GE : Security Vulnerabilities, CVEs, (Directory traversal)
An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. A vulnerability in the web server allows arbitrary files and configurations to be read via directory traversal over TCP port 8888.
Max CVSS
7.5
EPSS Score
0.14%
Published
2023-01-17
Updated
2023-01-30
GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to 05.02.04C, EX2100e All versions prior to v04.09.00C, EX2100e_Reg All versions prior to v04.09.00C, and LS2100e All versions prior to v04.09.00C The affected versions of the application have a path traversal vulnerability that fails to restrict the ability of an attacker to gain access to restricted information.
Max CVSS
7.5
EPSS Score
0.22%
Published
2018-12-14
Updated
2019-10-09
Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior host platform.
Max CVSS
8.1
EPSS Score
0.17%
Published
2018-06-04
Updated
2019-10-09
Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname.
Max CVSS
10.0
EPSS Score
61.43%
Published
2015-09-18
Updated
2015-09-23
Directory traversal vulnerability in CimWebServer.exe (aka the WebView component) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted message to TCP port 10212, aka ZDI-CAN-1623.
Max CVSS
7.5
EPSS Score
41.38%
Published
2014-01-25
Updated
2014-02-21
CVE-2014-0750
Public exploit
Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP request, aka ZDI-CAN-1622.
Max CVSS
7.5
EPSS Score
38.43%
Published
2014-01-25
Updated
2014-02-21
CVE-2013-0653
Public exploit
Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to read arbitrary files via a crafted packet.
Max CVSS
4.3
EPSS Score
2.17%
Published
2013-01-27
Updated
2013-01-29
Directory traversal vulnerability in rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6, 3.0, 3.0 SP1, and 3.5 allows remote attackers to modify the configuration via crafted strings.
Max CVSS
6.4
EPSS Score
10.02%
Published
2012-03-15
Updated
2012-11-01
8 vulnerabilities found