Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for ge_communicator by ge

    CVE-2019-6566 (GCVE-0-2019-6566)

    Vulnerability from nvd – Published: 2019-05-09 14:51 – Updated: 2024-08-04 20:23
    VLAI
    Summary
    GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to replace the uninstaller with a malicious version, which could allow an attacker to gain administrator privileges to the system.
    Severity
    No CVSS data available.
    CWE
    • CWE-284 - IMPROPER ACCESS CONTROLS CWE-284
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a GE Communicator Affected: All versions prior to 4.0.517
    Date Public
    2019-05-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:23:21.879Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GE Communicator",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 4.0.517"
                }
              ]
            }
          ],
          "datePublic": "2019-05-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to replace the uninstaller with a malicious version, which could allow an attacker to gain administrator privileges to the system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "IMPROPER ACCESS CONTROLS CWE-284",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-05-09T14:51:49.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2019-6566",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GE Communicator",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 4.0.517"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to replace the uninstaller with a malicious version, which could allow an attacker to gain administrator privileges to the system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER ACCESS CONTROLS CWE-284"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2019-6566",
        "datePublished": "2019-05-09T14:51:49.000Z",
        "dateReserved": "2019-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:23:21.879Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6564 (GCVE-0-2019-6564)

    Vulnerability from nvd – Published: 2019-05-09 14:27 – Updated: 2024-08-04 20:23
    VLAI
    Summary
    GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious files within the installer file directory, which may allow an attacker to gain administrative privileges on a system during installation or upgrade.
    Severity
    No CVSS data available.
    CWE
    • CWE-427 - UNCONTROLLED SEARCH PATH CWE-427
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a GE Communicator Affected: All versions prior to 4.0.517
    Date Public
    2019-05-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:23:22.042Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GE Communicator",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 4.0.517"
                }
              ]
            }
          ],
          "datePublic": "2019-05-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious files within the installer file directory, which may allow an attacker to gain administrative privileges on a system during installation or upgrade."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "UNCONTROLLED SEARCH PATH CWE-427",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-05-09T14:27:08.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2019-6564",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GE Communicator",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 4.0.517"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious files within the installer file directory, which may allow an attacker to gain administrative privileges on a system during installation or upgrade."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "UNCONTROLLED SEARCH PATH CWE-427"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2019-6564",
        "datePublished": "2019-05-09T14:27:08.000Z",
        "dateReserved": "2019-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:23:22.042Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6548 (GCVE-0-2019-6548)

    Vulnerability from nvd – Published: 2019-05-09 14:28 – Updated: 2024-08-04 20:23
    VLAI
    Summary
    GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user.
    Severity
    No CVSS data available.
    CWE
    • CWE-798 - USE OF HARD-CODED CREDENTIALS CWE-798
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a GE Communicator Affected: All versions prior to 4.0.517
    Date Public
    2019-05-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:23:21.489Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GE Communicator",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 4.0.517"
                }
              ]
            }
          ],
          "datePublic": "2019-05-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "USE OF HARD-CODED CREDENTIALS CWE-798",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-05-09T14:28:07.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2019-6548",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GE Communicator",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 4.0.517"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "USE OF HARD-CODED CREDENTIALS CWE-798"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2019-6548",
        "datePublished": "2019-05-09T14:28:07.000Z",
        "dateReserved": "2019-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:23:21.489Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6546 (GCVE-0-2019-6546)

    Vulnerability from nvd – Published: 2019-05-09 14:27 – Updated: 2024-08-04 20:23
    VLAI
    Summary
    GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements.
    Severity
    No CVSS data available.
    CWE
    • CWE-427 - UNCONTROLLED SEARCH PATH CWE-427
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a GE Communicator Affected: All versions prior to 4.0.517
    Date Public
    2019-05-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:23:21.493Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GE Communicator",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 4.0.517"
                }
              ]
            }
          ],
          "datePublic": "2019-05-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "UNCONTROLLED SEARCH PATH CWE-427",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-05-09T14:27:35.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2019-6546",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GE Communicator",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 4.0.517"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "UNCONTROLLED SEARCH PATH CWE-427"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2019-6546",
        "datePublished": "2019-05-09T14:27:35.000Z",
        "dateReserved": "2019-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:23:21.493Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6544 (GCVE-0-2019-6544)

