Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

GE — Vulnerabilities & Security Advisories 32

Browse all 32 CVE security advisories affecting GE. AI-powered Chinese analysis, POCs, and references for each vulnerability.

General Electric operates across diverse sectors, including aviation, healthcare, and power generation, with its industrial Internet of Things (IoT) platforms forming a critical infrastructure component. Historically, vulnerabilities within GE’s software ecosystems have frequently involved remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from legacy industrial control systems or web-facing management interfaces. Notable incidents include the 2018 ransomware attack on GE Healthcare, which disrupted MRI and CT scanner operations across multiple hospitals, highlighting the tangible risks of connected medical devices. The current record of 32 Common Vulnerabilities and Exposures underscores persistent challenges in securing heterogeneous hardware and software stacks. These issues typically arise from outdated dependencies, insufficient input validation, and complex network architectures that complicate patch management. Consequently, GE faces ongoing scrutiny regarding its incident response capabilities and the resilience of its critical operational technology against evolving cyber threats.

Top products by GE: UR family CIMPLICITY Multilink ML800/1200/1600/2400 MDS PulseNET and MDS PulseNET Enterprise Voluson S8 Reason RT43X Clocks Proficy HMI/SCADA - CIMPLICITY GE Communicator iFix Aestiva and Aespire GE Ultrasound Products UR bootloader binary Reason RPV311 Proficy HMI/SCADA–CIMPLICITY Hydran M2, containing the 17046 Ethernet option
CVE IDTitleCVSSSeverityPublished
CVE-2022-3092 GE CIMPLICITY Out-of-bounds Write — CIMPLICITYCWE-787 7.8 High2022-12-07
CVE-2022-3084 GE CIMPLICITY Access of Uninitialized Pointer — CIMPLICITYCWE-824 7.8 High2022-12-07
CVE-2022-2952 GE CIMPLICITY Access of Uninitialized Pointer — CIMPLICITYCWE-824 7.8 High2022-12-07
CVE-2022-2948 GE CIMPLICITY Heap-based Buffer Overflow — CIMPLICITYCWE-122 7.8 High2022-12-07
CVE-2022-2002 GE CIMPLICITY Untrusted Pointer Dereference — CIMPLICITYCWE-822 7.8 High2022-12-07
CVE-2020-36549 GE Voluson S8 Windows Operating System Patches privileges management — Voluson S8CWE-269 8.8 High2022-06-17
CVE-2020-36548 GE Voluson S8 Service Browser users.cgi improper authentication — Voluson S8CWE-287 5.9 Medium2022-06-17
CVE-2020-36547 GE Voluson S8 Service Browser hard-coded credentials — Voluson S8CWE-798 5.9 Medium2022-06-17
CVE-2021-27422 GE UR family exposure of sensitive information to an unauthorized actor — UR familyCWE-200 7.5 High2022-03-23
CVE-2021-27426 GE UR family insecure default variable initialization — UR familyCWE-453 9.8 Critical2022-03-23
CVE-2021-27430 GE UR family hardcoded credentials — UR bootloader binaryCWE-798 8.4 High2022-03-23
CVE-2021-27424 GE UR family exposure of sensitive information to an unauthorized actor — UR familyCWE-200 5.3 Medium2022-03-23
CVE-2021-27428 GE UR family Unrestricted Upload of File with Dangerous Type — UR familyCWE-434 9.8 Critical2022-03-23
CVE-2021-27420 GE UR family input validation — UR familyCWE-20 5.3 Medium2022-03-23
CVE-2021-27418 GE UR family input validation — UR familyCWE-20 5.3 Medium2022-03-23
CVE-2020-25193 GE Reason RT43X Clocks Use of Hard-coded Cryptographic Key — Reason RT43X ClocksCWE-321 5.3 Medium2022-03-18
CVE-2020-25197 GE Reason RT43X Clocks Code Injection — Reason RT43X ClocksCWE-94 9.8 Critical2022-03-18
CVE-2021-31477 GE Reason RPV311 信任管理问题漏洞 — Reason RPV311CWE-798 9.8 -2021-06-16
CVE-2020-6977 多款GE产品安全漏洞 — GE Ultrasound ProductsCWE-693 6.8 -2020-02-20
CVE-2019-10966 GE Aestiva和GE Aespire 授权问题漏洞 — Aestiva and AespireCWE-287 5.3 -2019-07-10
CVE-2018-17925 GE iFIX Gigasoft组件安全漏洞 — iFixCWE-623 6.3 -2018-10-10
CVE-2017-7908 GE Communicator Gigasoft 缓冲区错误漏洞 — GE CommunicatorCWE-122 7.6 -2018-10-02
CVE-2018-10615 GE MDS PulseNET和MDS PulseNET Enterprise 路径遍历漏洞 — MDS PulseNET and MDS PulseNET EnterpriseCWE-23 8.1 -2018-06-04
CVE-2018-10613 GE MDS PulseNET和MDS PulseNET Enterprise 安全漏洞 — MDS PulseNET and MDS PulseNET EnterpriseCWE-611 7.5 -2018-06-04
CVE-2018-10611 GE MDS PulseNET和MDS PulseNET Enterprise 授权问题漏洞 — MDS PulseNET and MDS PulseNET EnterpriseCWE-287 9.8 -2018-06-04
CVE-2015-3976 GE Multilink Cross-site Scripting — Multilink ML800/1200/1600/2400CWE-79 5.4 -2017-08-28
CVE-2014-5409 GE Hydran M2 Predictable Value Range from Previous Values — Hydran M2, containing the 17046 Ethernet optionCWE-343 5.3 -2015-03-14
CVE-2014-2355 GE Proficy HMI/SCADA CIMPLICITY CimView — Proficy HMI/SCADA–CIMPLICITYCWE-119 7.8 -2015-01-17
CVE-2014-5418 GE Multilink Uncontrolled Resource Consumption — Multilink ML800/1200/1600/2400CWE-400 7.5 -2015-01-17
CVE-2014-5419 GE Multilink Use of Hard-coded Cryptographic Key — Multilink ML800/1200/1600/2400CWE-321 5.9 -2015-01-17

This page lists every published CVE security advisory associated with GE. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.