CVE-2015-6456

Опубликовано: 18 сент. 2015

Источник: nvd

CVSS2: 9

EPSS Низкий

Описание

GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 have hardcoded credentials for a support account, which allows remote attackers to obtain administrative access, and consequently execute arbitrary code, by leveraging knowledge of the password.

Комментарий

CWE-798: Use of Hard-coded Credentials

Ссылки

http://www.gedigitalenergy.com/app/resources.aspx?prod=pulsenet&type=9
Vendor Advisory
http://zerodayinitiative.com/advisories/ZDI-15-440/
https://ics-cert.us-cert.gov/advisories/ICSA-15-258-03
Third Party Advisory
US Government Resource
http://www.gedigitalenergy.com/app/resources.aspx?prod=pulsenet&type=9
Vendor Advisory
http://zerodayinitiative.com/advisories/ZDI-15-440/
https://ics-cert.us-cert.gov/advisories/ICSA-15-258-03
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ge:mds_pulsenet:*:*:*:*:*:*:*:*

Версия до 3.1.3 (включая)

cpe:2.3:a:ge:mds_pulsenet:*:*:*:*:enterprise:*:*:*

Версия до 3.1.3 (включая)

EPSS

Процентиль: 81%

0.01506

Низкий

9 Critical

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-992j-h966-88v9

github

больше 3 лет назад