    Vulnerability from nvd – Published: 2019-05-09 14:51 – Updated: 2024-08-04 20:23
    VLAI
    Summary
    GE Communicator, all versions prior to 4.0.517, has a service running with system privileges that may allow an unprivileged user to perform certain administrative actions, which may allow the execution of scheduled scripts with system administrator privileges. This service is inaccessible to attackers if Windows default firewall settings are used by the end user.
    Severity
    No CVSS data available.
    CWE
    • CWE-284 - IMPROPER ACCESS CONTROLS CWE-284
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a GE Communicator Affected: All versions prior to 4.0.517
    Date Public
    2019-05-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:23:22.133Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GE Communicator",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 4.0.517"
                }
              ]
            }
          ],
          "datePublic": "2019-05-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GE Communicator, all versions prior to 4.0.517, has a service running with system privileges that may allow an unprivileged user to perform certain administrative actions, which may allow the execution of scheduled scripts with system administrator privileges. This service is inaccessible to attackers if Windows default firewall settings are used by the end user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "IMPROPER ACCESS CONTROLS CWE-284",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-05-09T14:51:24.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2019-6544",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GE Communicator",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 4.0.517"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GE Communicator, all versions prior to 4.0.517, has a service running with system privileges that may allow an unprivileged user to perform certain administrative actions, which may allow the execution of scheduled scripts with system administrator privileges. This service is inaccessible to attackers if Windows default firewall settings are used by the end user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER ACCESS CONTROLS CWE-284"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2019-6544",
        "datePublished": "2019-05-09T14:51:24.000Z",
        "dateReserved": "2019-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:23:22.133Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-7908 (GCVE-0-2017-7908)

    Vulnerability from nvd – Published: 2018-10-02 21:00 – Updated: 2024-09-17 03:12
    VLAI
    Summary
    A heap-based buffer overflow exists in the third-party product Gigasoft, v5 and prior, included in GE Communicator 3.15 and prior. A malicious HTML file that loads the ActiveX controls can trigger the vulnerability via unchecked function calls.
    Severity
    No CVSS data available.
    CWE
    • CWE-122 - HEAP-BASED BUFFER OVERFLOW CWE-122
    Assigner
    References
    Impacted products
    Vendor Product Version
    GE GE Communicator Affected: Communicator 3.15 and prior.
    Create a notification for this product.
    Date Public
    2018-10-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:19:29.259Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-275-02"
              },
              {
                "name": "99580",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99580"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GE Communicator",
              "vendor": "GE",
              "versions": [
                {
                  "status": "affected",
                  "version": "Communicator 3.15 and prior."
                }
              ]
            }
          ],
          "datePublic": "2018-10-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A heap-based buffer overflow exists in the third-party product Gigasoft, v5 and prior, included in GE Communicator 3.15 and prior. A malicious HTML file that loads the ActiveX controls can trigger the vulnerability via unchecked function calls."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "HEAP-BASED BUFFER OVERFLOW CWE-122",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-03T09:57:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-275-02"
            },
            {
              "name": "99580",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99580"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-10-02T00:00:00",
              "ID": "CVE-2017-7908",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GE Communicator",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Communicator 3.15 and prior."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A heap-based buffer overflow exists in the third-party product Gigasoft, v5 and prior, included in GE Communicator 3.15 and prior. A malicious HTML file that loads the ActiveX controls can trigger the vulnerability via unchecked function calls."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "HEAP-BASED BUFFER OVERFLOW CWE-122"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-275-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-275-02"
                },
                {
                  "name": "99580",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99580"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2017-7908",
        "datePublished": "2018-10-02T21:00:00.000Z",
        "dateReserved": "2017-04-18T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:12:49.643Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6566 (GCVE-0-2019-6566)

