General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors.
References
Link | Resource |
---|---|
http://apps.geindustrial.com/publibrary/checkout/Application%20and%20Technical%7CGEIS_SNMP%7CPDF&filename=GEIS_SNMP.pdf | Vendor Advisory |
https://ics-cert.us-cert.gov/advisories/ICSA-16-033-02 | Third Party Advisory US Government Resource |
http://seclists.org/fulldisclosure/2016/Feb/21 | Mailing List Third Party Advisory |
http://packetstormsecurity.com/files/135586/GE-Industrial-Solutions-UPS-SNMP-Adapter-Command-Injection.html | Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/39408/ | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2016-02-05 03:59
Updated : 2018-10-17 11:47
NVD link : CVE-2016-0862
Mitre link : CVE-2016-0862
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
ge
- snmp\/web_adapter_1024748
- snmp\/web_adapter_1024921
- snmp\/web_adapter_1024746
- snmp\/web_adapter_firmware
- snmp\/web_adapter_1024747