CVE-2016-0862

Опубликовано: 05 фев. 2016

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Средний

Описание

General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors.

Ссылки

http://apps.geindustrial.com/publibrary/checkout/Application%20and%20Technical%7CGEIS_SNMP%7CPDF&filename=GEIS_SNMP.pdf
Vendor Advisory
http://packetstormsecurity.com/files/135586/GE-Industrial-Solutions-UPS-SNMP-Adapter-Command-Injection.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2016/Feb/21
Mailing List
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-16-033-02
Third Party Advisory
US Government Resource
https://www.exploit-db.com/exploits/39408/
Third Party Advisory
VDB Entry
http://apps.geindustrial.com/publibrary/checkout/Application%20and%20Technical%7CGEIS_SNMP%7CPDF&filename=GEIS_SNMP.pdf
Vendor Advisory
http://packetstormsecurity.com/files/135586/GE-Industrial-Solutions-UPS-SNMP-Adapter-Command-Injection.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2016/Feb/21
Mailing List
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-16-033-02
Third Party Advisory
US Government Resource
https://www.exploit-db.com/exploits/39408/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:ge:snmp\/web_adapter_firmware:*:*:*:*:*:*:*:*

Версия до 4.7 (включая)

Одно из

cpe:2.3:h:ge:snmp\/web_adapter_1024746:-:*:*:*:*:*:*:*

cpe:2.3:h:ge:snmp\/web_adapter_1024747:-:*:*:*:*:*:*:*

cpe:2.3:h:ge:snmp\/web_adapter_1024748:-:*:*:*:*:*:*:*

cpe:2.3:h:ge:snmp\/web_adapter_1024921:-:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.19227

Средний

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-2p48-mg67-hr6x