    Vulnerability from cvelistv5 – Published: 2019-05-09 14:51 – Updated: 2024-08-04 20:23
    VLAI
    Summary
    GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to replace the uninstaller with a malicious version, which could allow an attacker to gain administrator privileges to the system.
    Severity
    No CVSS data available.
    CWE
    • CWE-284 - IMPROPER ACCESS CONTROLS CWE-284
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a GE Communicator Affected: All versions prior to 4.0.517
    Date Public
    2019-05-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:23:21.879Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GE Communicator",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 4.0.517"
                }
              ]
            }
          ],
          "datePublic": "2019-05-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to replace the uninstaller with a malicious version, which could allow an attacker to gain administrator privileges to the system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "IMPROPER ACCESS CONTROLS CWE-284",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-05-09T14:51:49.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2019-6566",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GE Communicator",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 4.0.517"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to replace the uninstaller with a malicious version, which could allow an attacker to gain administrator privileges to the system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER ACCESS CONTROLS CWE-284"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2019-6566",
        "datePublished": "2019-05-09T14:51:49.000Z",
        "dateReserved": "2019-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:23:21.879Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6544 (GCVE-0-2019-6544)

    Vulnerability from cvelistv5 – Published: 2019-05-09 14:51 – Updated: 2024-08-04 20:23
    VLAI
    Summary
    GE Communicator, all versions prior to 4.0.517, has a service running with system privileges that may allow an unprivileged user to perform certain administrative actions, which may allow the execution of scheduled scripts with system administrator privileges. This service is inaccessible to attackers if Windows default firewall settings are used by the end user.
    Severity
    No CVSS data available.
    CWE
    • CWE-284 - IMPROPER ACCESS CONTROLS CWE-284
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a GE Communicator Affected: All versions prior to 4.0.517
    Date Public
    2019-05-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:23:22.133Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GE Communicator",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 4.0.517"
                }
              ]
            }
          ],
          "datePublic": "2019-05-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GE Communicator, all versions prior to 4.0.517, has a service running with system privileges that may allow an unprivileged user to perform certain administrative actions, which may allow the execution of scheduled scripts with system administrator privileges. This service is inaccessible to attackers if Windows default firewall settings are used by the end user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "IMPROPER ACCESS CONTROLS CWE-284",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-05-09T14:51:24.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2019-6544",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GE Communicator",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 4.0.517"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GE Communicator, all versions prior to 4.0.517, has a service running with system privileges that may allow an unprivileged user to perform certain administrative actions, which may allow the execution of scheduled scripts with system administrator privileges. This service is inaccessible to attackers if Windows default firewall settings are used by the end user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER ACCESS CONTROLS CWE-284"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2019-6544",
        "datePublished": "2019-05-09T14:51:24.000Z",
        "dateReserved": "2019-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:23:22.133Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6548 (GCVE-0-2019-6548)

    Vulnerability from cvelistv5 – Published: 2019-05-09 14:28 – Updated: 2024-08-04 20:23
    VLAI
    Summary
    GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user.
    Severity
    No CVSS data available.
    CWE
    • CWE-798 - USE OF HARD-CODED CREDENTIALS CWE-798
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a GE Communicator Affected: All versions prior to 4.0.517
    Date Public
    2019-05-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:23:21.489Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GE Communicator",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 4.0.517"
                }
              ]
            }
          ],
          "datePublic": "2019-05-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "USE OF HARD-CODED CREDENTIALS CWE-798",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-05-09T14:28:07.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2019-6548",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GE Communicator",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 4.0.517"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GE Communicator, all versions prior to 4.0.517, contains two backdoor accounts with hardcoded credentials, which may allow control over the database. This service is inaccessible to attackers if Windows default firewall settings are used by the end user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "USE OF HARD-CODED CREDENTIALS CWE-798"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2019-6548",
        "datePublished": "2019-05-09T14:28:07.000Z",
        "dateReserved": "2019-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:23:21.489Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6546 (GCVE-0-2019-6546)

