exploitDog

CVE-2022-43976

Опубликовано: 17 янв. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. Direct access to the API is possible on TCP port 8888 via programs located in the cgi-bin folder without any authentication.

Ссылки

https://wid.cert-bund.de/.well-known/csaf/white/2022/bsi-2022-0005.json
Third Party Advisory
https://wid.cert-bund.de/.well-known/csaf/white/2022/bsi-2022-0005.json
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:ge:ms_3000_firmware:*:*:*:*:*:*:*:*

Версия до 3.7.6.25p0_3.2.2.17p0_4.7p0 (исключая)

cpe:2.3:h:ge:ms_3000:-:*:*:*:*:*:*:*

EPSS

Процентиль: 56%

0.00331

Низкий

9.8 Critical

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-306

Связанные уязвимости

GHSA-q47f-r7rj-rfg2

CVSS3: 9.8

github

около 3 лет назад

An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. Direct access to the API is possible on TCP port 8888 via programs located in the cgi-bin folder without any authentication.

EPSS

Процентиль: 56%

0.00331

Низкий

9.8 Critical

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-306