VAR-201509-0298
Vulnerability from variot - Updated: 2023-12-18 12:20GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 have hardcoded credentials for a support account, which allows remote attackers to obtain administrative access, and consequently execute arbitrary code, by leveraging knowledge of the password. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. http://cwe.mitre.org/data/definitions/798.htmlBy using password information, a third party can gain administrative access and, as a result, execute arbitrary code. Authentication is required to exploit this vulnerability but it can bypassed using static credentials. The specific flaw exists within the PulseNET web service. It contains a hidden support account, with static credentials, that gives full access. An attacker could leverage this vulnerability to execute arbitrary code under the context of SYSTEM. GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise are products of General Electric (GE). GE Digital Energy MDS PulseNET is a software application for monitoring industrial communications network equipment. MDS PulseNET Enterprise is one of the enterprise editions. Multiple GE MDS PulseNET products are prone to a directory-traversal vulnerability and a security-bypass vulnerability Attackers can exploit these issue to bypass the authentication mechanism and gain access or to read and delete arbitrary files in the context of the application. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201509-0298",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mds pulsenet",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "3.1.3"
},
{
"model": "mds pulsenet",
"scope": "lt",
"trust": 0.8,
"vendor": "general electric",
"version": "3.1.5"
},
{
"model": "mds pulsenet",
"scope": "lt",
"trust": 0.8,
"vendor": "general electric",
"version": "enterprise 3.1.5"
},
{
"model": "mds pulsenet",
"scope": null,
"trust": 0.7,
"vendor": "ge",
"version": null
},
{
"model": "mds pulsenet",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
},
{
"model": "mds pulsenet",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "3.1.3"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-440"
},
{
"db": "CNVD",
"id": "CNVD-2015-06255"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004924"
},
{
"db": "NVD",
"id": "CVE-2015-6456"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-378"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ge:mds_pulsenet:*:*:*:*:enterprise:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.1.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:mds_pulsenet:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.1.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6456"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrea Micalizzi (rgod)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-440"
}
],
"trust": 0.7
},
"cve": "CVE-2015-6456",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-6456",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 1.5,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2015-06255",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-6456",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2015-6456",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-06255",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-378",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-440"
},
{
"db": "CNVD",
"id": "CNVD-2015-06255"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004924"
},
{
"db": "NVD",
"id": "CVE-2015-6456"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-378"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 have hardcoded credentials for a support account, which allows remote attackers to obtain administrative access, and consequently execute arbitrary code, by leveraging knowledge of the password. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. http://cwe.mitre.org/data/definitions/798.htmlBy using password information, a third party can gain administrative access and, as a result, execute arbitrary code. Authentication is required to exploit this vulnerability but it can bypassed using static credentials. The specific flaw exists within the PulseNET web service. It contains a hidden support account, with static credentials, that gives full access. An attacker could leverage this vulnerability to execute arbitrary code under the context of SYSTEM. GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise are products of General Electric (GE). GE Digital Energy MDS PulseNET is a software application for monitoring industrial communications network equipment. MDS PulseNET Enterprise is one of the enterprise editions. Multiple GE MDS PulseNET products are prone to a directory-traversal vulnerability and a security-bypass vulnerability\nAttackers can exploit these issue to bypass the authentication mechanism and gain access or to read and delete arbitrary files in the context of the application. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6456"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004924"
},
{
"db": "ZDI",
"id": "ZDI-15-440"
},
{
"db": "CNVD",
"id": "CNVD-2015-06255"
},
{
"db": "BID",
"id": "76756"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6456",
"trust": 4.0
},
{
"db": "ICS CERT",
"id": "ICSA-15-258-03",
"trust": 3.0
},
{
"db": "ZDI",
"id": "ZDI-15-440",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004924",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2922",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-06255",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201509-378",
"trust": 0.6
},
{
"db": "BID",
"id": "76756",
"trust": 0.3
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-440"
},
{
"db": "CNVD",
"id": "CNVD-2015-06255"
},
{
"db": "BID",
"id": "76756"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004924"
},
{
"db": "NVD",
"id": "CVE-2015-6456"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-378"
}
]
},
"id": "VAR-201509-0298",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06255"
}
],
"trust": 1.1714286
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06255"
}
]
},
"last_update_date": "2023-12-18T12:20:46.658000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MDS PulseNet Support Documents",
"trust": 0.8,
"url": "http://www.gedigitalenergy.com/app/resources.aspx?prod=pulsenet\u0026type=9"
},
{
"title": "GE has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-258-03"
},
{
"title": "Patch for GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise Remote Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/64556"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-440"
},
{
"db": "CNVD",
"id": "CNVD-2015-06255"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004924"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004924"
},
{
"db": "NVD",
"id": "CVE-2015-6456"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-258-03"
},
{
"trust": 2.2,
"url": "http://zerodayinitiative.com/advisories/zdi-15-440/"
},
{
"trust": 1.6,
"url": "http://www.gedigitalenergy.com/app/resources.aspx?prod=pulsenet\u0026type=9"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6456"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6456"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-440"
},
{
"db": "CNVD",
"id": "CNVD-2015-06255"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004924"
},
{
"db": "NVD",
"id": "CVE-2015-6456"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-378"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-15-440"
},
{
"db": "CNVD",
"id": "CNVD-2015-06255"
},
{
"db": "BID",
"id": "76756"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004924"
},
{
"db": "NVD",
"id": "CVE-2015-6456"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-378"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-16T00:00:00",
"db": "ZDI",
"id": "ZDI-15-440"
},
{
"date": "2015-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06255"
},
{
"date": "2015-09-15T00:00:00",
"db": "BID",
"id": "76756"
},
{
"date": "2015-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004924"
},
{
"date": "2015-09-18T22:59:05.483000",
"db": "NVD",
"id": "CVE-2015-6456"
},
{
"date": "2015-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-378"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-16T00:00:00",
"db": "ZDI",
"id": "ZDI-15-440"
},
{
"date": "2015-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06255"
},
{
"date": "2015-11-03T19:14:00",
"db": "BID",
"id": "76756"
},
{
"date": "2015-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004924"
},
{
"date": "2015-09-23T18:43:47.060000",
"db": "NVD",
"id": "CVE-2015-6456"
},
{
"date": "2015-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-378"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-378"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise Vulnerabilities that gain management access",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004924"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "76756"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…