    Vulnerability from cvelistv5 – Published: 2019-05-09 14:27 – Updated: 2024-08-04 20:23
    VLAI
    Summary
    GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements.
    Severity
    No CVSS data available.
    CWE
    • CWE-427 - UNCONTROLLED SEARCH PATH CWE-427
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a GE Communicator Affected: All versions prior to 4.0.517
    Date Public
    2019-05-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:23:21.493Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GE Communicator",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 4.0.517"
                }
              ]
            }
          ],
          "datePublic": "2019-05-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "UNCONTROLLED SEARCH PATH CWE-427",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-05-09T14:27:35.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2019-6546",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GE Communicator",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 4.0.517"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "UNCONTROLLED SEARCH PATH CWE-427"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2019-6546",
        "datePublished": "2019-05-09T14:27:35.000Z",
        "dateReserved": "2019-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:23:21.493Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6564 (GCVE-0-2019-6564)

    Vulnerability from cvelistv5 – Published: 2019-05-09 14:27 – Updated: 2024-08-04 20:23
    VLAI
    Summary
    GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious files within the installer file directory, which may allow an attacker to gain administrative privileges on a system during installation or upgrade.
    Severity
    No CVSS data available.
    CWE
    • CWE-427 - UNCONTROLLED SEARCH PATH CWE-427
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a GE Communicator Affected: All versions prior to 4.0.517
    Date Public
    2019-05-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:23:22.042Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GE Communicator",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 4.0.517"
                }
              ]
            }
          ],
          "datePublic": "2019-05-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious files within the installer file directory, which may allow an attacker to gain administrative privileges on a system during installation or upgrade."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "UNCONTROLLED SEARCH PATH CWE-427",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-05-09T14:27:08.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2019-6564",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GE Communicator",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 4.0.517"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious files within the installer file directory, which may allow an attacker to gain administrative privileges on a system during installation or upgrade."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "UNCONTROLLED SEARCH PATH CWE-427"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2019-6564",
        "datePublished": "2019-05-09T14:27:08.000Z",
        "dateReserved": "2019-01-22T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:23:22.042Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-7908 (GCVE-0-2017-7908)

    Vulnerability from cvelistv5 – Published: 2018-10-02 21:00 – Updated: 2024-09-17 03:12
    VLAI
    Summary
    A heap-based buffer overflow exists in the third-party product Gigasoft, v5 and prior, included in GE Communicator 3.15 and prior. A malicious HTML file that loads the ActiveX controls can trigger the vulnerability via unchecked function calls.
    Severity
    No CVSS data available.
    CWE
    • CWE-122 - HEAP-BASED BUFFER OVERFLOW CWE-122
    Assigner
    References
    Impacted products
    Vendor Product Version
    GE GE Communicator Affected: Communicator 3.15 and prior.
    Create a notification for this product.
    Date Public
    2018-10-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:19:29.259Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-275-02"
              },
              {
                "name": "99580",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99580"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GE Communicator",
              "vendor": "GE",
              "versions": [
                {
                  "status": "affected",
                  "version": "Communicator 3.15 and prior."
                }
              ]
            }
          ],
          "datePublic": "2018-10-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A heap-based buffer overflow exists in the third-party product Gigasoft, v5 and prior, included in GE Communicator 3.15 and prior. A malicious HTML file that loads the ActiveX controls can trigger the vulnerability via unchecked function calls."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "HEAP-BASED BUFFER OVERFLOW CWE-122",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-03T09:57:02.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-275-02"
            },
            {
              "name": "99580",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99580"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-10-02T00:00:00",
              "ID": "CVE-2017-7908",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "GE Communicator",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Communicator 3.15 and prior."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A heap-based buffer overflow exists in the third-party product Gigasoft, v5 and prior, included in GE Communicator 3.15 and prior. A malicious HTML file that loads the ActiveX controls can trigger the vulnerability via unchecked function calls."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "HEAP-BASED BUFFER OVERFLOW CWE-122"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-275-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-275-02"
                },
                {
                  "name": "99580",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99580"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2017-7908",
        "datePublished": "2018-10-02T21:00:00.000Z",
        "dateReserved": "2017-04-18T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:12:49.643Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }