variot - var-201708-0289

VAR-201708-0289

Vulnerability from variot - Updated: 2023-12-18 13:29

Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier. A remote attacker can exploit the vulnerability to inject arbitrary web scripts or HTML

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201708-0289",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "multilink ml2400",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ge",
        "version": "4.2.1"
      },
      {
        "model": "multilink ml1200",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ge",
        "version": "4.2.1"
      },
      {
        "model": "multilink ml1600",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ge",
        "version": "4.2.1"
      },
      {
        "model": "multilink ml800",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ge",
        "version": "4.2.1"
      },
      {
        "model": "multilink ml810",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ge",
        "version": "5.2.0"
      },
      {
        "model": "multilink ml3100",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ge",
        "version": "5.2.0"
      },
      {
        "model": "multilink ml3000",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "ge",
        "version": "5.2.0"
      },
      {
        "model": "multilink ml1200",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "general electric",
        "version": "4.2.1"
      },
      {
        "model": "multilink ml1600",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "general electric",
        "version": "4.2.1"
      },
      {
        "model": "multilink ml2400",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "general electric",
        "version": "4.2.1"
      },
      {
        "model": "multilink ml3000",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "general electric",
        "version": "5.2.0"
      },
      {
        "model": "multilink ml3100",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "general electric",
        "version": "5.2.0"
      },
      {
        "model": "multilink ml800",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "general electric",
        "version": "4.2.1"
      },
      {
        "model": "multilink ml810",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "general electric",
        "version": "5.2.0"
      },
      {
        "model": "multilink ml800",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "general electric",
        "version": "\u003c=4.2.1"
      },
      {
        "model": "multilink ml1200",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "general electric",
        "version": "\u003c=4.2.1"
      },
      {
        "model": "multilink ml1600",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "general electric",
        "version": "\u003c=4.2.1"
      },
      {
        "model": "multilink ml2400",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "general electric",
        "version": "\u003c=4.2.1"
      },
      {
        "model": "multilink ml810",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "general electric",
        "version": "\u003c=5.2.0"
      },
      {
        "model": "multilink ml3000",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "general electric",
        "version": "\u003c=5.2.0"
      },
      {
        "model": "multilink ml3100",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "general electric",
        "version": "\u003c=5.2.0"
      },
      {
        "model": "multilink ml3000",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ge",
        "version": "5.2.0"
      },
      {
        "model": "multilink ml3100",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "ge",
        "version": "5.2.0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07693"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007815"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3976"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-286"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:multilink_ml810_firmware:5.2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:multilink_ml810:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:multilink_ml3000_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "5.2.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:multilink_ml3000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:multilink_ml3100_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "5.2.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:multilink_ml3100:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:multilink_ml800_firmware:4.2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:multilink_ml800:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:multilink_ml1200_firmware:4.2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:multilink_ml1200:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:multilink_ml1600_firmware:4.2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:multilink_ml1600:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:ge:multilink_ml2400_firmware:4.2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ge:multilink_ml2400:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3976"
      }
    ]
  },
  "cve": "CVE-2015-3976",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 3.5,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-3976",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "CNVD-2015-07693",
            "impactScore": 6.9,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.8,
            "id": "VHN-81937",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.3,
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.4,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2015-3976",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "Low",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-3976",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-07693",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201511-286",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-81937",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07693"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81937"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007815"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3976"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-286"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier. A remote attacker can exploit the vulnerability to inject arbitrary web scripts or HTML",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-3976"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007815"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-07693"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81937"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "ICS CERT",
        "id": "ICSA-15-013-04A",
        "trust": 3.1
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3976",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007815",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-286",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-07693",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-81937",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07693"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81937"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007815"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3976"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-286"
      }
    ]
  },
  "id": "VAR-201708-0289",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07693"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81937"
      }
    ],
    "trust": 1.31538464
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS",
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07693"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:29:14.780000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "GET-20024",
        "trust": 0.8,
        "url": "http://www.gegridsolutions.com/products/support/multilink/mlsb0415.pdf"
      },
      {
        "title": "Patches for multiple GE switch cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/67000"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07693"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007815"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-81937"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007815"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3976"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.1,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-15-013-04a"
      },
      {
        "trust": 1.2,
        "url": "http://www.gegridsolutions.com/products/support/multilink/mlsb0415.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3976"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-3976"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07693"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81937"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007815"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3976"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-286"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-07693"
      },
      {
        "db": "VULHUB",
        "id": "VHN-81937"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007815"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-3976"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-286"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-11-20T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-07693"
      },
      {
        "date": "2017-08-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81937"
      },
      {
        "date": "2017-09-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007815"
      },
      {
        "date": "2017-08-28T15:29:01.453000",
        "db": "NVD",
        "id": "CVE-2015-3976"
      },
      {
        "date": "2015-01-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201511-286"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-11-20T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-07693"
      },
      {
        "date": "2017-09-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-81937"
      },
      {
        "date": "2017-09-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007815"
      },
      {
        "date": "2017-09-06T15:01:03.897000",
        "db": "NVD",
        "id": "CVE-2015-3976"
      },
      {
        "date": "2017-08-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201511-286"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-286"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  GE Multilink ML Cross-site scripting vulnerability in switches",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007815"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201511-286"
      }
    ],
    "trust": 0.6
  }
}

CVE-2015-3976 (GCVE-0-2015-3976)

Vulnerability from cvelistv5 – Published: 2017-08-28 15:00 – Updated: 2025-11-04 23:33

Title

GE Multilink Cross-site Scripting

Summary

Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier.

Severity ?

No CVSS data available.

CWE

CWE-79

Assigner

icscert

References

URL

Tags

	https://www.cisa.gov/news-events/ics-advisories/i…
	http://www.gedigitalenergy.com/products/support/m…	x_refsource_CONFIRM
	https://github.com/cisagov/CSAF/blob/develop/csaf…

Impacted products

Vendor

Product

Version

Multilink ML800/1200/1600/2400

Affected: 0 , ≤ 4.2.1 (custom)

ML810/3000/3100 series switch

Affected: 0 , ≤ 5.2.0 (custom)

Credits

Eireann Leverett of IOActive

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:04:02.453Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-013-04A"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Multilink ML800/1200/1600/2400",
          "vendor": "GE",
          "versions": [
            {
              "lessThanOrEqual": "4.2.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "ML810/3000/3100 series switch",
          "vendor": "GE",
          "versions": [
            {
              "lessThanOrEqual": "5.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Eireann Leverett of IOActive"
        }
      ],
      "datePublic": "2015-01-13T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\n\nCross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier.\n\n\u003c/p\u003e"
            }
          ],
          "value": "Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier."
        }
      ],
      "metrics": [
        {
          "cvssV2_0": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:N",
            "version": "2.0"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-04T23:33:49.742Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-013-04a"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.gedigitalenergy.com/products/support/multilink/MLSB1214.pdf"
        },
        {
          "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-013-04a.json"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eGE recommends users update switch firmware to the \nlatest published version to resolve these vulnerabilities. The new \nfirmware will enable new keys to be calculated and exchanged, resolve \nthe slow data transfer and potential denial of service, and prevent the identified \ncross-site scripting vulnerabilities. The latest firmware is Version \n5.3.2 for the ML800, ML1200, ML1600 and ML2400 and Version 5.3.2-3K for \nthe ML810, ML3000, and ML3100. This firmware is available through the \n\u201cResources/Software\u201d link in the product web sites at \n\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.gedigitalenergy.com\"\u003ehttp://www.gedigitalenergy.com\u003c/a\u003e. This firmware is also available through \nthe EnerVista Launchpad device management tool.\u003c/p\u003e\n\u003cp\u003eGE recommends updating the switch over a serial connection to prevent an attacker from capturing the new key.\u003c/p\u003e\n\u003cp\u003ePlease refer to the GE advisory for specific information on how to \ninstall the firmware and change RSA key. The GE advisory is available \nat:\u003c/p\u003e\n\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.gedigitalenergy.com/products/support/multilink/MLSB0415.pdf\"\u003ehttps://www.gedigitalenergy.com/products/support/multilink/MLSB0415.pdf\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "GE recommends users update switch firmware to the \nlatest published version to resolve these vulnerabilities. The new \nfirmware will enable new keys to be calculated and exchanged, resolve \nthe slow data transfer and potential denial of service, and prevent the identified \ncross-site scripting vulnerabilities. The latest firmware is Version \n5.3.2 for the ML800, ML1200, ML1600 and ML2400 and Version 5.3.2-3K for \nthe ML810, ML3000, and ML3100. This firmware is available through the \n\u201cResources/Software\u201d link in the product web sites at \n http://www.gedigitalenergy.com . This firmware is also available through \nthe EnerVista Launchpad device management tool.\n\n\nGE recommends updating the switch over a serial connection to prevent an attacker from capturing the new key.\n\n\nPlease refer to the GE advisory for specific information on how to \ninstall the firmware and change RSA key. The GE advisory is available \nat:\n\n\n https://www.gedigitalenergy.com/products/support/multilink/MLSB0415.pdf"
        }
      ],
      "source": {
        "advisory": "ICSA-15-013-04",
        "discovery": "EXTERNAL"
      },
      "title": "GE Multilink Cross-site Scripting",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2014-5418",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier allow remote attackers to cause a denial of service (resource consumption or reboot) via crafted packets."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-013-04",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-013-04"
            },
            {
              "name": "http://www.gedigitalenergy.com/products/support/multilink/MLSB1214.pdf",
              "refsource": "CONFIRM",
              "url": "http://www.gedigitalenergy.com/products/support/multilink/MLSB1214.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2015-3976",
    "datePublished": "2017-08-28T15:00:00",
    "dateReserved": "2015-05-12T00:00:00",
    "dateUpdated": "2025-11-04T23:33:49.742Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

VAR-201708-0289

CVE-2015-3976 (GCVE-0-2015-3976)

Tags

Sightings

Nomenclature