas, que pueden permitir control de la base de datos. Este servicio es inaccesible para atacantes si el usuario final usa la configuración por def... • https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6546
https://notcve.org/view.php?id=CVE-2019-6546
09 May 2019 — GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements. En DoBox_CstmBox_Info.model.htm en los dispositivos Kyocera TASKalfa versión 4002i y versión 6002i, permite a los atacantes remotos leer los documentos de usuarios arbitrarios por medio de una petición HTTP modificada. • https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6564
https://notcve.org/view.php?id=CVE-2019-6564
09 May 2019 — GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious files within the installer file directory, which may allow an attacker to gain administrative privileges on a system during installation or upgrade. En GE Communicator, todas las versiones anteriores a 4.0.517, permite que un usuario no administrativo ponga archivos maliciosos en el directorio del archivo del instalador, que puede permitir a un atacante conseguir privilegios administrativos en un sistema dura... • https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2017-7908
https://notcve.org/view.php?id=CVE-2017-7908
02 Oct 2018 — A heap-based buffer overflow exists in the third-party product Gigasoft, v5 and prior, included in GE Communicator 3.15 and prior. A malicious HTML file that loads the ActiveX controls can trigger the vulnerability via unchecked function calls. Existe un desbordamiento de búfer basado en memoria dinámica (heap) en el producto de terceros Gigasoft, en versiones v5 y anteriores, que está incluido en GE Communicator en versiones 3.15 y anteriores. Un archivo HTML malicioso que carga los controles ActiveX puede... • http://www.securityfocus.com/bid/99580 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •