Search
Find a vulnerability
Search criteria
107 vulnerabilities by General Electric
VAR-201501-0439
Vulnerability from variot - Updated: 2025-11-19 23:16GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key across different customers' installations, which makes it easier for remote attackers to obtain the cleartext content of network traffic by reading this key from a firmware image and then sniffing the network. The General Electric Company is the world's largest manufacturer of electrical equipment, electrical and electronic equipment. Multiple General Electric (GE) products have security vulnerabilities that allow an attacker to exploit this vulnerability to obtain sensitive information, perform unauthorized operations, or initiate a denial of service attack. This may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0439",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "multilink ml2400",
"scope": "eq",
"trust": 1.2,
"vendor": "ge",
"version": null
},
{
"model": "multilink ml800",
"scope": "eq",
"trust": 1.2,
"vendor": "ge",
"version": null
},
{
"model": "multilink ml1600",
"scope": "eq",
"trust": 1.2,
"vendor": "ge",
"version": null
},
{
"model": "multilink ml1200",
"scope": "eq",
"trust": 1.2,
"vendor": "ge",
"version": null
},
{
"model": "multilink ml810",
"scope": "eq",
"trust": 1.2,
"vendor": "ge",
"version": null
},
{
"model": "multilink ml3100",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": "*"
},
{
"model": "multilink ml810",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "5.2.0"
},
{
"model": "multilink ml3100",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "5.2.0"
},
{
"model": "multilink ml2400",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml1600",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml1200",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml3000",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": "*"
},
{
"model": "multilink ml3000",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "5.2.0"
},
{
"model": "multilink ml800",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml1200",
"scope": "eq",
"trust": 0.8,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml3100",
"scope": "eq",
"trust": 0.8,
"vendor": "ge",
"version": "5.2.0"
},
{
"model": "multilink ml2400",
"scope": "eq",
"trust": 0.8,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml3000",
"scope": "eq",
"trust": 0.8,
"vendor": "ge",
"version": "5.2.0"
},
{
"model": "multilink ml810",
"scope": "eq",
"trust": 0.8,
"vendor": "ge",
"version": "5.2.0"
},
{
"model": "multilink ml800",
"scope": "eq",
"trust": 0.8,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml1600",
"scope": "eq",
"trust": 0.8,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml1200",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink ml1200",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "4.2.1"
},
{
"model": "multilink ml1600",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink ml1600",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "4.2.1"
},
{
"model": "multilink ml2400",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink ml2400",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "4.2.1"
},
{
"model": "multilink ml3000",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink ml3000",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "5.2.0"
},
{
"model": "multilink ml3100",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink ml3100",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "5.2.0"
},
{
"model": "multilink ml800",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink ml800",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "4.2.1"
},
{
"model": "multilink ml810",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink ml810",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "5.2.0"
},
{
"model": "electric ge multilink ml800",
"scope": null,
"trust": 0.6,
"vendor": "general",
"version": null
},
{
"model": "electric ge multilink ml1200",
"scope": null,
"trust": 0.6,
"vendor": "general",
"version": null
},
{
"model": "electric ge multilink ml1600",
"scope": null,
"trust": 0.6,
"vendor": "general",
"version": null
},
{
"model": "electric ge multilink ml2400 switches with",
"scope": "eq",
"trust": 0.6,
"vendor": "general",
"version": "4.2.1"
},
{
"model": "electric ge multilink ml810",
"scope": null,
"trust": 0.6,
"vendor": "general",
"version": null
},
{
"model": "electric ge multilink ml3000",
"scope": null,
"trust": 0.6,
"vendor": "general",
"version": null
},
{
"model": "electric ge multilink ml3100 switches with",
"scope": "eq",
"trust": 0.6,
"vendor": "general",
"version": "5.2.0"
},
{
"model": "electric multilink ml810",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "5.1"
},
{
"model": "electric multilink ml800",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "4.2"
},
{
"model": "electric multilink ml3100",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "5.1"
},
{
"model": "electric multilink ml3000",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "5.1"
},
{
"model": "electric multilink ml2400",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "4.2"
},
{
"model": "electric multilink ml1600",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "4.2"
},
{
"model": "electric multilink ml1200",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "4.2"
},
{
"model": "electric multilink ml810",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "5.2"
},
{
"model": "electric multilink ml800",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "4.2.1"
},
{
"model": "electric multilink ml3100",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "5.2"
},
{
"model": "electric multilink ml3000",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "5.2"
},
{
"model": "electric multilink ml2400",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "4.2.1"
},
{
"model": "electric multilink ml1600",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "4.2.1"
},
{
"model": "electric multilink ml1200",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "4.2.1"
},
{
"model": "multilink ml3000",
"scope": null,
"trust": 0.2,
"vendor": "ge",
"version": null
},
{
"model": "multilink ml3100",
"scope": null,
"trust": 0.2,
"vendor": "ge",
"version": null
},
{
"model": "multilink ml800/ml1200//ml1600/ml2400",
"scope": "lte",
"trust": 0.2,
"vendor": "ge",
"version": "\u003c=4.2.1"
},
{
"model": "multilink ml810/ml3000//ml3100",
"scope": "lte",
"trust": 0.2,
"vendor": "ge",
"version": "\u003c=5.2.0"
}
],
"sources": [
{
"db": "IVD",
"id": "a90487d2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00451"
},
{
"db": "BID",
"id": "72069"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-348"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007735"
},
{
"db": "NVD",
"id": "CVE-2014-5419"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:ge:multilink_ml1200",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml1200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:multilink_ml1600",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml1600_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:multilink_ml2400",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml2400_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:multilink_ml3000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml3000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:multilink_ml3100",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml3100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:multilink_ml800",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml800_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:multilink_ml810",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml810_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007735"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Eireann Leverett of IOActive",
"sources": [
{
"db": "BID",
"id": "72069"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-348"
}
],
"trust": 0.9
},
"cve": "CVE-2014-5419",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-5419",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-5419",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-00451",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "a90487d2-2351-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-73360",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2014-5419",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-5419",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-5419",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-00451",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201501-348",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "a90487d2-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-73360",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a90487d2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00451"
},
{
"db": "VULHUB",
"id": "VHN-73360"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-348"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007735"
},
{
"db": "NVD",
"id": "CVE-2014-5419"
},
{
"db": "NVD",
"id": "CVE-2014-5419"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key across different customers\u0027 installations, which makes it easier for remote attackers to obtain the cleartext content of network traffic by reading this key from a firmware image and then sniffing the network. The General Electric Company is the world\u0027s largest manufacturer of electrical equipment, electrical and electronic equipment. Multiple General Electric (GE) products have security vulnerabilities that allow an attacker to exploit this vulnerability to obtain sensitive information, perform unauthorized operations, or initiate a denial of service attack. This may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5419"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007735"
},
{
"db": "CNVD",
"id": "CNVD-2015-00451"
},
{
"db": "BID",
"id": "72069"
},
{
"db": "IVD",
"id": "a90487d2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-73360"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-5419",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-013-04",
"trust": 3.4
},
{
"db": "BID",
"id": "72069",
"trust": 1.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-013-04A",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201501-348",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-00451",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007735",
"trust": 0.8
},
{
"db": "IVD",
"id": "A90487D2-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-73360",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a90487d2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00451"
},
{
"db": "VULHUB",
"id": "VHN-73360"
},
{
"db": "BID",
"id": "72069"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-348"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007735"
},
{
"db": "NVD",
"id": "CVE-2014-5419"
}
]
},
"id": "VAR-201501-0439",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a90487d2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00451"
},
{
"db": "VULHUB",
"id": "VHN-73360"
}
],
"trust": 1.5322115600000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "a90487d2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00451"
}
]
},
"last_update_date": "2025-11-19T23:16:34.117000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RSA Private Key \u0026 DoS Vulnerabilty",
"trust": 0.8,
"url": "http://www.gedigitalenergy.com/products/support/multilink/MLSB1214.pdf"
},
{
"title": "Patches with built-in key security bypass vulnerabilities for multiple General Electric (GE) products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/54111"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00451"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007735"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
},
{
"problemtype": "CWE-321",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73360"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007735"
},
{
"db": "NVD",
"id": "CVE-2014-5419"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-013-04"
},
{
"trust": 1.7,
"url": "http://www.gedigitalenergy.com/products/support/multilink/mlsb1214.pdf"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/72069"
},
{
"trust": 1.0,
"url": "https://github.com/cisagov/csaf/blob/develop/csaf_files/ot/white/2015/icsa-15-013-04a.json"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-013-04a"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5419"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5419"
},
{
"trust": 0.3,
"url": "http://www.ge.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00451"
},
{
"db": "VULHUB",
"id": "VHN-73360"
},
{
"db": "BID",
"id": "72069"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-348"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007735"
},
{
"db": "NVD",
"id": "CVE-2014-5419"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a90487d2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00451"
},
{
"db": "VULHUB",
"id": "VHN-73360"
},
{
"db": "BID",
"id": "72069"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-348"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007735"
},
{
"db": "NVD",
"id": "CVE-2014-5419"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-21T00:00:00",
"db": "IVD",
"id": "a90487d2-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00451"
},
{
"date": "2015-01-17T00:00:00",
"db": "VULHUB",
"id": "VHN-73360"
},
{
"date": "2015-01-13T00:00:00",
"db": "BID",
"id": "72069"
},
{
"date": "2015-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-348"
},
{
"date": "2015-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007735"
},
{
"date": "2015-01-17T02:59:02.600000",
"db": "NVD",
"id": "CVE-2014-5419"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00451"
},
{
"date": "2015-01-21T00:00:00",
"db": "VULHUB",
"id": "VHN-73360"
},
{
"date": "2015-01-13T00:00:00",
"db": "BID",
"id": "72069"
},
{
"date": "2015-01-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-348"
},
{
"date": "2015-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007735"
},
{
"date": "2025-11-05T00:15:34.213000",
"db": "NVD",
"id": "CVE-2014-5419"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-348"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural GE MultiLink ML Series Switch Firmware Vulnerability to Retrieve Plain Text Content of Network Traffic",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007735"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-348"
}
],
"trust": 0.6
}
}
VAR-201501-0438
Vulnerability from variot - Updated: 2025-11-19 23:16GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier allow remote attackers to cause a denial of service (resource consumption or reboot) via crafted packets. The General Electric Company is the world's largest manufacturer of electrical equipment, electrical and electronic equipment. Multiple General Electric (GE) products have a denial of service vulnerability that allows an attacker to exploit a vulnerability to submit a special message to consume switch resources and restart the device. An attacker can exploit this issue to exhaust the switch resources and cause the device to reboot; causing denial-of-service condition. There are security vulnerabilities in several GE switches
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0438",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "multilink ml1600",
"scope": "eq",
"trust": 1.2,
"vendor": "ge",
"version": null
},
{
"model": "multilink ml2400",
"scope": "eq",
"trust": 1.2,
"vendor": "ge",
"version": null
},
{
"model": "multilink ml800",
"scope": "eq",
"trust": 1.2,
"vendor": "ge",
"version": null
},
{
"model": "multilink ml1200",
"scope": "eq",
"trust": 1.2,
"vendor": "ge",
"version": null
},
{
"model": "multilink ml810",
"scope": "eq",
"trust": 1.2,
"vendor": "ge",
"version": null
},
{
"model": "multilink ml810",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "5.2.0"
},
{
"model": "multilink ml3100",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": "*"
},
{
"model": "multilink ml3100",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "5.2.0"
},
{
"model": "multilink ml2400",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml1600",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml1200",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml3000",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": "*"
},
{
"model": "multilink ml3000",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "5.2.0"
},
{
"model": "multilink ml800",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml3100",
"scope": "eq",
"trust": 0.8,
"vendor": "ge",
"version": "5.2.0"
},
{
"model": "multilink ml1200",
"scope": "eq",
"trust": 0.8,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml1600",
"scope": "eq",
"trust": 0.8,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml2400",
"scope": "eq",
"trust": 0.8,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml3000",
"scope": "eq",
"trust": 0.8,
"vendor": "ge",
"version": "5.2.0"
},
{
"model": "multilink ml810",
"scope": "eq",
"trust": 0.8,
"vendor": "ge",
"version": "5.2.0"
},
{
"model": "multilink ml800",
"scope": "eq",
"trust": 0.8,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml1200",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink ml1200",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "4.2.1"
},
{
"model": "multilink ml1600",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink ml1600",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "4.2.1"
},
{
"model": "multilink ml2400",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink ml2400",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "4.2.1"
},
{
"model": "multilink ml3000",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink ml3000",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "5.2.0"
},
{
"model": "multilink ml3100",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink ml3100",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "5.2.0"
},
{
"model": "multilink ml800",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink ml800",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "4.2.1"
},
{
"model": "multilink ml810",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "multilink ml810",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "5.2.0"
},
{
"model": "electric ge multilink ml800",
"scope": null,
"trust": 0.6,
"vendor": "general",
"version": null
},
{
"model": "electric ge multilink ml1200",
"scope": null,
"trust": 0.6,
"vendor": "general",
"version": null
},
{
"model": "electric ge multilink ml1600",
"scope": null,
"trust": 0.6,
"vendor": "general",
"version": null
},
{
"model": "electric ge multilink ml2400 switches with",
"scope": "eq",
"trust": 0.6,
"vendor": "general",
"version": "4.2.1"
},
{
"model": "electric ge multilink ml810",
"scope": null,
"trust": 0.6,
"vendor": "general",
"version": null
},
{
"model": "electric ge multilink ml3000",
"scope": null,
"trust": 0.6,
"vendor": "general",
"version": null
},
{
"model": "electric ge multilink ml3100 switches with",
"scope": "eq",
"trust": 0.6,
"vendor": "general",
"version": "5.2.0"
},
{
"model": "electric multilink ml810",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "5.1"
},
{
"model": "electric multilink ml800",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "4.2"
},
{
"model": "electric multilink ml3100",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "5.1"
},
{
"model": "electric multilink ml3000",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "5.1"
},
{
"model": "electric multilink ml2400",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "4.2"
},
{
"model": "electric multilink ml1600",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "4.2"
},
{
"model": "electric multilink ml1200",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "4.2"
},
{
"model": "electric multilink ml810",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "5.2"
},
{
"model": "electric multilink ml800",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "4.2.1"
},
{
"model": "electric multilink ml3100",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "5.2"
},
{
"model": "electric multilink ml3000",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "5.2"
},
{
"model": "electric multilink ml2400",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "4.2.1"
},
{
"model": "electric multilink ml1600",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "4.2.1"
},
{
"model": "electric multilink ml1200",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "4.2.1"
},
{
"model": "multilink ml3000",
"scope": null,
"trust": 0.2,
"vendor": "ge",
"version": null
},
{
"model": "multilink ml3100",
"scope": null,
"trust": 0.2,
"vendor": "ge",
"version": null
},
{
"model": "multilink ml810/ml3000//ml3100",
"scope": "lte",
"trust": 0.2,
"vendor": "ge",
"version": "\u003c=5.2.0"
},
{
"model": "multilink ml800/ml1200/ml1600/ml2400",
"scope": "lte",
"trust": 0.2,
"vendor": "ge",
"version": "\u003c=4.2.1"
}
],
"sources": [
{
"db": "IVD",
"id": "a9025e9e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00450"
},
{
"db": "BID",
"id": "72066"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007734"
},
{
"db": "NVD",
"id": "CVE-2014-5418"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:ge:multilink_ml1200",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml1200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:multilink_ml1600",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml1600_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:multilink_ml2400",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml2400_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:multilink_ml3000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml3000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:multilink_ml3100",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml3100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:multilink_ml800",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml800_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:multilink_ml810",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml810_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007734"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Eireann Leverett of IOActive",
"sources": [
{
"db": "BID",
"id": "72066"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-349"
}
],
"trust": 0.9
},
"cve": "CVE-2014-5418",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-5418",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-5418",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-00450",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "a9025e9e-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-73359",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2014-5418",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-5418",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-5418",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-00450",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201501-349",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "a9025e9e-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-73359",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a9025e9e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00450"
},
{
"db": "VULHUB",
"id": "VHN-73359"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007734"
},
{
"db": "NVD",
"id": "CVE-2014-5418"
},
{
"db": "NVD",
"id": "CVE-2014-5418"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier allow remote attackers to cause a denial of service (resource consumption or reboot) via crafted packets. The General Electric Company is the world\u0027s largest manufacturer of electrical equipment, electrical and electronic equipment. Multiple General Electric (GE) products have a denial of service vulnerability that allows an attacker to exploit a vulnerability to submit a special message to consume switch resources and restart the device. \nAn attacker can exploit this issue to exhaust the switch resources and cause the device to reboot; causing denial-of-service condition. There are security vulnerabilities in several GE switches",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5418"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007734"
},
{
"db": "CNVD",
"id": "CNVD-2015-00450"
},
{
"db": "BID",
"id": "72066"
},
{
"db": "IVD",
"id": "a9025e9e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-73359"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-5418",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-013-04",
"trust": 3.4
},
{
"db": "BID",
"id": "72066",
"trust": 1.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-013-04A",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201501-349",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-00450",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007734",
"trust": 0.8
},
{
"db": "IVD",
"id": "A9025E9E-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-73359",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "a9025e9e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00450"
},
{
"db": "VULHUB",
"id": "VHN-73359"
},
{
"db": "BID",
"id": "72066"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007734"
},
{
"db": "NVD",
"id": "CVE-2014-5418"
}
]
},
"id": "VAR-201501-0438",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a9025e9e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00450"
},
{
"db": "VULHUB",
"id": "VHN-73359"
}
],
"trust": 1.5322115600000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "a9025e9e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00450"
}
]
},
"last_update_date": "2025-11-19T23:16:34.076000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RSA Private Key \u0026 DoS Vulnerabilty",
"trust": 0.8,
"url": "http://www.gedigitalenergy.com/products/support/multilink/MLSB1214.pdf"
},
{
"title": "Patches for denial of service vulnerabilities in multiple General Electric (GE) products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/54201"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00450"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007734"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
},
{
"problemtype": "CWE-400",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73359"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007734"
},
{
"db": "NVD",
"id": "CVE-2014-5418"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-013-04"
},
{
"trust": 1.7,
"url": "http://www.gedigitalenergy.com/products/support/multilink/mlsb1214.pdf"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5418"
},
{
"trust": 1.0,
"url": "https://github.com/cisagov/csaf/blob/develop/csaf_files/ot/white/2015/icsa-15-013-04a.json"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-013-04a"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5418"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/72066/"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/72066"
},
{
"trust": 0.3,
"url": "http://www.ge.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00450"
},
{
"db": "VULHUB",
"id": "VHN-73359"
},
{
"db": "BID",
"id": "72066"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007734"
},
{
"db": "NVD",
"id": "CVE-2014-5418"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a9025e9e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00450"
},
{
"db": "VULHUB",
"id": "VHN-73359"
},
{
"db": "BID",
"id": "72066"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-349"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007734"
},
{
"db": "NVD",
"id": "CVE-2014-5418"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-21T00:00:00",
"db": "IVD",
"id": "a9025e9e-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00450"
},
{
"date": "2015-01-17T00:00:00",
"db": "VULHUB",
"id": "VHN-73359"
},
{
"date": "2015-01-13T00:00:00",
"db": "BID",
"id": "72066"
},
{
"date": "2015-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-349"
},
{
"date": "2015-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007734"
},
{
"date": "2015-01-17T02:59:01.223000",
"db": "NVD",
"id": "CVE-2014-5418"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00450"
},
{
"date": "2015-01-21T00:00:00",
"db": "VULHUB",
"id": "VHN-73359"
},
{
"date": "2015-01-13T00:00:00",
"db": "BID",
"id": "72066"
},
{
"date": "2015-01-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-349"
},
{
"date": "2015-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007734"
},
{
"date": "2025-11-05T00:15:34.043000",
"db": "NVD",
"id": "CVE-2014-5418"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-349"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural GE MultiLink ML Service disruption in series switch firmware (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007734"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "a9025e9e-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-349"
}
],
"trust": 0.8
}
}
VAR-201503-0371
Vulnerability from variot - Updated: 2025-11-18 15:34The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values. Supplementary information : CWE Vulnerability type by CWE-330: Use of Insufficiently Random Values ( Insufficient random value used ) Has been identified. The GE Hydran M2 is a fault gas and moisture detection solution. General Electric (GE) Hydran M2 is prone to a predictable random number generator weakness
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201503-0371",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hydran m2",
"scope": null,
"trust": 1.2,
"vendor": "ge",
"version": null
},
{
"model": "hydran m2",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": "*"
},
{
"model": "hydran m2",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "electric hydran m2",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "hydran m2",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "9ca20a14-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01827"
},
{
"db": "BID",
"id": "73026"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-323"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007977"
},
{
"db": "NVD",
"id": "CVE-2014-5409"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:ge:hydran_m2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007977"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Raheem Beyah, David Formby, and San Shin Jung of Georgia Tech.",
"sources": [
{
"db": "BID",
"id": "73026"
}
],
"trust": 0.3
},
"cve": "CVE-2014-5409",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-5409",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-5409",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-01827",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "9ca20a14-2351-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2014-5409",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-5409",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-5409",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-01827",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201503-323",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "9ca20a14-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "9ca20a14-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01827"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-323"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007977"
},
{
"db": "NVD",
"id": "CVE-2014-5409"
},
{
"db": "NVD",
"id": "CVE-2014-5409"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values. Supplementary information : CWE Vulnerability type by CWE-330: Use of Insufficiently Random Values ( Insufficient random value used ) Has been identified. The GE Hydran M2 is a fault gas and moisture detection solution. General Electric (GE) Hydran M2 is prone to a predictable random number generator weakness",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5409"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007977"
},
{
"db": "CNVD",
"id": "CNVD-2015-01827"
},
{
"db": "BID",
"id": "73026"
},
{
"db": "IVD",
"id": "9ca20a14-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-5409",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-15-041-02",
"trust": 3.3
},
{
"db": "BID",
"id": "73026",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-01827",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201503-323",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007977",
"trust": 0.8
},
{
"db": "IVD",
"id": "9CA20A14-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "9ca20a14-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01827"
},
{
"db": "BID",
"id": "73026"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-323"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007977"
},
{
"db": "NVD",
"id": "CVE-2014-5409"
}
]
},
"id": "VAR-201503-0371",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "9ca20a14-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01827"
}
],
"trust": 1.425
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "9ca20a14-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01827"
}
]
},
"last_update_date": "2025-11-18T15:34:02.847000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Hydran M2",
"trust": 0.8,
"url": "https://www.gedigitalenergy.com/md/catalog/hydranm2.htm"
},
{
"title": "GE Hydran M2 can guess patches for TCP initialization sequence vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/56375"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01827"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007977"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-343",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007977"
},
{
"db": "NVD",
"id": "CVE-2014-5409"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-041-02"
},
{
"trust": 1.6,
"url": "http://libraries.ge.com/download?fileid=642886573101\u0026entity_id=31955841101\u0026sid=101"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-041-02"
},
{
"trust": 1.0,
"url": "https://github.com/cisagov/csaf/blob/develop/csaf_files/ot/white/2015/icsa-15-041-02.json"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5409"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5409"
},
{
"trust": 0.3,
"url": "http://www.ge.com/"
},
{
"trust": 0.3,
"url": "https://www.gedigitalenergy.com/md/catalog/hydranm2.htm"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01827"
},
{
"db": "BID",
"id": "73026"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-323"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007977"
},
{
"db": "NVD",
"id": "CVE-2014-5409"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "9ca20a14-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-01827"
},
{
"db": "BID",
"id": "73026"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-323"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007977"
},
{
"db": "NVD",
"id": "CVE-2014-5409"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-19T00:00:00",
"db": "IVD",
"id": "9ca20a14-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-03-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01827"
},
{
"date": "2015-03-10T00:00:00",
"db": "BID",
"id": "73026"
},
{
"date": "2015-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-323"
},
{
"date": "2015-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007977"
},
{
"date": "2015-03-14T01:59:00.067000",
"db": "NVD",
"id": "CVE-2014-5409"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01827"
},
{
"date": "2015-03-10T00:00:00",
"db": "BID",
"id": "73026"
},
{
"date": "2015-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-323"
},
{
"date": "2015-03-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007977"
},
{
"date": "2025-11-03T19:15:39.013000",
"db": "NVD",
"id": "CVE-2014-5409"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201503-323"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Digital Energy Hydran M2 for 17046 Ethernet Vulnerability in a packet being spoofed",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007977"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "73026"
}
],
"trust": 0.3
}
}
VAR-201708-0289
Vulnerability from variot - Updated: 2025-11-18 15:22Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier. A remote attacker can exploit the vulnerability to inject arbitrary web scripts or HTML
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0289",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "multilink ml1200",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml800",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml810",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "5.2.0"
},
{
"model": "multilink ml2400",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml1600",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "4.2.1"
},
{
"model": "multilink ml3100",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "5.2.0"
},
{
"model": "multilink ml3000",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "5.2.0"
},
{
"model": "multilink ml1200",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "4.2.1"
},
{
"model": "multilink ml1600",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "4.2.1"
},
{
"model": "multilink ml2400",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "4.2.1"
},
{
"model": "multilink ml3000",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "5.2.0"
},
{
"model": "multilink ml3100",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "5.2.0"
},
{
"model": "multilink ml800",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "4.2.1"
},
{
"model": "multilink ml810",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "5.2.0"
},
{
"model": "multilink ml800",
"scope": "lte",
"trust": 0.6,
"vendor": "general electric",
"version": "\u003c=4.2.1"
},
{
"model": "multilink ml1200",
"scope": "lte",
"trust": 0.6,
"vendor": "general electric",
"version": "\u003c=4.2.1"
},
{
"model": "multilink ml1600",
"scope": "lte",
"trust": 0.6,
"vendor": "general electric",
"version": "\u003c=4.2.1"
},
{
"model": "multilink ml2400",
"scope": "lte",
"trust": 0.6,
"vendor": "general electric",
"version": "\u003c=4.2.1"
},
{
"model": "multilink ml810",
"scope": "lte",
"trust": 0.6,
"vendor": "general electric",
"version": "\u003c=5.2.0"
},
{
"model": "multilink ml3000",
"scope": "lte",
"trust": 0.6,
"vendor": "general electric",
"version": "\u003c=5.2.0"
},
{
"model": "multilink ml3100",
"scope": "lte",
"trust": 0.6,
"vendor": "general electric",
"version": "\u003c=5.2.0"
},
{
"model": "multilink ml3000",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "5.2.0"
},
{
"model": "multilink ml3100",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "5.2.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07693"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-286"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007815"
},
{
"db": "NVD",
"id": "CVE-2015-3976"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:ge:multilink_ml1200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml1600_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml2400_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml3000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml3100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml800_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilink_ml810_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007815"
}
]
},
"cve": "CVE-2015-3976",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2015-3976",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2015-3976",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2015-07693",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-81937",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2015-3976",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2015-3976",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2015-3976",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-3976",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-07693",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201511-286",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-81937",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07693"
},
{
"db": "VULHUB",
"id": "VHN-81937"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-286"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007815"
},
{
"db": "NVD",
"id": "CVE-2015-3976"
},
{
"db": "NVD",
"id": "CVE-2015-3976"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier. A remote attacker can exploit the vulnerability to inject arbitrary web scripts or HTML",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3976"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007815"
},
{
"db": "CNVD",
"id": "CNVD-2015-07693"
},
{
"db": "VULHUB",
"id": "VHN-81937"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-15-013-04A",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2015-3976",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007815",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201511-286",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-07693",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-81937",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07693"
},
{
"db": "VULHUB",
"id": "VHN-81937"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-286"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007815"
},
{
"db": "NVD",
"id": "CVE-2015-3976"
}
]
},
"id": "VAR-201708-0289",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07693"
},
{
"db": "VULHUB",
"id": "VHN-81937"
}
],
"trust": 1.31538464
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07693"
}
]
},
"last_update_date": "2025-11-18T15:22:25.336000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GET-20024",
"trust": 0.8,
"url": "http://www.gegridsolutions.com/products/support/multilink/MLSB0415.pdf"
},
{
"title": "Patches for multiple GE switch cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/67000"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07693"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007815"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81937"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007815"
},
{
"db": "NVD",
"id": "CVE-2015-3976"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-013-04a"
},
{
"trust": 1.2,
"url": "http://www.gegridsolutions.com/products/support/multilink/mlsb0415.pdf"
},
{
"trust": 1.0,
"url": "http://www.gedigitalenergy.com/products/support/multilink/mlsb1214.pdf"
},
{
"trust": 1.0,
"url": "https://github.com/cisagov/csaf/blob/develop/csaf_files/ot/white/2015/icsa-15-013-04a.json"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-013-04a"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3976"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3976"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07693"
},
{
"db": "VULHUB",
"id": "VHN-81937"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-286"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007815"
},
{
"db": "NVD",
"id": "CVE-2015-3976"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-07693"
},
{
"db": "VULHUB",
"id": "VHN-81937"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-286"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007815"
},
{
"db": "NVD",
"id": "CVE-2015-3976"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07693"
},
{
"date": "2017-08-28T00:00:00",
"db": "VULHUB",
"id": "VHN-81937"
},
{
"date": "2015-01-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-286"
},
{
"date": "2017-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007815"
},
{
"date": "2017-08-28T15:29:01.453000",
"db": "NVD",
"id": "CVE-2015-3976"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07693"
},
{
"date": "2017-09-06T00:00:00",
"db": "VULHUB",
"id": "VHN-81937"
},
{
"date": "2017-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-286"
},
{
"date": "2017-09-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007815"
},
{
"date": "2025-11-05T00:15:34.387000",
"db": "NVD",
"id": "CVE-2015-3976"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-286"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural GE Multilink ML Cross-site scripting vulnerability in switches",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007815"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-286"
}
],
"trust": 0.6
}
}
VAR-201501-0149
Vulnerability from variot - Updated: 2025-10-04 23:32The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file. GE Intelligent Platforms Proficy HMI/SCADA\342\200\223iFIX is the world's leading industrial automation software solution that provides process visualization, data acquisition and data monitoring for production operations. GE Proficy HMI/SCADA-CIMPLICITY has multiple local buffer overflow vulnerabilities that allow a local attacker to exploit this vulnerability to execute arbitrary code in the context of an application. Failed exploit attempts may result in a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0149",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "8.2"
},
{
"model": "proficy hmi/scada - cimplicity",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "8.2"
},
{
"model": "proficy hmi/scada-cimplicity",
"scope": "eq",
"trust": 0.6,
"vendor": "general electric",
"version": "8.2"
},
{
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "8.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi scada cimplicity",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a8fff370-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00443"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-366"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007733"
},
{
"db": "NVD",
"id": "CVE-2014-2355"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ge:intelligent_platforms_proficy_hmi%2Fscada_cimplicity",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007733"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Said Arfi",
"sources": [
{
"db": "BID",
"id": "72096"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2355",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2014-2355",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 2.7,
"id": "CVE-2014-2355",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2015-00443",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "a8fff370-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2014-2355",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-2355",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-2355",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-00443",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201501-366",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "a8fff370-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a8fff370-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00443"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-366"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007733"
},
{
"db": "NVD",
"id": "CVE-2014-2355"
},
{
"db": "NVD",
"id": "CVE-2014-2355"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file. GE Intelligent Platforms Proficy HMI/SCADA\\342\\200\\223iFIX is the world\u0027s leading industrial automation software solution that provides process visualization, data acquisition and data monitoring for production operations. GE Proficy HMI/SCADA-CIMPLICITY has multiple local buffer overflow vulnerabilities that allow a local attacker to exploit this vulnerability to execute arbitrary code in the context of an application. Failed exploit attempts may result in a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2355"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007733"
},
{
"db": "CNVD",
"id": "CNVD-2015-00443"
},
{
"db": "BID",
"id": "72096"
},
{
"db": "IVD",
"id": "a8fff370-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2355",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-14-289-02",
"trust": 2.4
},
{
"db": "BID",
"id": "72096",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-00443",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201501-366",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007733",
"trust": 0.8
},
{
"db": "IVD",
"id": "A8FFF370-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a8fff370-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00443"
},
{
"db": "BID",
"id": "72096"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-366"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007733"
},
{
"db": "NVD",
"id": "CVE-2014-2355"
}
]
},
"id": "VAR-201501-0149",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a8fff370-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00443"
}
],
"trust": 1.5051282000000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "a8fff370-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00443"
}
]
},
"last_update_date": "2025-10-04T23:32:31.290000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Proficy HMI/SCADA CIMPLICITY",
"trust": 0.8,
"url": "http://www.ge-ip.com/jp/products/proficy-hmi-scada-cimplicity/"
},
{
"title": "GE Proficy HMI/SCADA-CIMPLICITY has multiple patches for local buffer overflow vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/54206"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00443"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007733"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007733"
},
{
"db": "NVD",
"id": "CVE-2014-2355"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-289-02"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2355"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-289-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2355"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/72096"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00443"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-366"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007733"
},
{
"db": "NVD",
"id": "CVE-2014-2355"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a8fff370-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00443"
},
{
"db": "BID",
"id": "72096"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-366"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007733"
},
{
"db": "NVD",
"id": "CVE-2014-2355"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-21T00:00:00",
"db": "IVD",
"id": "a8fff370-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00443"
},
{
"date": "2014-10-16T00:00:00",
"db": "BID",
"id": "72096"
},
{
"date": "2015-01-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-366"
},
{
"date": "2015-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007733"
},
{
"date": "2015-01-17T02:59:00.067000",
"db": "NVD",
"id": "CVE-2014-2355"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00443"
},
{
"date": "2015-01-21T00:01:00",
"db": "BID",
"id": "72096"
},
{
"date": "2015-01-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-366"
},
{
"date": "2015-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007733"
},
{
"date": "2025-10-03T17:15:45.633000",
"db": "NVD",
"id": "CVE-2014-2355"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "72096"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-366"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Proficy HMI/SCADA-CIMPLICITY Vulnerability gained in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007733"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "a8fff370-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-366"
}
],
"trust": 0.8
}
}
VAR-201401-0365
Vulnerability from variot - Updated: 2025-08-24 23:08The CIMPLICITY Web-based access component, CimWebServer, does not check the location of shell files being loaded into the system. By modifying the source location, an attacker could send shell code to the CimWebServer which would deploy the nefarious files as part of any SCADA project. This could allow the attacker to execute arbitrary code. GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and Proficy Process Systems with CIMPLICITY of CimWebServer.exe ( alias WebView component ) Contains a directory traversal vulnerability. Zero Day Initiative Is vulnerable to this vulnerability ZDI-CAN-1623 Was numbered.By a third party TCP port 10212 Arbitrary code could be executed via a crafted message to. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CimWebServer component. This component performs insufficient parameter validation on the szScreen field. GE Proficy CIMPLICITY is a monitoring software developed by GE and one of the industry's leading HMI/SCADA software. The following products are affected: Proficy HMI/SCADA - CIMPLICITY 4.01 through versions 8.2 Proficy Process Systems with CIMPLICITY
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "7.5"
},
{
"_id": null,
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "8.0"
},
{
"_id": null,
"model": "intelligent platforms proficy process systems with cimplicity",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": null
},
{
"_id": null,
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "4.01"
},
{
"_id": null,
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "8.2"
},
{
"_id": null,
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "8.1"
},
{
"_id": null,
"model": "intelligent platforms proficy hmi\\%2fscada cimplicity",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "8.2"
},
{
"_id": null,
"model": "proficy hmi/scada - cimplicity",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": "4.01 to 8.2"
},
{
"_id": null,
"model": "proficy process systems with cimplicity",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"_id": null,
"model": "proficy cimplicity",
"scope": null,
"trust": 0.7,
"vendor": "ge",
"version": null
},
{
"_id": null,
"model": "electric proficy process systems with cimplicity",
"scope": null,
"trust": 0.6,
"vendor": "general",
"version": null
},
{
"_id": null,
"model": "electric proficy hmi/scada \\342\\200\\223 cimplicity",
"scope": "eq",
"trust": 0.6,
"vendor": "general",
"version": "4.01-8.2"
},
{
"_id": null,
"model": "intelligent platforms proficy hmi\\%2fscada cimplicity",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "8.2"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi 2fscada cimplicity",
"version": "*"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi scada cimplicity",
"version": "4.01"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi scada cimplicity",
"version": "7.5"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi scada cimplicity",
"version": "8.0"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi scada cimplicity",
"version": "8.1"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi scada cimplicity",
"version": "8.2"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy process with cimplicity",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "4369d8b8-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-016"
},
{
"db": "CNVD",
"id": "CNVD-2014-00675"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001258"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-524"
},
{
"db": "NVD",
"id": "CVE-2014-0751"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ge:intelligent_platforms_proficy_hmi%2Fscada_cimplicity",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ge:intelligent_platforms_proficy_process_systems_with_cimplicity",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001258"
}
]
},
"credits": {
"_id": null,
"data": "ZombiE and amisto0x07",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-016"
}
],
"trust": 0.7
},
"cve": "CVE-2014-0751",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0751",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-0751",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.7,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-00675",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "4369d8b8-2352-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2014-0751",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0751",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-0751",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2014-0751",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-00675",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-524",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "4369d8b8-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "4369d8b8-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-016"
},
{
"db": "CNVD",
"id": "CNVD-2014-00675"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001258"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-524"
},
{
"db": "NVD",
"id": "CVE-2014-0751"
},
{
"db": "NVD",
"id": "CVE-2014-0751"
}
]
},
"description": {
"_id": null,
"data": "The CIMPLICITY Web-based access component, CimWebServer, does not check \nthe location of shell files being loaded into the system. By modifying \nthe source location, an attacker could send shell code to the \nCimWebServer which would deploy the nefarious files as part of any SCADA\n project. This could allow the attacker to execute arbitrary code. GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and Proficy Process Systems with CIMPLICITY of CimWebServer.exe ( alias WebView component ) Contains a directory traversal vulnerability. Zero Day Initiative Is vulnerable to this vulnerability ZDI-CAN-1623 Was numbered.By a third party TCP port 10212 Arbitrary code could be executed via a crafted message to. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CimWebServer component. This component performs insufficient parameter validation on the szScreen field. GE Proficy CIMPLICITY is a monitoring software developed by GE and one of the industry\u0027s leading HMI/SCADA software. \nThe following products are affected:\nProficy HMI/SCADA - CIMPLICITY 4.01 through versions 8.2\nProficy Process Systems with CIMPLICITY",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0751"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001258"
},
{
"db": "ZDI",
"id": "ZDI-14-016"
},
{
"db": "CNVD",
"id": "CNVD-2014-00675"
},
{
"db": "BID",
"id": "65117"
},
{
"db": "IVD",
"id": "4369d8b8-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 3.24
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2014-0751",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-14-023-01",
"trust": 3.0
},
{
"db": "BID",
"id": "65117",
"trust": 1.9
},
{
"db": "BID",
"id": "65124",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2014-00675",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-524",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001258",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1623",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-016",
"trust": 0.7
},
{
"db": "IVD",
"id": "4369D8B8-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "4369d8b8-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-016"
},
{
"db": "CNVD",
"id": "CNVD-2014-00675"
},
{
"db": "BID",
"id": "65117"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001258"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-524"
},
{
"db": "NVD",
"id": "CVE-2014-0751"
}
]
},
"id": "VAR-201401-0365",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "4369d8b8-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00675"
}
],
"trust": 1.5099878000000002
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "4369d8b8-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00675"
}
]
},
"last_update_date": "2025-08-24T23:08:30.083000Z",
"patch": {
"_id": null,
"data": [
{
"title": "KB15940",
"trust": 0.8,
"url": "http://support.ge-ip.com/support/index?page=kbchannel\u0026id=KB15940"
},
{
"title": "GE has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01"
},
{
"title": "Multiple General Electric product shell upload vulnerability patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/43199"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-016"
},
{
"db": "CNVD",
"id": "CNVD-2014-00675"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001258"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001258"
},
{
"db": "NVD",
"id": "CVE-2014-0751"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.7,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-023-01"
},
{
"trust": 1.6,
"url": "http://support.ge-ip.com/support/index?page=kbchannel\u0026id=kb15940"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/65124"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-023-01"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/65117"
},
{
"trust": 1.0,
"url": "http://support.ge-ip.com/support/index?page=kbchannel\u0026id=kb15939"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0751"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0751"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-016"
},
{
"db": "CNVD",
"id": "CNVD-2014-00675"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001258"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-524"
},
{
"db": "NVD",
"id": "CVE-2014-0751"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "4369d8b8-2352-11e6-abef-000c29c66e3d",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-14-016",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2014-00675",
"ident": null
},
{
"db": "BID",
"id": "65117",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001258",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201401-524",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2014-0751",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2014-01-28T00:00:00",
"db": "IVD",
"id": "4369d8b8-2352-11e6-abef-000c29c66e3d",
"ident": null
},
{
"date": "2014-02-13T00:00:00",
"db": "ZDI",
"id": "ZDI-14-016",
"ident": null
},
{
"date": "2014-01-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00675",
"ident": null
},
{
"date": "2014-01-23T00:00:00",
"db": "BID",
"id": "65117",
"ident": null
},
{
"date": "2014-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001258",
"ident": null
},
{
"date": "2014-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-524",
"ident": null
},
{
"date": "2014-01-25T22:55:04.583000",
"db": "NVD",
"id": "CVE-2014-0751",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2014-02-13T00:00:00",
"db": "ZDI",
"id": "ZDI-14-016",
"ident": null
},
{
"date": "2014-01-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00675",
"ident": null
},
{
"date": "2014-02-17T03:56:00",
"db": "BID",
"id": "65117",
"ident": null
},
{
"date": "2014-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001258",
"ident": null
},
{
"date": "2014-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-524",
"ident": null
},
{
"date": "2025-08-22T23:15:30.233000",
"db": "NVD",
"id": "CVE-2014-0751",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-524"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and Proficy Process Systems with CIMPLICITY Vulnerable to directory traversal",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001258"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "4369d8b8-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-524"
}
],
"trust": 0.8
}
}
VAR-201401-0364
Vulnerability from variot - Updated: 2025-08-23 23:23Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP request, aka ZDI-CAN-1622. Zero Day Initiative Is vulnerable to this vulnerability ZDI-CAN-1622 Was numbered.Skillfully crafted by a third party HTTP Arbitrary code may be executed via a request. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gefebt.exe component. This component performs insufficient parameter validation on an HTTP request. Successful exploitation will allow an attacker to upload and execute an arbitrary file on the target server. GE Proficy CIMPLICITY is a monitoring software developed by GE and one of the industry's leading HMI/SCADA software. GE Proficy CIMPLICITY CimWebServer The gefebt.exe component fails to properly check the location of shell files loaded into the system. By modifying the source location, an attacker can send shell code to CimWebServer and deploy it in a server-side script to execute arbitrary code. The following products are affected: Proficy HMI/SCADA - CIMPLICITY 4.01 through versions 8.2 Proficy Process Systems with CIMPLICITY
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "7.5"
},
{
"_id": null,
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "8.0"
},
{
"_id": null,
"model": "intelligent platforms proficy process systems with cimplicity",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": null
},
{
"_id": null,
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "4.01"
},
{
"_id": null,
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "8.2"
},
{
"_id": null,
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "8.1"
},
{
"_id": null,
"model": "intelligent platforms proficy hmi\\%2fscada cimplicity",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "8.2"
},
{
"_id": null,
"model": "proficy hmi/scada - cimplicity",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": "4.01 to 8.2"
},
{
"_id": null,
"model": "proficy process systems with cimplicity",
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"_id": null,
"model": "proficy cimplicity",
"scope": null,
"trust": 0.7,
"vendor": "ge",
"version": null
},
{
"_id": null,
"model": "electric proficy process systems with cimplicity",
"scope": null,
"trust": 0.6,
"vendor": "general",
"version": null
},
{
"_id": null,
"model": "electric proficy hmi/scada \\342\\200\\223 cimplicity",
"scope": "eq",
"trust": 0.6,
"vendor": "general",
"version": "4.01-8.2"
},
{
"_id": null,
"model": "intelligent platforms proficy hmi\\%2fscada cimplicity",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "8.2"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi 2fscada cimplicity",
"version": "*"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi scada cimplicity",
"version": "4.01"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi scada cimplicity",
"version": "7.5"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi scada cimplicity",
"version": "8.0"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi scada cimplicity",
"version": "8.1"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi scada cimplicity",
"version": "8.2"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy process with cimplicity",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "4371f0a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-015"
},
{
"db": "CNVD",
"id": "CNVD-2014-00669"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001257"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-523"
},
{
"db": "NVD",
"id": "CVE-2014-0750"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ge:intelligent_platforms_proficy_hmi%2Fscada_cimplicity",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ge:intelligent_platforms_proficy_process_systems_with_cimplicity",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001257"
}
]
},
"credits": {
"_id": null,
"data": "ZombiE and amisto0x07",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-015"
}
],
"trust": 0.7
},
"cve": "CVE-2014-0750",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0750",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 3.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-00669",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "4371f0a2-2352-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2014-0750",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0750",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-0750",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2014-0750",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-00669",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-523",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "4371f0a2-2352-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "4371f0a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-015"
},
{
"db": "CNVD",
"id": "CNVD-2014-00669"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001257"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-523"
},
{
"db": "NVD",
"id": "CVE-2014-0750"
},
{
"db": "NVD",
"id": "CVE-2014-0750"
}
]
},
"description": {
"_id": null,
"data": "Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP request, aka ZDI-CAN-1622. Zero Day Initiative Is vulnerable to this vulnerability ZDI-CAN-1622 Was numbered.Skillfully crafted by a third party HTTP Arbitrary code may be executed via a request. Authentication is not required to exploit this vulnerability. The specific flaw exists within the gefebt.exe component. This component performs insufficient parameter validation on an HTTP request. Successful exploitation will allow an attacker to upload and execute an arbitrary file on the target server. GE Proficy CIMPLICITY is a monitoring software developed by GE and one of the industry\u0027s leading HMI/SCADA software. GE Proficy CIMPLICITY CimWebServer The gefebt.exe component fails to properly check the location of shell files loaded into the system. By modifying the source location, an attacker can send shell code to CimWebServer and deploy it in a server-side script to execute arbitrary code. \nThe following products are affected:\nProficy HMI/SCADA - CIMPLICITY 4.01 through versions 8.2\nProficy Process Systems with CIMPLICITY",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0750"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001257"
},
{
"db": "ZDI",
"id": "ZDI-14-015"
},
{
"db": "CNVD",
"id": "CNVD-2014-00669"
},
{
"db": "BID",
"id": "65124"
},
{
"db": "IVD",
"id": "4371f0a2-2352-11e6-abef-000c29c66e3d"
}
],
"trust": 3.24
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2014-0750",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-14-023-01",
"trust": 3.0
},
{
"db": "BID",
"id": "65124",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2014-00669",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-523",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001257",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-1622",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-015",
"trust": 0.7
},
{
"db": "IVD",
"id": "4371F0A2-2352-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "4371f0a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-015"
},
{
"db": "CNVD",
"id": "CNVD-2014-00669"
},
{
"db": "BID",
"id": "65124"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001257"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-523"
},
{
"db": "NVD",
"id": "CVE-2014-0750"
}
]
},
"id": "VAR-201401-0364",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "4371f0a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00669"
}
],
"trust": 1.5099878000000002
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "4371f0a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-00669"
}
]
},
"last_update_date": "2025-08-23T23:23:32.051000Z",
"patch": {
"_id": null,
"data": [
{
"title": "KB15939",
"trust": 0.8,
"url": "http://support.ge-ip.com/support/index?page=kbchannel\u0026id=KB15939"
},
{
"title": "GE has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-023-01"
},
{
"title": "Patches for multiple Generel Electric products \u0027gefebt.exe\u0027 shell upload vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/43195"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-015"
},
{
"db": "CNVD",
"id": "CNVD-2014-00669"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001257"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001257"
},
{
"db": "NVD",
"id": "CVE-2014-0750"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.7,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-14-023-01"
},
{
"trust": 1.6,
"url": "http://support.ge-ip.com/support/index?page=kbchannel\u0026id=kb15939"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/65124"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-023-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0750"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0750"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-015"
},
{
"db": "CNVD",
"id": "CNVD-2014-00669"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001257"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-523"
},
{
"db": "NVD",
"id": "CVE-2014-0750"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "4371f0a2-2352-11e6-abef-000c29c66e3d",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-14-015",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2014-00669",
"ident": null
},
{
"db": "BID",
"id": "65124",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001257",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201401-523",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2014-0750",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2014-01-28T00:00:00",
"db": "IVD",
"id": "4371f0a2-2352-11e6-abef-000c29c66e3d",
"ident": null
},
{
"date": "2014-02-13T00:00:00",
"db": "ZDI",
"id": "ZDI-14-015",
"ident": null
},
{
"date": "2014-01-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00669",
"ident": null
},
{
"date": "2014-01-23T00:00:00",
"db": "BID",
"id": "65124",
"ident": null
},
{
"date": "2014-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001257",
"ident": null
},
{
"date": "2014-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-523",
"ident": null
},
{
"date": "2014-01-25T22:55:04.550000",
"db": "NVD",
"id": "CVE-2014-0750",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2014-02-13T00:00:00",
"db": "ZDI",
"id": "ZDI-14-015",
"ident": null
},
{
"date": "2014-01-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00669",
"ident": null
},
{
"date": "2015-07-15T00:14:00",
"db": "BID",
"id": "65124",
"ident": null
},
{
"date": "2014-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001257",
"ident": null
},
{
"date": "2014-02-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-523",
"ident": null
},
{
"date": "2025-08-22T23:15:29.763000",
"db": "NVD",
"id": "CVE-2014-0750",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-523"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY and Proficy Process Systems with CIMPLICITY Vulnerable to directory traversal",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001257"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "4371f0a2-2352-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-523"
}
],
"trust": 0.8
}
}
VAR-201706-0659
Vulnerability from variot - Updated: 2025-04-20 23:42A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands. plural General Electric (GE) The product contains cryptographic vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The GE Multilin SR Relay Protector has an unauthorized access vulnerability that allows an attacker to gain access to a user password from a front panel or Modbus command and gain unauthorized access to GE MultilinSR Series Relay Protector products. GE 750 Feeder Protection Relay and others are relay products of General Electric (GE) of the United States. Security vulnerabilities exist in several GE products due to weak passwords used by programs. An attacker could exploit this vulnerability to gain access to the system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0659",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "multilin urplus b95",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": null
},
{
"model": "multilin sr 369 motor protection relay",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": null
},
{
"model": "multilin urplus d90",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": null
},
{
"model": "multilin urplus c90",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": null
},
{
"model": "multilin sr 760 feeder protection relay",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "5.02"
},
{
"model": "multilin sr 745 transformer protection relay",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "2.85"
},
{
"model": "multilin sr 750 feeder protection relay",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "5.02"
},
{
"model": "multilin sr 489 generator protection relay",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "1.53"
},
{
"model": "multilin universal relay",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "6.0"
},
{
"model": "multilin sr 469 motor protection relay",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "2.90"
},
{
"model": "sr 369 motor protection relay",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "sr 469 motor protection relay",
"scope": "lt",
"trust": 0.8,
"vendor": "general electric",
"version": "5.23"
},
{
"model": "sr 489 generator protection relay",
"scope": "lt",
"trust": 0.8,
"vendor": "general electric",
"version": "4.06"
},
{
"model": "sr 745 transformer protection relay",
"scope": "lt",
"trust": 0.8,
"vendor": "general electric",
"version": "5.23"
},
{
"model": "sr 750 feeder protection relay",
"scope": "lt",
"trust": 0.8,
"vendor": "general electric",
"version": "7.47"
},
{
"model": "sr 760 feeder protection relay",
"scope": "lt",
"trust": 0.8,
"vendor": "general electric",
"version": "7.47"
},
{
"model": "universal relay",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "6.0"
},
{
"model": "urplus b95",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "urplus c90",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "urplus d90",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "feeder protection relay",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "750\u003c7.47"
},
{
"model": "feeder protection relay",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "760\u003c7.47"
},
{
"model": "motor protection relay",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "469\u003c5.23"
},
{
"model": "generator protection relay",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "489\u003c4.06"
},
{
"model": "transformer protection relay",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "745\u003c5.23"
},
{
"model": "feeder protection relay",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "750"
},
{
"model": "feeder protection relay",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "760"
},
{
"model": "transformer protection relay",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "745"
},
{
"model": "generator protection relay",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "489"
},
{
"model": "motor protection relay",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "469"
},
{
"model": "motor protection relay",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "369"
},
{
"model": "multilin sr 489 generator protection relay",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "1.53"
},
{
"model": "multilin sr 750 feeder protection relay",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "5.02"
},
{
"model": "multilin sr 745 transformer protection relay",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "2.85"
},
{
"model": "multilin sr 469 motor protection relay",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "2.90"
},
{
"model": "multilin universal relay",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "6.0"
},
{
"model": "multilin sr 760 feeder protection relay",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "5.02"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "multilin sr 750 feeder protection relay",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "multilin urplus b95",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "multilin sr 760 feeder protection relay",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "multilin sr 469 motor protection relay",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "multilin sr 489 generator protection relay",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "multilin sr 745 transformer protection relay",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "multilin sr 369 motor protection relay",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "multilin universal relay",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "multilin urplus d90",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "multilin urplus c90",
"version": null
},
{
"model": "feeder protection relay",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "7600"
},
{
"model": "feeder protection relay",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "7500"
},
{
"model": "transformer protection relay",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "7450"
},
{
"model": "generator protection relay",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "4890"
},
{
"model": "motor protection relay",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "4690"
},
{
"model": "motor protection relay",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "3690"
},
{
"model": "feeder protection relay",
"scope": "ne",
"trust": 0.3,
"vendor": "ge",
"version": "7607.47"
},
{
"model": "feeder protection relay",
"scope": "ne",
"trust": 0.3,
"vendor": "ge",
"version": "7507.47"
},
{
"model": "transformer protection relay",
"scope": "ne",
"trust": 0.3,
"vendor": "ge",
"version": "7455.23"
},
{
"model": "generator protection relay",
"scope": "ne",
"trust": 0.3,
"vendor": "ge",
"version": "4894.06"
},
{
"model": "motor protection relay",
"scope": "ne",
"trust": 0.3,
"vendor": "ge",
"version": "4695.23"
}
],
"sources": [
{
"db": "IVD",
"id": "5dd457b7-da91-43e9-bbcf-14025ad4cf1c"
},
{
"db": "IVD",
"id": "d9b1473e-6988-4096-86db-42efea36309a"
},
{
"db": "CNVD",
"id": "CNVD-2017-05694"
},
{
"db": "CNVD",
"id": "CNVD-2017-07261"
},
{
"db": "BID",
"id": "98063"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005682"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-173"
},
{
"db": "NVD",
"id": "CVE-2017-7905"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:ge:multilin_sr_369_motor_protection_relay_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilin_sr_469_motor_protection_relay_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilin_sr_489_generator_protection_relay_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilin_sr_745_transformer_protection_relay_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilin_sr_750_feeder_protection_relay_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilin_sr_760_feeder_protection_relay_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilin_universal_relay_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilin_urplus_b95_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilin_urplus_c90_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:multilin_urplus_d90_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005682"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Charalambos Konstantinou,Anastasis Keliris, Marios Sazos, and Dr. Michail (Mihalis) Maniatakos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-173"
}
],
"trust": 0.6
},
"cve": "CVE-2017-7905",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-7905",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2017-05694",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2017-07261",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "5dd457b7-da91-43e9-bbcf-14025ad4cf1c",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "d9b1473e-6988-4096-86db-42efea36309a",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-116108",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-7905",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-7905",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-7905",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-05694",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-07261",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-173",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "5dd457b7-da91-43e9-bbcf-14025ad4cf1c",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "d9b1473e-6988-4096-86db-42efea36309a",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-116108",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5dd457b7-da91-43e9-bbcf-14025ad4cf1c"
},
{
"db": "IVD",
"id": "d9b1473e-6988-4096-86db-42efea36309a"
},
{
"db": "CNVD",
"id": "CNVD-2017-05694"
},
{
"db": "CNVD",
"id": "CNVD-2017-07261"
},
{
"db": "VULHUB",
"id": "VHN-116108"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005682"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-173"
},
{
"db": "NVD",
"id": "CVE-2017-7905"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands. plural General Electric (GE) The product contains cryptographic vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The GE Multilin SR Relay Protector has an unauthorized access vulnerability that allows an attacker to gain access to a user password from a front panel or Modbus command and gain unauthorized access to GE MultilinSR Series Relay Protector products. GE 750 Feeder Protection Relay and others are relay products of General Electric (GE) of the United States. Security vulnerabilities exist in several GE products due to weak passwords used by programs. An attacker could exploit this vulnerability to gain access to the system",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-7905"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005682"
},
{
"db": "CNVD",
"id": "CNVD-2017-05694"
},
{
"db": "CNVD",
"id": "CNVD-2017-07261"
},
{
"db": "BID",
"id": "98063"
},
{
"db": "IVD",
"id": "5dd457b7-da91-43e9-bbcf-14025ad4cf1c"
},
{
"db": "IVD",
"id": "d9b1473e-6988-4096-86db-42efea36309a"
},
{
"db": "VULHUB",
"id": "VHN-116108"
}
],
"trust": 3.42
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-7905",
"trust": 4.4
},
{
"db": "BID",
"id": "98063",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-117-01A",
"trust": 2.3
},
{
"db": "CNNVD",
"id": "CNNVD-201705-173",
"trust": 1.1
},
{
"db": "ICS CERT",
"id": "ICSA-17-117-01",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-05694",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-07261",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-117-01B",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005682",
"trust": 0.8
},
{
"db": "IVD",
"id": "5DD457B7-DA91-43E9-BBCF-14025AD4CF1C",
"trust": 0.2
},
{
"db": "IVD",
"id": "D9B1473E-6988-4096-86DB-42EFEA36309A",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-116108",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "5dd457b7-da91-43e9-bbcf-14025ad4cf1c"
},
{
"db": "IVD",
"id": "d9b1473e-6988-4096-86db-42efea36309a"
},
{
"db": "CNVD",
"id": "CNVD-2017-05694"
},
{
"db": "CNVD",
"id": "CNVD-2017-07261"
},
{
"db": "VULHUB",
"id": "VHN-116108"
},
{
"db": "BID",
"id": "98063"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005682"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-173"
},
{
"db": "NVD",
"id": "CVE-2017-7905"
}
]
},
"id": "VAR-201706-0659",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5dd457b7-da91-43e9-bbcf-14025ad4cf1c"
},
{
"db": "IVD",
"id": "d9b1473e-6988-4096-86db-42efea36309a"
},
{
"db": "CNVD",
"id": "CNVD-2017-05694"
},
{
"db": "CNVD",
"id": "CNVD-2017-07261"
},
{
"db": "VULHUB",
"id": "VHN-116108"
}
],
"trust": 2.5333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.6
}
],
"sources": [
{
"db": "IVD",
"id": "5dd457b7-da91-43e9-bbcf-14025ad4cf1c"
},
{
"db": "IVD",
"id": "d9b1473e-6988-4096-86db-42efea36309a"
},
{
"db": "CNVD",
"id": "CNVD-2017-05694"
},
{
"db": "CNVD",
"id": "CNVD-2017-07261"
}
]
},
"last_update_date": "2025-04-20T23:42:12.599000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.gegridsolutions.com/index.htm"
},
{
"title": "GE Multilin SR Relay Protector Unauthorized Access Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/92971"
},
{
"title": "Patches for multiple GE product weak password vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/94150"
},
{
"title": "Multiple GE Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69825"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05694"
},
{
"db": "CNVD",
"id": "CNVD-2017-07261"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005682"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-173"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.1
},
{
"problemtype": "CWE-330",
"trust": 1.1
},
{
"problemtype": "CWE-522",
"trust": 1.1
},
{
"problemtype": "CWE-261",
"trust": 1.0
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116108"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005682"
},
{
"db": "NVD",
"id": "CVE-2017-7905"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/98063"
},
{
"trust": 2.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-117-01a"
},
{
"trust": 0.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-117-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7905"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-117-01b"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7905"
},
{
"trust": 0.3,
"url": "https://www.gegridsolutions.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05694"
},
{
"db": "CNVD",
"id": "CNVD-2017-07261"
},
{
"db": "VULHUB",
"id": "VHN-116108"
},
{
"db": "BID",
"id": "98063"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005682"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-173"
},
{
"db": "NVD",
"id": "CVE-2017-7905"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5dd457b7-da91-43e9-bbcf-14025ad4cf1c"
},
{
"db": "IVD",
"id": "d9b1473e-6988-4096-86db-42efea36309a"
},
{
"db": "CNVD",
"id": "CNVD-2017-05694"
},
{
"db": "CNVD",
"id": "CNVD-2017-07261"
},
{
"db": "VULHUB",
"id": "VHN-116108"
},
{
"db": "BID",
"id": "98063"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005682"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-173"
},
{
"db": "NVD",
"id": "CVE-2017-7905"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-01T00:00:00",
"db": "IVD",
"id": "5dd457b7-da91-43e9-bbcf-14025ad4cf1c"
},
{
"date": "2017-05-23T00:00:00",
"db": "IVD",
"id": "d9b1473e-6988-4096-86db-42efea36309a"
},
{
"date": "2017-05-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05694"
},
{
"date": "2017-05-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07261"
},
{
"date": "2017-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-116108"
},
{
"date": "2017-04-27T00:00:00",
"db": "BID",
"id": "98063"
},
{
"date": "2017-08-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005682"
},
{
"date": "2017-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-173"
},
{
"date": "2017-06-30T03:29:00.890000",
"db": "NVD",
"id": "CVE-2017-7905"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05694"
},
{
"date": "2017-05-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07261"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-116108"
},
{
"date": "2017-05-02T00:11:00",
"db": "BID",
"id": "98063"
},
{
"date": "2017-08-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005682"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-173"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-7905"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-173"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Multilin SR Relay Protector Unauthorized Access Vulnerability",
"sources": [
{
"db": "IVD",
"id": "5dd457b7-da91-43e9-bbcf-14025ad4cf1c"
},
{
"db": "CNVD",
"id": "CNVD-2017-05694"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-173"
}
],
"trust": 0.6
}
}
VAR-201702-0859
Vulnerability from variot - Updated: 2025-04-20 23:33An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session. GE Proficy HMI/SCADA-CIMPLICITY is a client/server based HMI/SCADA solution from General Electric (GE). The solution captures and shares real-time and historical data across all levels of the enterprise, enabling visualization of processes, equipment, and resource monitoring operations. Proficy Historian is a factory system that collects, archives and distributes a large amount of real-time data at high speed, which significantly improves operational visibility and profit and loss settlement lines. Local vulnerabilities can exploit this vulnerability to obtain sensitive information. Multiple GE products are prone to a local information-disclosure vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0859",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ifix",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "5.8"
},
{
"model": "historian",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "6.0"
},
{
"model": "cimplicity",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "9.0"
},
{
"model": "cimplicity",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "9.0"
},
{
"model": "historian",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "6.0"
},
{
"model": "ifix",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "5.8 sim 13"
},
{
"model": "electric proficy historian",
"scope": "lte",
"trust": 0.6,
"vendor": "general",
"version": "\u003c=6.0"
},
{
"model": "electric proficy hmi/scada cimplicity",
"scope": "lte",
"trust": 0.6,
"vendor": "general",
"version": "\u003c=9.0"
},
{
"model": "electric proficy hmi/scada ifix sim",
"scope": "lte",
"trust": 0.6,
"vendor": "general",
"version": "\u003c=5.813"
},
{
"model": "historian",
"scope": "eq",
"trust": 0.6,
"vendor": "general electric",
"version": "6.0"
},
{
"model": "ifix",
"scope": "eq",
"trust": 0.6,
"vendor": "general electric",
"version": "5.8"
},
{
"model": "cimplicity",
"scope": "eq",
"trust": 0.6,
"vendor": "general electric",
"version": "9.0"
},
{
"model": "proficy hmi/scada ifix sim",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "5.813"
},
{
"model": "proficy hmi/scada ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "5.5"
},
{
"model": "proficy hmi/scada ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "5.1"
},
{
"model": "proficy hmi/scada ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "5.0"
},
{
"model": "proficy hmi/scada ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "4.0"
},
{
"model": "proficy hmi/scada cimplicity",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "9.0"
},
{
"model": "proficy hmi/scada cimplicity",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "8.0"
},
{
"model": "proficy hmi/scada cimplicity",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "7.0"
},
{
"model": "proficy historian",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "6.0"
},
{
"model": "proficy historian",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "5.5"
},
{
"model": "proficy historian",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "4.5"
},
{
"model": "proficy historian",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "4.0"
},
{
"model": "proficy historian",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "3.5"
},
{
"model": "proficy hmi/scada ifix sim",
"scope": "ne",
"trust": 0.3,
"vendor": "ge",
"version": "5.814"
},
{
"model": "proficy hmi/scada cimplicity",
"scope": "ne",
"trust": 0.3,
"vendor": "ge",
"version": "9.5"
},
{
"model": "proficy historian",
"scope": "ne",
"trust": 0.3,
"vendor": "ge",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cimplicity",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "historian",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ifix",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "8e677a52-d1d3-4559-96bd-040386314b48"
},
{
"db": "CNVD",
"id": "CNVD-2017-00906"
},
{
"db": "BID",
"id": "95630"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007952"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-692"
},
{
"db": "NVD",
"id": "CVE-2016-9360"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ge:cimplicity",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ge:historian",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ge:ifix",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007952"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "95630"
}
],
"trust": 0.3
},
"cve": "CVE-2016-9360",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CVE-2016-9360",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "CNVD-2017-00906",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.9,
"id": "8e677a52-d1d3-4559-96bd-040386314b48",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2016-9360",
"impactScore": 5.3,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 6.7,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-9360",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-9360",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-9360",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-00906",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201701-692",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "8e677a52-d1d3-4559-96bd-040386314b48",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "8e677a52-d1d3-4559-96bd-040386314b48"
},
{
"db": "CNVD",
"id": "CNVD-2017-00906"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007952"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-692"
},
{
"db": "NVD",
"id": "CVE-2016-9360"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session. GE Proficy HMI/SCADA-CIMPLICITY is a client/server based HMI/SCADA solution from General Electric (GE). The solution captures and shares real-time and historical data across all levels of the enterprise, enabling visualization of processes, equipment, and resource monitoring operations. Proficy Historian is a factory system that collects, archives and distributes a large amount of real-time data at high speed, which significantly improves operational visibility and profit and loss settlement lines. Local vulnerabilities can exploit this vulnerability to obtain sensitive information. Multiple GE products are prone to a local information-disclosure vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9360"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007952"
},
{
"db": "CNVD",
"id": "CNVD-2017-00906"
},
{
"db": "BID",
"id": "95630"
},
{
"db": "IVD",
"id": "8e677a52-d1d3-4559-96bd-040386314b48"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-9360",
"trust": 3.5
},
{
"db": "BID",
"id": "95630",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-336-05",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1037809",
"trust": 1.6
},
{
"db": "ICS CERT",
"id": "ICSA-16-336-05A",
"trust": 1.6
},
{
"db": "CNVD",
"id": "CNVD-2017-00906",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201701-692",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007952",
"trust": 0.8
},
{
"db": "IVD",
"id": "8E677A52-D1D3-4559-96BD-040386314B48",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "8e677a52-d1d3-4559-96bd-040386314b48"
},
{
"db": "CNVD",
"id": "CNVD-2017-00906"
},
{
"db": "BID",
"id": "95630"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007952"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-692"
},
{
"db": "NVD",
"id": "CVE-2016-9360"
}
]
},
"id": "VAR-201702-0859",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "8e677a52-d1d3-4559-96bd-040386314b48"
},
{
"db": "CNVD",
"id": "CNVD-2017-00906"
}
],
"trust": 1.4471789899999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "8e677a52-d1d3-4559-96bd-040386314b48"
},
{
"db": "CNVD",
"id": "CNVD-2017-00906"
}
]
},
"last_update_date": "2025-04-20T23:33:01.126000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://digitalsupport.ge.com/communities/CC_Home"
},
{
"title": "Patches for multiple GE product local information disclosure vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/88599"
},
{
"title": "Multiple GE Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67287"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-00906"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007952"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-692"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007952"
},
{
"db": "NVD",
"id": "CVE-2016-9360"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/95630"
},
{
"trust": 1.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-336-05a"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1037809"
},
{
"trust": 1.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-336-05"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9360"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9360"
},
{
"trust": 0.3,
"url": "https://www.ge.com/"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-336-05 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-00906"
},
{
"db": "BID",
"id": "95630"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007952"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-692"
},
{
"db": "NVD",
"id": "CVE-2016-9360"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "8e677a52-d1d3-4559-96bd-040386314b48"
},
{
"db": "CNVD",
"id": "CNVD-2017-00906"
},
{
"db": "BID",
"id": "95630"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007952"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-692"
},
{
"db": "NVD",
"id": "CVE-2016-9360"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-05T00:00:00",
"db": "IVD",
"id": "8e677a52-d1d3-4559-96bd-040386314b48"
},
{
"date": "2017-02-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-00906"
},
{
"date": "2017-01-17T00:00:00",
"db": "BID",
"id": "95630"
},
{
"date": "2017-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007952"
},
{
"date": "2017-01-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-692"
},
{
"date": "2017-02-13T21:59:02.050000",
"db": "NVD",
"id": "CVE-2016-9360"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-02-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-00906"
},
{
"date": "2017-01-23T03:11:00",
"db": "BID",
"id": "95630"
},
{
"date": "2017-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007952"
},
{
"date": "2022-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-692"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-9360"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "95630"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-692"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural General Electric Proficy Vulnerability to obtain user password in product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007952"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-692"
}
],
"trust": 0.6
}
}
VAR-201709-0051
Vulnerability from variot - Updated: 2025-04-20 23:21OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, 20E, 20 and 40 and OpenScape Desk Phone IP 35G SIP V3, OpenScape Desk Phone IP 35G Eco SIP V3, OpenStage 60 and OpenScape Desk Phone IP 55G HFA V3, OpenStage 15, 20E, 20, and 40 and OpenScape Desk Phone IP 35G HFA V3, and OpenScape Desk Phone IP 35G Eco HFA V3 use non-unique X.509 certificates and SSH host keys. Many embedded devices are not unique X.509 Certificate and SSH Spoofing and intermediary because host key is used (man-in-the-middle) There is a possibility of being attacked and attacks such as decryption of communication contents. The encryption key is hard-coded (CWE-321) SEC Consult of Stefan Viehböck According to the survey, many embedded devices are not unique X.509 Certificate and SSH It is said that it is accessible from the Internet using a host key. A hard-coded key in a firmware image or a repository stored by scanning the Internet scans.io ( In particular SSH And the result of SSL Certificate ) A device that uses a certificate whose fingerprint matches the data of can be determined to be vulnerable. Affected devices include household routers and IP From the camera VoIP Wide range of products. CWE-321: Use of Hard-coded Cryptographic Key http://cwe.mitre.org/data/definitions/321.html scans.io https://scans.io/ SSH Result of https://scans.io/series/ssh-rsa-full-ipv4 SSL Certificate https://scans.io/study/sonar.ssl In many vulnerable devices, certificate and key reuse is limited to a limited product line by a specific developer, but there are several examples where multiple developers use the same certificate or key. Or exist. These are common SDK Firmware developed using, or ISP Provided by OEM The root cause is the use of device firmware. Vulnerable equipment is impersonation and intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. Perhaps the attacker can obtain authentication information and other sensitive information and use it for further attacks. Survey results and certificates SSH For more information on systems affected by host key issues, see SEC Consult See the blog post. Certificate https://www.sec-consult.com/download/certificates.html SSH Host key https://www.sec-consult.com/download/ssh_host_keys.html SEC Consult http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.htmlA remote attacker impersonates a user or intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. As a result, confidential information may be leaked. UnifyOpenStage60 and so on are all IP phones from Unify. A remote attacker could exploit the vulnerability to exploit a man-in-the-middle attack or decrypt communication between legitimate users and devices
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0051",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openscape desk phone ip 35g hfa",
"scope": "eq",
"trust": 1.6,
"vendor": "unify",
"version": "3.0"
},
{
"model": "openscape desk phone ip 55g sip",
"scope": "eq",
"trust": 1.6,
"vendor": "unify",
"version": "3.0"
},
{
"model": "openstage 60",
"scope": "eq",
"trust": 1.6,
"vendor": "unify",
"version": "3.0"
},
{
"model": "openstage 20",
"scope": "eq",
"trust": 1.6,
"vendor": "unify",
"version": "3.0"
},
{
"model": "openscape desk phone ip 35g eco sip",
"scope": "eq",
"trust": 1.6,
"vendor": "unify",
"version": "3.0"
},
{
"model": "openstage 40",
"scope": "eq",
"trust": 1.6,
"vendor": "unify",
"version": "3.0"
},
{
"model": "openscape desk phone ip 55g hfa",
"scope": "eq",
"trust": 1.6,
"vendor": "unify",
"version": "3.0"
},
{
"model": "openstage 20e",
"scope": "eq",
"trust": 1.6,
"vendor": "unify",
"version": "3.0"
},
{
"model": "openscape desk phone ip 35g sip",
"scope": "eq",
"trust": 1.6,
"vendor": "unify",
"version": "3.0"
},
{
"model": "openstage 15",
"scope": "eq",
"trust": 1.6,
"vendor": "unify",
"version": "3.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "actiontec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netcomm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "technicolor",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubiquiti",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "unify",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "c1000z",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "fr1000z",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-24",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-8",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "nwa1100-n",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "nwa1100-nh",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "nwa1121-ni",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "nwa1123-ac",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "nwa1123-ni",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "p-660hn-51",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "p-663hn-51",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "p8702n",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "pmg5318-b20a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "q1000",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "sbg3300-n000",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "sbg3300-nb00",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "sbg3500-n000",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg1312-b10a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg1312-b30a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg1312-b30b",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg4380-b10a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg8324-b10a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg8924-b10a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg8924-b30a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vsg1435-b101",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "openstage",
"scope": "eq",
"trust": 0.6,
"vendor": "unify",
"version": "60"
},
{
"model": "openscape desk phone ip 55g sip",
"scope": "eq",
"trust": 0.6,
"vendor": "unify",
"version": "v3"
},
{
"model": "openscape desk phone ip 35g sip",
"scope": "eq",
"trust": 0.6,
"vendor": "unify",
"version": "v3"
},
{
"model": "openstage",
"scope": "eq",
"trust": 0.6,
"vendor": "unify",
"version": "40"
},
{
"model": "openstage",
"scope": "eq",
"trust": 0.6,
"vendor": "unify",
"version": "20"
},
{
"model": "openstage 20e",
"scope": null,
"trust": 0.6,
"vendor": "unify",
"version": null
},
{
"model": "openstage",
"scope": "eq",
"trust": 0.6,
"vendor": "unify",
"version": "15"
},
{
"model": "openscape desk phone ip 55g hfa",
"scope": "eq",
"trust": 0.6,
"vendor": "unify",
"version": "v3"
},
{
"model": "openscape desk phone ip 35g hfa",
"scope": "eq",
"trust": 0.6,
"vendor": "unify",
"version": "v3"
},
{
"model": "openscape desk phone ip 35g eco hfa",
"scope": "eq",
"trust": 0.6,
"vendor": "unify",
"version": "v3"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#566724"
},
{
"db": "CNVD",
"id": "CNVD-2017-33799"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1157"
},
{
"db": "NVD",
"id": "CVE-2015-8251"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:zyxel:c1000z_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:fr1000z_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-24_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-8_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:nwa1100-n_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:nwa1100-nh_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:nwa1121-ni_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:nwa1123-ac_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:nwa1123-ni_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:p-660hn-51_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:p-663hn-51_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:p8702n_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:pmg5318-b20a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:q1000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:sbg3300-n000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:sbg3300-nb00_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:sbg3500-n000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:vmg1312-b10a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:vmg1312-b30a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:vmg1312-b30b_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:vmg4380-b10a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:vmg8324-b10a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:vmg8924-b10a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:vmg8924-b30a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:vsg1435-b101_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:misc:multiple_vendors",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
}
]
},
"cve": "CVE-2015-8251",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2015-8251",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-8251",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-33799",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-86212",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2015-8251",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-8251",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-8251",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-33799",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-1157",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-86212",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33799"
},
{
"db": "VULHUB",
"id": "VHN-86212"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1157"
},
{
"db": "NVD",
"id": "CVE-2015-8251"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, 20E, 20 and 40 and OpenScape Desk Phone IP 35G SIP V3, OpenScape Desk Phone IP 35G Eco SIP V3, OpenStage 60 and OpenScape Desk Phone IP 55G HFA V3, OpenStage 15, 20E, 20, and 40 and OpenScape Desk Phone IP 35G HFA V3, and OpenScape Desk Phone IP 35G Eco HFA V3 use non-unique X.509 certificates and SSH host keys. Many embedded devices are not unique X.509 Certificate and SSH Spoofing and intermediary because host key is used (man-in-the-middle) There is a possibility of being attacked and attacks such as decryption of communication contents. The encryption key is hard-coded (CWE-321) SEC Consult of Stefan Viehb\u0026#246;ck According to the survey, many embedded devices are not unique X.509 Certificate and SSH It is said that it is accessible from the Internet using a host key. A hard-coded key in a firmware image or a repository stored by scanning the Internet scans.io ( In particular SSH And the result of SSL Certificate ) A device that uses a certificate whose fingerprint matches the data of can be determined to be vulnerable. Affected devices include household routers and IP From the camera VoIP Wide range of products. CWE-321: Use of Hard-coded Cryptographic Key http://cwe.mitre.org/data/definitions/321.html scans.io https://scans.io/ SSH Result of https://scans.io/series/ssh-rsa-full-ipv4 SSL Certificate https://scans.io/study/sonar.ssl In many vulnerable devices, certificate and key reuse is limited to a limited product line by a specific developer, but there are several examples where multiple developers use the same certificate or key. Or exist. These are common SDK Firmware developed using, or ISP Provided by OEM The root cause is the use of device firmware. Vulnerable equipment is impersonation and intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. Perhaps the attacker can obtain authentication information and other sensitive information and use it for further attacks. Survey results and certificates SSH For more information on systems affected by host key issues, see SEC Consult See the blog post. Certificate https://www.sec-consult.com/download/certificates.html SSH Host key https://www.sec-consult.com/download/ssh_host_keys.html SEC Consult http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.htmlA remote attacker impersonates a user or intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. As a result, confidential information may be leaked. UnifyOpenStage60 and so on are all IP phones from Unify. A remote attacker could exploit the vulnerability to exploit a man-in-the-middle attack or decrypt communication between legitimate users and devices",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8251"
},
{
"db": "CERT/CC",
"id": "VU#566724"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"db": "CNVD",
"id": "CNVD-2017-33799"
},
{
"db": "VULHUB",
"id": "VHN-86212"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#566724",
"trust": 3.9
},
{
"db": "NVD",
"id": "CVE-2015-8251",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU96100360",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1157",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-33799",
"trust": 0.6
},
{
"db": "BID",
"id": "84118",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-86212",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#566724"
},
{
"db": "CNVD",
"id": "CNVD-2017-33799"
},
{
"db": "VULHUB",
"id": "VHN-86212"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1157"
},
{
"db": "NVD",
"id": "CVE-2015-8251"
}
]
},
"id": "VAR-201709-0051",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33799"
},
{
"db": "VULHUB",
"id": "VHN-86212"
}
],
"trust": 1.192671785
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33799"
}
]
},
"last_update_date": "2025-04-20T23:21:26.580000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Zyxel to Fix SSH Private Key and Certificate Vulnerability (CVE-2015-7256)",
"trust": 0.8,
"url": "http://www.zyxel.com/support/announcement_SSH_private_key_and_certificate_vulnerability.shtml"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86212"
},
{
"db": "NVD",
"id": "CVE-2015-8251"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.kb.cert.org/vuls/id/566724"
},
{
"trust": 1.7,
"url": "https://networks.unify.com/security/advisories/obso-1511-02-a.pdf"
},
{
"trust": 1.7,
"url": "https://networks.unify.com/security/advisories/obso-1511-02.pdf"
},
{
"trust": 1.7,
"url": "https://www.kb.cert.org/vuls/id/bluu-a2ppze"
},
{
"trust": 1.6,
"url": "http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html"
},
{
"trust": 0.8,
"url": "http://blog.sec-consult.com/2016/09/house-of-keys-9-months-later-40-worse.html"
},
{
"trust": 0.8,
"url": "https://www.sec-consult.com/download/certificates.html"
},
{
"trust": 0.8,
"url": "https://www.sec-consult.com/download/ssh_host_keys.html"
},
{
"trust": 0.8,
"url": "https://scans.io/"
},
{
"trust": 0.8,
"url": "https://scans.io/series/ssh-rsa-full-ipv4"
},
{
"trust": 0.8,
"url": "https://scans.io/study/sonar.ssl"
},
{
"trust": 0.8,
"url": "https://censys.io"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6358"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7255"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7256"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7276"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8251"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu96100360/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7256"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6358"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7255"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7276"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8251"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#566724"
},
{
"db": "CNVD",
"id": "CNVD-2017-33799"
},
{
"db": "VULHUB",
"id": "VHN-86212"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1157"
},
{
"db": "NVD",
"id": "CVE-2015-8251"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#566724"
},
{
"db": "CNVD",
"id": "CNVD-2017-33799"
},
{
"db": "VULHUB",
"id": "VHN-86212"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-1157"
},
{
"db": "NVD",
"id": "CVE-2015-8251"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-25T00:00:00",
"db": "CERT/CC",
"id": "VU#566724"
},
{
"date": "2017-11-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33799"
},
{
"date": "2017-09-25T00:00:00",
"db": "VULHUB",
"id": "VHN-86212"
},
{
"date": "2016-02-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"date": "2017-09-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-1157"
},
{
"date": "2017-09-25T21:29:00.913000",
"db": "NVD",
"id": "CVE-2015-8251"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-06T00:00:00",
"db": "CERT/CC",
"id": "VU#566724"
},
{
"date": "2017-11-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33799"
},
{
"date": "2017-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-86212"
},
{
"date": "2018-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"date": "2017-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-1157"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2015-8251"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-1157"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Embedded devices use non-unique X.509 certificates and SSH host keys",
"sources": [
{
"db": "CERT/CC",
"id": "VU#566724"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-1157"
}
],
"trust": 0.6
}
}
VAR-201710-0035
Vulnerability from variot - Updated: 2025-04-20 23:21Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913. The encryption key is hard-coded (CWE-321) SEC Consult of Stefan Viehböck According to the survey, many embedded devices are not unique X.509 Certificate and SSH It is said that it is accessible from the Internet using a host key. A hard-coded key in a firmware image or a repository stored by scanning the Internet scans.io ( In particular SSH And the result of SSL Certificate ) A device that uses a certificate whose fingerprint matches the data of can be determined to be vulnerable. Affected devices include household routers and IP From the camera VoIP Wide range of products. CWE-321: Use of Hard-coded Cryptographic Key http://cwe.mitre.org/data/definitions/321.html scans.io https://scans.io/ SSH Result of https://scans.io/series/ssh-rsa-full-ipv4 SSL Certificate https://scans.io/study/sonar.ssl In many vulnerable devices, certificate and key reuse is limited to a limited product line by a specific developer, but there are several examples where multiple developers use the same certificate or key. Or exist. These are common SDK Firmware developed using, or ISP Provided by OEM The root cause is the use of device firmware. Vulnerable equipment is impersonation and intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. Perhaps the attacker can obtain authentication information and other sensitive information and use it for further attacks. Survey results and certificates SSH For more information on systems affected by host key issues, see SEC Consult See the blog post. Certificate https://www.sec-consult.com/download/certificates.html SSH Host key https://www.sec-consult.com/download/ssh_host_keys.html SEC Consult http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.htmlA remote attacker impersonates a user or intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. As a result, confidential information may be leaked. The Cisco RV320 Dual Gigabit WAN VPN is a router product from Cisco Systems, USA. Multiple Cisco Products are prone to an information-disclosure vulnerability. Successful exploits will lead to other attacks. This issue is being tracked by Cisco Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913. The flaw stems from the fact that the program does not generate unique keys and certificates
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-0035",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "srp520-u",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.6"
},
{
"model": "rv180w",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.5.4"
},
{
"model": "srp520",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.01.29"
},
{
"model": "spa400",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.2.2"
},
{
"model": "wap4410n",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0.7.8"
},
{
"model": "rv220w",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.4.17"
},
{
"model": "pvc2300",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.2.6"
},
{
"model": "rv120w",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.5.9"
},
{
"model": "wrv210",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0.1.5"
},
{
"model": "rvs4000",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0.3.4"
},
{
"model": "wrv200",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.39"
},
{
"model": "wvc2300",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.1.2.6"
},
{
"model": "srw224p",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0.2.4"
},
{
"model": "wap2000",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0.8.0"
},
{
"model": "rv180",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.5.4"
},
{
"model": "wrp500",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.1.002"
},
{
"model": "wap4400n",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "rv325",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "rtp300",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "3.1.24"
},
{
"model": "wrvs4400n",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0.2.2"
},
{
"model": "rv320",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3.1.10"
},
{
"model": "wap200",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0.6.0"
},
{
"model": "wet200",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0.8.0"
},
{
"model": "rv315w",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.01.03"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "actiontec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netcomm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "technicolor",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubiquiti",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "unify",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "c1000z",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "fr1000z",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-24",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-8",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "nwa1100-n",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "nwa1100-nh",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "nwa1121-ni",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "nwa1123-ac",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "nwa1123-ni",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "p-660hn-51",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "p-663hn-51",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "p8702n",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "pmg5318-b20a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "q1000",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "sbg3300-n000",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "sbg3300-nb00",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "sbg3500-n000",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg1312-b10a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg1312-b30a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg1312-b30b",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg4380-b10a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg8324-b10a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg8924-b10a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg8924-b30a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vsg1435-b101",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "rv320 dual gigabit wan vpn router",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv325 dual gigabit wan vpn router",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rv325 dual wan gigabit vpn router",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "rvs4000 4-port gigabit security router vpn",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "wrv210 wireless-g vpn router rangebooster",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "wap4410n wireless-n access point poe/advanced security",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "wrv200 wireless-g vpn router rangebooster",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "wrvs4400n wireless",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "srw224p",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "2.0.2.4"
},
{
"model": "wap4400n",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "wvc2300",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.1.2.6"
},
{
"model": "rv180",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.0.5.4"
},
{
"model": "wap200",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "2.0.6.0"
},
{
"model": "wrvs4400n",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "2.0.2.2"
},
{
"model": "rv180w",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.0.5.4"
},
{
"model": "wap2000",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "2.0.8.0"
},
{
"model": "pvc2300",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.1.2.6"
},
{
"model": "wet200",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "2.0.8.0"
},
{
"model": "wvc2300 wireless-g business internet video camera audio",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "-0"
},
{
"model": "wrvs4400n wireless-n gigabit security router vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "-2.0"
},
{
"model": "wrv210 wireless-g vpn router rangebooster",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "-0"
},
{
"model": "wrv200 wireless-g vpn router rangebooster",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "-0"
},
{
"model": "wrp500 wireless-ac broadband router with phone ports",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "20"
},
{
"model": "wet200 wireless-g business ethernet bridge",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "wap4410n wireless-n access point poe/advanced security",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "-0"
},
{
"model": "wap4400n wireless-n access point poe",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "-0"
},
{
"model": "wap2000 wireless-g access point poe",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "-0"
},
{
"model": "wap200 wireless-g access point poe/rangebooster",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "-0"
},
{
"model": "srw224p 24-port 2-port gigabit switch webview/poe",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10/100+-0"
},
{
"model": "spa400 internet telephony gateway with fxo ports",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "40"
},
{
"model": "small business srp520-u models",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "small business srp520 models",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rvs4000 4-port gigabit security router vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "-0"
},
{
"model": "rv325 dual wan gigabit vpn router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rv325 dual gigabit wan vpn router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rv320 dual gigabit wan vpn router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rv315w wireless-n vpn router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rv220w wireless network security firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rv180w wireless-n multifunction vpn router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rv180 vpn router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rv120w wireless-n vpn firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rtp300 broadband router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "pvc2300 business internet video camera audio/poe",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "-0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#566724"
},
{
"db": "CNVD",
"id": "CNVD-2015-07863"
},
{
"db": "BID",
"id": "78047"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-426"
},
{
"db": "NVD",
"id": "CVE-2015-6358"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:zyxel:c1000z_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:fr1000z_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-24_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-8_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:nwa1100-n_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:nwa1100-nh_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:nwa1121-ni_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:nwa1123-ac_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:nwa1123-ni_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:p-660hn-51_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:p-663hn-51_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:p8702n_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:pmg5318-b20a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:q1000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:sbg3300-n000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:sbg3300-nb00_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:sbg3500-n000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:vmg1312-b10a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:vmg1312-b30a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:vmg1312-b30b_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:vmg4380-b10a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:vmg8324-b10a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:vmg8924-b10a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:vmg8924-b30a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:vsg1435-b101_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:misc:multiple_vendors",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stefan Viehb\u00f6ck of SEC Consult.",
"sources": [
{
"db": "BID",
"id": "78047"
}
],
"trust": 0.3
},
"cve": "CVE-2015-6358",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2015-6358",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-6358",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-07863",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-84319",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2015-6358",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6358",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-6358",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-07863",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201511-426",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-84319",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07863"
},
{
"db": "VULHUB",
"id": "VHN-84319"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-426"
},
{
"db": "NVD",
"id": "CVE-2015-6358"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913. The encryption key is hard-coded (CWE-321) SEC Consult of Stefan Viehb\u0026#246;ck According to the survey, many embedded devices are not unique X.509 Certificate and SSH It is said that it is accessible from the Internet using a host key. A hard-coded key in a firmware image or a repository stored by scanning the Internet scans.io ( In particular SSH And the result of SSL Certificate ) A device that uses a certificate whose fingerprint matches the data of can be determined to be vulnerable. Affected devices include household routers and IP From the camera VoIP Wide range of products. CWE-321: Use of Hard-coded Cryptographic Key http://cwe.mitre.org/data/definitions/321.html scans.io https://scans.io/ SSH Result of https://scans.io/series/ssh-rsa-full-ipv4 SSL Certificate https://scans.io/study/sonar.ssl In many vulnerable devices, certificate and key reuse is limited to a limited product line by a specific developer, but there are several examples where multiple developers use the same certificate or key. Or exist. These are common SDK Firmware developed using, or ISP Provided by OEM The root cause is the use of device firmware. Vulnerable equipment is impersonation and intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. Perhaps the attacker can obtain authentication information and other sensitive information and use it for further attacks. Survey results and certificates SSH For more information on systems affected by host key issues, see SEC Consult See the blog post. Certificate https://www.sec-consult.com/download/certificates.html SSH Host key https://www.sec-consult.com/download/ssh_host_keys.html SEC Consult http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.htmlA remote attacker impersonates a user or intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. As a result, confidential information may be leaked. The Cisco RV320 Dual Gigabit WAN VPN is a router product from Cisco Systems, USA. Multiple Cisco Products are prone to an information-disclosure vulnerability. Successful exploits will lead to other attacks. \nThis issue is being tracked by Cisco Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913. The flaw stems from the fact that the program does not generate unique keys and certificates",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6358"
},
{
"db": "CERT/CC",
"id": "VU#566724"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"db": "CNVD",
"id": "CNVD-2015-07863"
},
{
"db": "BID",
"id": "78047"
},
{
"db": "VULHUB",
"id": "VHN-84319"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#566724",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2015-6358",
"trust": 3.4
},
{
"db": "BID",
"id": "78047",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1034257",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1034255",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1034258",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1034256",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU96100360",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201511-426",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-07863",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-84319",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#566724"
},
{
"db": "CNVD",
"id": "CNVD-2015-07863"
},
{
"db": "VULHUB",
"id": "VHN-84319"
},
{
"db": "BID",
"id": "78047"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-426"
},
{
"db": "NVD",
"id": "CVE-2015-6358"
}
]
},
"id": "VAR-201710-0035",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07863"
},
{
"db": "VULHUB",
"id": "VHN-84319"
}
],
"trust": 1.365750996923077
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07863"
}
]
},
"last_update_date": "2025-04-20T23:21:26.541000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Zyxel to Fix SSH Private Key and Certificate Vulnerability (CVE-2015-7256)",
"trust": 0.8,
"url": "http://www.zyxel.com/support/announcement_SSH_private_key_and_certificate_vulnerability.shtml"
},
{
"title": "Patches for multiple Cisco product information disclosure vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/67387"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-07863"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84319"
},
{
"db": "NVD",
"id": "CVE-2015-6358"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/566724"
},
{
"trust": 2.6,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151125-ci"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/78047"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1034255"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1034256"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1034257"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1034258"
},
{
"trust": 1.6,
"url": "http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html"
},
{
"trust": 0.8,
"url": "http://blog.sec-consult.com/2016/09/house-of-keys-9-months-later-40-worse.html"
},
{
"trust": 0.8,
"url": "https://www.sec-consult.com/download/certificates.html"
},
{
"trust": 0.8,
"url": "https://www.sec-consult.com/download/ssh_host_keys.html"
},
{
"trust": 0.8,
"url": "https://scans.io/"
},
{
"trust": 0.8,
"url": "https://scans.io/series/ssh-rsa-full-ipv4"
},
{
"trust": 0.8,
"url": "https://scans.io/study/sonar.ssl"
},
{
"trust": 0.8,
"url": "https://censys.io"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6358"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7255"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7256"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7276"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8251"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu96100360/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7256"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6358"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7255"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7276"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8251"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/bluu-a2nqxj"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#566724"
},
{
"db": "CNVD",
"id": "CNVD-2015-07863"
},
{
"db": "VULHUB",
"id": "VHN-84319"
},
{
"db": "BID",
"id": "78047"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-426"
},
{
"db": "NVD",
"id": "CVE-2015-6358"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#566724"
},
{
"db": "CNVD",
"id": "CNVD-2015-07863"
},
{
"db": "VULHUB",
"id": "VHN-84319"
},
{
"db": "BID",
"id": "78047"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"db": "CNNVD",
"id": "CNNVD-201511-426"
},
{
"db": "NVD",
"id": "CVE-2015-6358"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-25T00:00:00",
"db": "CERT/CC",
"id": "VU#566724"
},
{
"date": "2015-12-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07863"
},
{
"date": "2017-10-12T00:00:00",
"db": "VULHUB",
"id": "VHN-84319"
},
{
"date": "2015-11-25T00:00:00",
"db": "BID",
"id": "78047"
},
{
"date": "2016-02-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"date": "2015-11-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-426"
},
{
"date": "2017-10-12T15:29:00.217000",
"db": "NVD",
"id": "CVE-2015-6358"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-06T00:00:00",
"db": "CERT/CC",
"id": "VU#566724"
},
{
"date": "2015-12-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-07863"
},
{
"date": "2017-11-03T00:00:00",
"db": "VULHUB",
"id": "VHN-84319"
},
{
"date": "2015-11-25T00:00:00",
"db": "BID",
"id": "78047"
},
{
"date": "2018-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"date": "2017-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201511-426"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2015-6358"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-426"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Embedded devices use non-unique X.509 certificates and SSH host keys",
"sources": [
{
"db": "CERT/CC",
"id": "VU#566724"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201511-426"
}
],
"trust": 0.6
}
}
VAR-201709-0027
Vulnerability from variot - Updated: 2025-04-20 23:21ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys. Many embedded devices are not unique X.509 Certificate and SSH Spoofing and intermediary because host key is used (man-in-the-middle) There is a possibility of being attacked and attacks such as decryption of communication contents. The encryption key is hard-coded (CWE-321) SEC Consult of Stefan Viehböck According to the survey, many embedded devices are not unique X.509 Certificate and SSH It is said that it is accessible from the Internet using a host key. A hard-coded key in a firmware image or a repository stored by scanning the Internet scans.io ( In particular SSH And the result of SSL Certificate ) A device that uses a certificate whose fingerprint matches the data of can be determined to be vulnerable. Affected devices include household routers and IP From the camera VoIP Wide range of products. CWE-321: Use of Hard-coded Cryptographic Key http://cwe.mitre.org/data/definitions/321.html scans.io https://scans.io/ SSH Result of https://scans.io/series/ssh-rsa-full-ipv4 SSL Certificate https://scans.io/study/sonar.ssl In many vulnerable devices, certificate and key reuse is limited to a limited product line by a specific developer, but there are several examples where multiple developers use the same certificate or key. Or exist. These are common SDK Firmware developed using, or ISP Provided by OEM The root cause is the use of device firmware. Vulnerable equipment is impersonation and intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. Perhaps the attacker can obtain authentication information and other sensitive information and use it for further attacks. Survey results and certificates SSH For more information on systems affected by host key issues, see SEC Consult See the blog post. Certificate https://www.sec-consult.com/download/certificates.html SSH Host key https://www.sec-consult.com/download/ssh_host_keys.html SEC Consult http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.htmlA remote attacker impersonates a user or intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. As a result, confidential information may be leaked. ZyXEL Access Point NWA1100-N is a wireless network receiving device from ZyXEL Technology. Multiple ZyXEL Products are prone to an information-disclosure vulnerability. Successful exploits will lead to other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0027",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-8",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-24",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "sbg3500-n000",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "p8702n",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "pmg5318-b20a",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "c1000z",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "q1000",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "sbg3300-nb00",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "fr1000z",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "sbg3300-n000",
"scope": "eq",
"trust": 1.6,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg4380-b10a",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": null
},
{
"model": "nwa1123-ac",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg1312-b30b",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": null
},
{
"model": "vsg1435-b101",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": null
},
{
"model": "nwa1123-ni",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg1312-b30a",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": null
},
{
"model": "nwa1121-ni",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg8924-b30a",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg1312-b10a",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": null
},
{
"model": "nwa1100-nh",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": null
},
{
"model": "nwa1100-n",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg8924-b10a",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": null
},
{
"model": "p-660hn-51",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": null
},
{
"model": "p-663hn-51",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg8324-b10a",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": null
},
{
"model": "access point nwa1100-n",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "access point nwa1100-nh",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "access point nwa1123-ac",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "access point nwa1121-ni",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "dsl cpe p-660hn-51",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "dsl cpe p-663hn-51",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "dsl cpe vmg1312-b10a",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "dsl cpe vmg1312-b30a",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "dsl cpe vmg1312-b30b",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "dsl cpe vmg4380-b10a",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "dsl cpe vmg8324-b10a",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "dsl cpe vmg8924-b10a",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "dsl cpe vmg8924-b30a",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "dsl cpe vsg1435-b101",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "gpon pmg1006-b20a",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "gpon pmg5318-b20a",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "small business gateway sbg3300-n000",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "small business gateway sbg3300-nb00",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "small business gateway sbg3500-n000",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "switch gs1900-8",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "switch gs1900-24",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "wimax max208m2w",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "wimax max218m2w",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "wimax max218mw",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "wimax max308m",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "project model c1000z",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "project model q1000",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "project model fr1000z",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": "project model p8702n",
"scope": null,
"trust": 0.9,
"vendor": "zyxel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "actiontec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netcomm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "technicolor",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubiquiti",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "unify",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "c1000z",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "fr1000z",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-24",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-8",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "nwa1100-n",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "nwa1100-nh",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "nwa1121-ni",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "nwa1123-ac",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "nwa1123-ni",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "p-660hn-51",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "p-663hn-51",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "p8702n",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "pmg5318-b20a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "q1000",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "sbg3300-n000",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "sbg3300-nb00",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "sbg3500-n000",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg1312-b10a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg1312-b30a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg1312-b30b",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg4380-b10a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg8324-b10a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg8924-b10a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg8924-b30a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vsg1435-b101",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#566724"
},
{
"db": "CNVD",
"id": "CNVD-2015-08082"
},
{
"db": "BID",
"id": "78214"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-204"
},
{
"db": "NVD",
"id": "CVE-2015-7256"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:zyxel:c1000z_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:fr1000z_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-24_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-8_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:nwa1100-n_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:nwa1100-nh_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:nwa1121-ni_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:nwa1123-ac_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:nwa1123-ni_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:p-660hn-51_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:p-663hn-51_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:p8702n_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:pmg5318-b20a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:q1000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:sbg3300-n000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:sbg3300-nb00_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:sbg3500-n000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:vmg1312-b10a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:vmg1312-b30a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:vmg1312-b30b_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:vmg4380-b10a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:vmg8324-b10a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:vmg8924-b10a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:vmg8924-b30a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:vsg1435-b101_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:misc:multiple_vendors",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stefan Viehb?ck of SEC Consult.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-204"
}
],
"trust": 0.6
},
"cve": "CVE-2015-7256",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2015-7256",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-7256",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-08082",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-85217",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2015-7256",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-7256",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-7256",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-08082",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-204",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-85217",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08082"
},
{
"db": "VULHUB",
"id": "VHN-85217"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-204"
},
{
"db": "NVD",
"id": "CVE-2015-7256"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys. Many embedded devices are not unique X.509 Certificate and SSH Spoofing and intermediary because host key is used (man-in-the-middle) There is a possibility of being attacked and attacks such as decryption of communication contents. The encryption key is hard-coded (CWE-321) SEC Consult of Stefan Viehb\u0026#246;ck According to the survey, many embedded devices are not unique X.509 Certificate and SSH It is said that it is accessible from the Internet using a host key. A hard-coded key in a firmware image or a repository stored by scanning the Internet scans.io ( In particular SSH And the result of SSL Certificate ) A device that uses a certificate whose fingerprint matches the data of can be determined to be vulnerable. Affected devices include household routers and IP From the camera VoIP Wide range of products. CWE-321: Use of Hard-coded Cryptographic Key http://cwe.mitre.org/data/definitions/321.html scans.io https://scans.io/ SSH Result of https://scans.io/series/ssh-rsa-full-ipv4 SSL Certificate https://scans.io/study/sonar.ssl In many vulnerable devices, certificate and key reuse is limited to a limited product line by a specific developer, but there are several examples where multiple developers use the same certificate or key. Or exist. These are common SDK Firmware developed using, or ISP Provided by OEM The root cause is the use of device firmware. Vulnerable equipment is impersonation and intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. Perhaps the attacker can obtain authentication information and other sensitive information and use it for further attacks. Survey results and certificates SSH For more information on systems affected by host key issues, see SEC Consult See the blog post. Certificate https://www.sec-consult.com/download/certificates.html SSH Host key https://www.sec-consult.com/download/ssh_host_keys.html SEC Consult http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.htmlA remote attacker impersonates a user or intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. As a result, confidential information may be leaked. ZyXEL Access Point NWA1100-N is a wireless network receiving device from ZyXEL Technology. Multiple ZyXEL Products are prone to an information-disclosure vulnerability. Successful exploits will lead to other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7256"
},
{
"db": "CERT/CC",
"id": "VU#566724"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"db": "CNVD",
"id": "CNVD-2015-08082"
},
{
"db": "BID",
"id": "78214"
},
{
"db": "VULHUB",
"id": "VHN-85217"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#566724",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2015-7256",
"trust": 3.4
},
{
"db": "BID",
"id": "78214",
"trust": 1.6
},
{
"db": "JVN",
"id": "JVNVU96100360",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201512-204",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-08082",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-85217",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#566724"
},
{
"db": "CNVD",
"id": "CNVD-2015-08082"
},
{
"db": "VULHUB",
"id": "VHN-85217"
},
{
"db": "BID",
"id": "78214"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-204"
},
{
"db": "NVD",
"id": "CVE-2015-7256"
}
]
},
"id": "VAR-201709-0027",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08082"
},
{
"db": "VULHUB",
"id": "VHN-85217"
}
],
"trust": 1.4433235866666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08082"
}
]
},
"last_update_date": "2025-04-20T23:21:26.498000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Zyxel to Fix SSH Private Key and Certificate Vulnerability (CVE-2015-7256)",
"trust": 0.8,
"url": "http://www.zyxel.com/support/announcement_SSH_private_key_and_certificate_vulnerability.shtml"
},
{
"title": "Patches for multiple ZyXEL product information disclosure vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/68153"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08082"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85217"
},
{
"db": "NVD",
"id": "CVE-2015-7256"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/566724"
},
{
"trust": 2.0,
"url": "http://www.zyxel.com/support/announcement_ssh_private_key_and_certificate_vulnerability.shtml"
},
{
"trust": 1.6,
"url": "http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/78214"
},
{
"trust": 0.8,
"url": "http://blog.sec-consult.com/2016/09/house-of-keys-9-months-later-40-worse.html"
},
{
"trust": 0.8,
"url": "https://www.sec-consult.com/download/certificates.html"
},
{
"trust": 0.8,
"url": "https://www.sec-consult.com/download/ssh_host_keys.html"
},
{
"trust": 0.8,
"url": "https://scans.io/"
},
{
"trust": 0.8,
"url": "https://scans.io/series/ssh-rsa-full-ipv4"
},
{
"trust": 0.8,
"url": "https://scans.io/study/sonar.ssl"
},
{
"trust": 0.8,
"url": "https://censys.io"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6358"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7255"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7256"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7276"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8251"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu96100360/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7256"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6358"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7255"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7276"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8251"
},
{
"trust": 0.3,
"url": "http://www.zyxel.com/th/th/"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/bluu-a2nqyp"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#566724"
},
{
"db": "CNVD",
"id": "CNVD-2015-08082"
},
{
"db": "VULHUB",
"id": "VHN-85217"
},
{
"db": "BID",
"id": "78214"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-204"
},
{
"db": "NVD",
"id": "CVE-2015-7256"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#566724"
},
{
"db": "CNVD",
"id": "CNVD-2015-08082"
},
{
"db": "VULHUB",
"id": "VHN-85217"
},
{
"db": "BID",
"id": "78214"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-204"
},
{
"db": "NVD",
"id": "CVE-2015-7256"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-25T00:00:00",
"db": "CERT/CC",
"id": "VU#566724"
},
{
"date": "2015-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08082"
},
{
"date": "2017-09-28T00:00:00",
"db": "VULHUB",
"id": "VHN-85217"
},
{
"date": "2015-11-25T00:00:00",
"db": "BID",
"id": "78214"
},
{
"date": "2016-02-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"date": "2015-11-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-204"
},
{
"date": "2017-09-28T01:29:00.670000",
"db": "NVD",
"id": "CVE-2015-7256"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-06T00:00:00",
"db": "CERT/CC",
"id": "VU#566724"
},
{
"date": "2015-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08082"
},
{
"date": "2017-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-85217"
},
{
"date": "2015-11-25T00:00:00",
"db": "BID",
"id": "78214"
},
{
"date": "2018-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"date": "2015-12-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-204"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2015-7256"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-204"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Embedded devices use non-unique X.509 certificates and SSH host keys",
"sources": [
{
"db": "CERT/CC",
"id": "VU#566724"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-204"
}
],
"trust": 0.6
}
}
VAR-201708-0143
Vulnerability from variot - Updated: 2025-04-20 23:21ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device. The encryption key is hard-coded (CWE-321) SEC Consult of Stefan Viehböck According to the survey, many embedded devices are not unique X.509 Certificate and SSH It is said that it is accessible from the Internet using a host key. A hard-coded key in a firmware image or a repository stored by scanning the Internet scans.io ( In particular SSH And the result of SSL Certificate ) A device that uses a certificate whose fingerprint matches the data of can be determined to be vulnerable. Affected devices include household routers and IP From the camera VoIP Wide range of products. CWE-321: Use of Hard-coded Cryptographic Key http://cwe.mitre.org/data/definitions/321.html scans.io https://scans.io/ SSH Result of https://scans.io/series/ssh-rsa-full-ipv4 SSL Certificate https://scans.io/study/sonar.ssl In many vulnerable devices, certificate and key reuse is limited to a limited product line by a specific developer, but there are several examples where multiple developers use the same certificate or key. Or exist. These are common SDK Firmware developed using, or ISP Provided by OEM The root cause is the use of device firmware. Vulnerable equipment is impersonation and intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. Perhaps the attacker can obtain authentication information and other sensitive information and use it for further attacks. Survey results and certificates SSH For more information on systems affected by host key issues, see SEC Consult See the blog post. As a result, confidential information may be leaked. ZTEOX-330P and others are wireless router products of China ZTE Corporation (ZTE). An information disclosure vulnerability exists in several ZTE products. The following products are affected: ZTE OX-330P; ZXHN H108N; W300V1.0.0S_ZRD_TR1_D68; HG110; GAN9.8T101A-B; MF28G;
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0143",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mf28g",
"scope": "eq",
"trust": 1.6,
"vendor": "zte",
"version": null
},
{
"model": "hg110",
"scope": "eq",
"trust": 1.6,
"vendor": "zte",
"version": null
},
{
"model": "zxhn h108n",
"scope": "eq",
"trust": 1.6,
"vendor": "zte",
"version": null
},
{
"model": "gan9.8t101a-b",
"scope": "eq",
"trust": 1.6,
"vendor": "zte",
"version": null
},
{
"model": "ox-330p",
"scope": "eq",
"trust": 1.6,
"vendor": "zte",
"version": null
},
{
"model": "w300v1.0.0s zrd tr1 d68",
"scope": "eq",
"trust": 1.6,
"vendor": "zte",
"version": null
},
{
"model": "zxhn h108n",
"scope": null,
"trust": 1.2,
"vendor": "zte",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "actiontec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netcomm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sierra",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "technicolor",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubiquiti",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "unify",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zte",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "c1000z",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "fr1000z",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-24",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-8",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "nwa1100-n",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "nwa1100-nh",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "nwa1121-ni",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "nwa1123-ac",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "nwa1123-ni",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "p-660hn-51",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "p-663hn-51",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "p8702n",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "pmg5318-b20a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "q1000",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "sbg3300-n000",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "sbg3300-nb00",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "sbg3500-n000",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg1312-b10a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg1312-b30a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg1312-b30b",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg4380-b10a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg8324-b10a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg8924-b10a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vmg8924-b30a",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "vsg1435-b101",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "ox-330p",
"scope": null,
"trust": 0.6,
"vendor": "zte",
"version": null
},
{
"model": "w300v1.0.0s zrd tr1 d68",
"scope": null,
"trust": 0.6,
"vendor": "zte",
"version": null
},
{
"model": "hg110",
"scope": null,
"trust": 0.6,
"vendor": "zte",
"version": null
},
{
"model": "gan9.8t101a-b",
"scope": null,
"trust": 0.6,
"vendor": "zte",
"version": null
},
{
"model": "mf28g",
"scope": null,
"trust": 0.6,
"vendor": "zte",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#566724"
},
{
"db": "CNVD",
"id": "CNVD-2017-33516"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1334"
},
{
"db": "NVD",
"id": "CVE-2015-7255"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:zyxel:c1000z_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:fr1000z_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-24_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-8_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:nwa1100-n_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:nwa1100-nh_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:nwa1121-ni_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:nwa1123-ac_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:nwa1123-ni_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:p-660hn-51_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:p-663hn-51_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:p8702n_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:pmg5318-b20a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:q1000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:sbg3300-n000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:sbg3300-nb00_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:sbg3500-n000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:vmg1312-b10a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:vmg1312-b30a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:vmg1312-b30b_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:vmg4380-b10a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:vmg8324-b10a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:vmg8924-b10a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:vmg8924-b30a_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:vsg1435-b101_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:misc:multiple_vendors",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
}
]
},
"cve": "CVE-2015-7255",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-7255",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-33516",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-85216",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2015-7255",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-7255",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-7255",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-33516",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1334",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-85216",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33516"
},
{
"db": "VULHUB",
"id": "VHN-85216"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1334"
},
{
"db": "NVD",
"id": "CVE-2015-7255"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device. The encryption key is hard-coded (CWE-321) SEC Consult of Stefan Viehb\u0026#246;ck According to the survey, many embedded devices are not unique X.509 Certificate and SSH It is said that it is accessible from the Internet using a host key. A hard-coded key in a firmware image or a repository stored by scanning the Internet scans.io ( In particular SSH And the result of SSL Certificate ) A device that uses a certificate whose fingerprint matches the data of can be determined to be vulnerable. Affected devices include household routers and IP From the camera VoIP Wide range of products. CWE-321: Use of Hard-coded Cryptographic Key http://cwe.mitre.org/data/definitions/321.html scans.io https://scans.io/ SSH Result of https://scans.io/series/ssh-rsa-full-ipv4 SSL Certificate https://scans.io/study/sonar.ssl In many vulnerable devices, certificate and key reuse is limited to a limited product line by a specific developer, but there are several examples where multiple developers use the same certificate or key. Or exist. These are common SDK Firmware developed using, or ISP Provided by OEM The root cause is the use of device firmware. Vulnerable equipment is impersonation and intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. Perhaps the attacker can obtain authentication information and other sensitive information and use it for further attacks. Survey results and certificates SSH For more information on systems affected by host key issues, see SEC Consult See the blog post. As a result, confidential information may be leaked. ZTEOX-330P and others are wireless router products of China ZTE Corporation (ZTE). An information disclosure vulnerability exists in several ZTE products. The following products are affected: ZTE OX-330P; ZXHN H108N; W300V1.0.0S_ZRD_TR1_D68; HG110; GAN9.8T101A-B; MF28G;",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7255"
},
{
"db": "CERT/CC",
"id": "VU#566724"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"db": "CNVD",
"id": "CNVD-2017-33516"
},
{
"db": "VULHUB",
"id": "VHN-85216"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#566724",
"trust": 3.9
},
{
"db": "NVD",
"id": "CVE-2015-7255",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU96100360",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1334",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-33516",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-85216",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#566724"
},
{
"db": "CNVD",
"id": "CNVD-2017-33516"
},
{
"db": "VULHUB",
"id": "VHN-85216"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1334"
},
{
"db": "NVD",
"id": "CVE-2015-7255"
}
]
},
"id": "VAR-201708-0143",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33516"
},
{
"db": "VULHUB",
"id": "VHN-85216"
}
],
"trust": 1.28941403
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33516"
}
]
},
"last_update_date": "2025-04-20T23:21:26.460000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Zyxel to Fix SSH Private Key and Certificate Vulnerability (CVE-2015-7256)",
"trust": 0.8,
"url": "http://www.zyxel.com/support/announcement_SSH_private_key_and_certificate_vulnerability.shtml"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85216"
},
{
"db": "NVD",
"id": "CVE-2015-7255"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.kb.cert.org/vuls/id/566724"
},
{
"trust": 1.7,
"url": "https://www.kb.cert.org/vuls/id/bluu-a2nqyr"
},
{
"trust": 1.6,
"url": "http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html"
},
{
"trust": 1.6,
"url": "https://github.com/sec-consult/houseofkeys/search?p=3\u0026q=zte\u0026type=\u0026utf8=%e2%9c%93"
},
{
"trust": 0.8,
"url": "http://blog.sec-consult.com/2016/09/house-of-keys-9-months-later-40-worse.html"
},
{
"trust": 0.8,
"url": "https://www.sec-consult.com/download/certificates.html"
},
{
"trust": 0.8,
"url": "https://www.sec-consult.com/download/ssh_host_keys.html"
},
{
"trust": 0.8,
"url": "https://scans.io/"
},
{
"trust": 0.8,
"url": "https://scans.io/series/ssh-rsa-full-ipv4"
},
{
"trust": 0.8,
"url": "https://scans.io/study/sonar.ssl"
},
{
"trust": 0.8,
"url": "https://censys.io"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6358"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7255"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7256"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7276"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8251"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu96100360/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7256"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6358"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7255"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7276"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-8251"
},
{
"trust": 0.1,
"url": "https://github.com/sec-consult/houseofkeys/search?p=3\u0026amp;q=zte\u0026amp;type=\u0026amp;utf8=%e2%9c%93"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#566724"
},
{
"db": "CNVD",
"id": "CNVD-2017-33516"
},
{
"db": "VULHUB",
"id": "VHN-85216"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1334"
},
{
"db": "NVD",
"id": "CVE-2015-7255"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#566724"
},
{
"db": "CNVD",
"id": "CNVD-2017-33516"
},
{
"db": "VULHUB",
"id": "VHN-85216"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1334"
},
{
"db": "NVD",
"id": "CVE-2015-7255"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-11-25T00:00:00",
"db": "CERT/CC",
"id": "VU#566724"
},
{
"date": "2017-11-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33516"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-85216"
},
{
"date": "2016-02-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"date": "2017-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1334"
},
{
"date": "2017-08-29T15:29:00.517000",
"db": "NVD",
"id": "CVE-2015-7255"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-06T00:00:00",
"db": "CERT/CC",
"id": "VU#566724"
},
{
"date": "2017-11-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33516"
},
{
"date": "2017-09-12T00:00:00",
"db": "VULHUB",
"id": "VHN-85216"
},
{
"date": "2018-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006907"
},
{
"date": "2017-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1334"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2015-7255"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1334"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Embedded devices use non-unique X.509 certificates and SSH host keys",
"sources": [
{
"db": "CERT/CC",
"id": "VU#566724"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1334"
}
],
"trust": 0.6
}
}
VAR-201710-1117
Vulnerability from variot - Updated: 2025-04-20 23:15A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution. GE CIMPLICITY Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GE CIMPLICITY is an HMI software. GE CIMPLICITY has a stack buffer overflow vulnerability that allows remote attackers to exploit a vulnerability to submit a special request to crash an application or execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-1117",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "9.0"
},
{
"model": "cimplicity",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "9.0"
},
{
"model": "electric cimplicity",
"scope": "lte",
"trust": 0.6,
"vendor": "general",
"version": "\u003c=9.0"
},
{
"model": "intelligent platforms proficy hmi\\/scada cimplicity",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "9.0"
},
{
"model": "cimplicity",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "9.0"
},
{
"model": "cimplicity",
"scope": "ne",
"trust": 0.3,
"vendor": "ge",
"version": "9.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intelligent platforms proficy hmi scada cimplicity",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "0e1531b5-5828-444b-a091-2b4ac221507d"
},
{
"db": "CNVD",
"id": "CNVD-2017-29156"
},
{
"db": "BID",
"id": "101174"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008868"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-365"
},
{
"db": "NVD",
"id": "CVE-2017-12732"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ge:cimplicity",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008868"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "David Atch of CyberX",
"sources": [
{
"db": "BID",
"id": "101174"
}
],
"trust": 0.3
},
"cve": "CVE-2017-12732",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.4,
"id": "CVE-2017-12732",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-29156",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "0e1531b5-5828-444b-a091-2b4ac221507d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2017-12732",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-12732",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-12732",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-29156",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201710-365",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "0e1531b5-5828-444b-a091-2b4ac221507d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0e1531b5-5828-444b-a091-2b4ac221507d"
},
{
"db": "CNVD",
"id": "CNVD-2017-29156"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008868"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-365"
},
{
"db": "NVD",
"id": "CVE-2017-12732"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Versions 9.0 and prior. A function reads a packet to indicate the next packet length. The next packet length is not verified, allowing a buffer overwrite that could lead to an arbitrary remote code execution. GE CIMPLICITY Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GE CIMPLICITY is an HMI software. GE CIMPLICITY has a stack buffer overflow vulnerability that allows remote attackers to exploit a vulnerability to submit a special request to crash an application or execute arbitrary code. Failed exploit attempts will likely result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12732"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008868"
},
{
"db": "CNVD",
"id": "CNVD-2017-29156"
},
{
"db": "BID",
"id": "101174"
},
{
"db": "IVD",
"id": "0e1531b5-5828-444b-a091-2b4ac221507d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12732",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-278-01",
"trust": 2.5
},
{
"db": "BID",
"id": "101174",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-29156",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201710-365",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-278-01A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008868",
"trust": 0.8
},
{
"db": "IVD",
"id": "0E1531B5-5828-444B-A091-2B4AC221507D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "0e1531b5-5828-444b-a091-2b4ac221507d"
},
{
"db": "CNVD",
"id": "CNVD-2017-29156"
},
{
"db": "BID",
"id": "101174"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008868"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-365"
},
{
"db": "NVD",
"id": "CVE-2017-12732"
}
]
},
"id": "VAR-201710-1117",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0e1531b5-5828-444b-a091-2b4ac221507d"
},
{
"db": "CNVD",
"id": "CNVD-2017-29156"
}
],
"trust": 1.5777778
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "0e1531b5-5828-444b-a091-2b4ac221507d"
},
{
"db": "CNVD",
"id": "CNVD-2017-29156"
}
]
},
"last_update_date": "2025-04-20T23:15:52.813000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CIMPLICITY",
"trust": 0.8,
"url": "https://www.ge.com/digital/products/cimplicity"
},
{
"title": "Patch for GE CIMPLICITY Stack Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/103267"
},
{
"title": "GE CIMPLICITY Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75479"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-29156"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008868"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-365"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
},
{
"problemtype": "CWE-121",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008868"
},
{
"db": "NVD",
"id": "CVE-2017-12732"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-278-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/101174"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12732"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-278-01a"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12732"
},
{
"trust": 0.3,
"url": "https://www.ge.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-29156"
},
{
"db": "BID",
"id": "101174"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008868"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-365"
},
{
"db": "NVD",
"id": "CVE-2017-12732"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0e1531b5-5828-444b-a091-2b4ac221507d"
},
{
"db": "CNVD",
"id": "CNVD-2017-29156"
},
{
"db": "BID",
"id": "101174"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008868"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-365"
},
{
"db": "NVD",
"id": "CVE-2017-12732"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-09T00:00:00",
"db": "IVD",
"id": "0e1531b5-5828-444b-a091-2b4ac221507d"
},
{
"date": "2017-10-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-29156"
},
{
"date": "2017-10-05T00:00:00",
"db": "BID",
"id": "101174"
},
{
"date": "2017-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008868"
},
{
"date": "2017-10-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-365"
},
{
"date": "2017-10-05T21:29:00.193000",
"db": "NVD",
"id": "CVE-2017-12732"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-29156"
},
{
"date": "2017-10-05T00:00:00",
"db": "BID",
"id": "101174"
},
{
"date": "2017-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008868"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-365"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-12732"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-365"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE CIMPLICITY Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008868"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-365"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "0e1531b5-5828-444b-a091-2b4ac221507d"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-365"
}
],
"trust": 0.8
}
}
VAR-201508-0005
Vulnerability from variot - Updated: 2025-04-13 23:39GE Healthcare Millennium MG, NC, and MyoSIGHT has a default password of (1) root.genie for the root user, (2) "service." for the service user, (3) admin.genie for the admin user, (4) reboot for the reboot user, and (5) shutdown for the shutdown user, which has unspecified impact and attack vectors. GE Healthcare Millennium MG, NC, and MyoSIGHT are all scanning cameras for the medical industry from General Electric (GE).
There are security vulnerabilities in several GE products. An attacker could use this vulnerability to control the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0005",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "millennium mg",
"scope": "eq",
"trust": 1.0,
"vendor": "gehealthcare",
"version": "*"
},
{
"model": "millennium nc",
"scope": "eq",
"trust": 1.0,
"vendor": "gehealthcare",
"version": "*"
},
{
"model": "millennium myosight",
"scope": "eq",
"trust": 1.0,
"vendor": "gehealthcare",
"version": "*"
},
{
"model": "millennium mg",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "millennium myosight",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "millennium nc",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "healthcare millennium mg/nc/myosight",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
},
{
"model": "millennium myosight",
"scope": null,
"trust": 0.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "millennium nc",
"scope": null,
"trust": 0.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "millennium mg",
"scope": null,
"trust": 0.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "millennium nc",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
},
{
"model": "millennium myosight",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
},
{
"model": "millennium mg",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05133"
},
{
"db": "BID",
"id": "86877"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003992"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-013"
},
{
"db": "NVD",
"id": "CVE-2002-2445"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:gehealthcare:millennium_mg_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:gehealthcare:millennium_myosight_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:gehealthcare:millennium_nc_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003992"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "86877"
}
],
"trust": 0.3
},
"cve": "CVE-2002-2445",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2002-2445",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05133",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-2445",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2002-2445",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05133",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-013",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2002-2445",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05133"
},
{
"db": "VULMON",
"id": "CVE-2002-2445"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003992"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-013"
},
{
"db": "NVD",
"id": "CVE-2002-2445"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Millennium MG, NC, and MyoSIGHT has a default password of (1) root.genie for the root user, (2) \"service.\" for the service user, (3) admin.genie for the admin user, (4) reboot for the reboot user, and (5) shutdown for the shutdown user, which has unspecified impact and attack vectors. GE Healthcare Millennium MG, NC, and MyoSIGHT are all scanning cameras for the medical industry from General Electric (GE). \n\nThere are security vulnerabilities in several GE products. An attacker could use this vulnerability to control the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-2445"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003992"
},
{
"db": "CNVD",
"id": "CNVD-2015-05133"
},
{
"db": "BID",
"id": "86877"
},
{
"db": "VULMON",
"id": "CVE-2002-2445"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2002-2445",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003992",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05133",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-013",
"trust": 0.6
},
{
"db": "BID",
"id": "86877",
"trust": 0.4
},
{
"db": "VULMON",
"id": "CVE-2002-2445",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05133"
},
{
"db": "VULMON",
"id": "CVE-2002-2445"
},
{
"db": "BID",
"id": "86877"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003992"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-013"
},
{
"db": "NVD",
"id": "CVE-2002-2445"
}
]
},
"id": "VAR-201508-0005",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05133"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05133"
}
]
},
"last_update_date": "2025-04-13T23:39:37.898000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Millennium MyoSIGHT Nuclear Medicine Imaging System Service Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/2354459-100.pdf?REQ=RAA\u0026DIRECTION=2354459-100\u0026FILENAME=2354459-100.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www3.gehealthcare.com/en/global_gateway"
},
{
"title": "Millenium MG \u0026 MC Nuclear Medicine Imaging System Service Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/2338955-100.pdf?REQ=RAA\u0026DIRECTION=2338955-100\u0026FILENAME=2338955-100.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003992"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-2445"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 2.0,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/2338955-100.pdf?req=raa\u0026direction=2338955-100\u0026filename=2338955-100.pdf\u0026filerev=1\u0026docrev_org=1"
},
{
"trust": 2.0,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/2354459-100.pdf?req=raa\u0026direction=2354459-100\u0026filename=2354459-100.pdf\u0026filerev=4\u0026docrev_org=4"
},
{
"trust": 2.0,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-2445"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2002-2445"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/86877"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05133"
},
{
"db": "VULMON",
"id": "CVE-2002-2445"
},
{
"db": "BID",
"id": "86877"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003992"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-013"
},
{
"db": "NVD",
"id": "CVE-2002-2445"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05133"
},
{
"db": "VULMON",
"id": "CVE-2002-2445"
},
{
"db": "BID",
"id": "86877"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003992"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-013"
},
{
"db": "NVD",
"id": "CVE-2002-2445"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05133"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2002-2445"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "86877"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003992"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-013"
},
{
"date": "2015-08-04T14:59:01.817000",
"db": "NVD",
"id": "CVE-2002-2445"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05133"
},
{
"date": "2015-09-03T00:00:00",
"db": "VULMON",
"id": "CVE-2002-2445"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "86877"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003992"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-013"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2002-2445"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-013"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural GE Healthcare Millennium Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003992"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-013"
}
],
"trust": 0.6
}
}
VAR-201611-0263
Vulnerability from variot - Updated: 2025-04-13 23:39General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote attackers to obtain privileged access via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) ,and CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. https://cwe.mitre.org/data/definitions/254.html https://cwe.mitre.org/data/definitions/284.htmlA remote attacker could gain privileged access. GE Bently Nevada 3500 / 22M is a vibration monitoring system.
GE Bently Nevada 3500 / 22M has a security bypass vulnerability. Allows an attacker to perform unauthorized operations. This may lead to other attacks. The following products are vulnerable: GE Bently Nevada 3500/22M (USB version) prior to firmware Version 5.0 are vulnerable. USB and Serial are 2 versions of it
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201611-0263",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "electric bently nevada 3500/22m",
"scope": "eq",
"trust": 1.8,
"vendor": "general",
"version": "0"
},
{
"model": "bently nevada 3500/22m",
"scope": null,
"trust": 1.6,
"vendor": "general electric",
"version": null
},
{
"model": "bently nevada 3500\\/22m serial",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": null
},
{
"model": "bently nevada 3500\\/22m usb",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": null
},
{
"model": "bently nevada 3500/22m",
"scope": "lt",
"trust": 0.8,
"vendor": "general electric",
"version": "5.0"
},
{
"model": "bently nevada 3500/22m",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": null
},
{
"model": "electric bently nevada 3500/22m",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "5.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08614"
},
{
"db": "BID",
"id": "93452"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005963"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-027"
},
{
"db": "NVD",
"id": "CVE-2016-5788"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:ge:bently_nevada_3500%2F22m_usb",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:bently_nevada_3500%2F22m_usb_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:ge:bently_nevada_3500%2F22m_serial",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ge:bently_nevada_3500%2F22m_serial_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005963"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "93452"
}
],
"trust": 0.3
},
"cve": "CVE-2016-5788",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-5788",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-08614",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-94607",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-5788",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-5788",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-5788",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2016-08614",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-027",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-94607",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-5788",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08614"
},
{
"db": "VULHUB",
"id": "VHN-94607"
},
{
"db": "VULMON",
"id": "CVE-2016-5788"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005963"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-027"
},
{
"db": "NVD",
"id": "CVE-2016-5788"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote attackers to obtain privileged access via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) ,and CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. https://cwe.mitre.org/data/definitions/254.html https://cwe.mitre.org/data/definitions/284.htmlA remote attacker could gain privileged access. GE Bently Nevada 3500 / 22M is a vibration monitoring system. \n\nGE Bently Nevada 3500 / 22M has a security bypass vulnerability. Allows an attacker to perform unauthorized operations. This may lead to other attacks. \nThe following products are vulnerable:\nGE Bently Nevada 3500/22M (USB version) prior to firmware Version 5.0 are vulnerable. USB and Serial are 2 versions of it",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5788"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005963"
},
{
"db": "CNVD",
"id": "CNVD-2016-08614"
},
{
"db": "BID",
"id": "93452"
},
{
"db": "VULHUB",
"id": "VHN-94607"
},
{
"db": "VULMON",
"id": "CVE-2016-5788"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5788",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-252-01",
"trust": 2.9
},
{
"db": "BID",
"id": "93452",
"trust": 2.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005963",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-027",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-08614",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-94607",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-5788",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08614"
},
{
"db": "VULHUB",
"id": "VHN-94607"
},
{
"db": "VULMON",
"id": "CVE-2016-5788"
},
{
"db": "BID",
"id": "93452"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005963"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-027"
},
{
"db": "NVD",
"id": "CVE-2016-5788"
}
]
},
"id": "VAR-201611-0263",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94607"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:39:30.579000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bently Nevada \u88fd\u54c1\u30b5\u30dd\u30fc\u30c8",
"trust": 0.8,
"url": "http://site.ge-energy.com/prod_serv/products/oc/ja/tech_prodsupport.htm"
},
{
"title": "Patch for GE Bently Nevada 3500 / 22M Security Bypass Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/82166"
},
{
"title": "GE Bently Nevada 3500/22M Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64467"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08614"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005963"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-027"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.1
},
{
"problemtype": "CWE-285",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94607"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005963"
},
{
"db": "NVD",
"id": "CVE-2016-5788"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-252-01"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/93452"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5788"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5788"
},
{
"trust": 0.3,
"url": "https://www.gemeasurement.com"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/254.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/285.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=49219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-08614"
},
{
"db": "VULHUB",
"id": "VHN-94607"
},
{
"db": "VULMON",
"id": "CVE-2016-5788"
},
{
"db": "BID",
"id": "93452"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005963"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-027"
},
{
"db": "NVD",
"id": "CVE-2016-5788"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-08614"
},
{
"db": "VULHUB",
"id": "VHN-94607"
},
{
"db": "VULMON",
"id": "CVE-2016-5788"
},
{
"db": "BID",
"id": "93452"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005963"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-027"
},
{
"db": "NVD",
"id": "CVE-2016-5788"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-08614"
},
{
"date": "2016-11-25T00:00:00",
"db": "VULHUB",
"id": "VHN-94607"
},
{
"date": "2016-11-25T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5788"
},
{
"date": "2016-10-06T00:00:00",
"db": "BID",
"id": "93452"
},
{
"date": "2016-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005963"
},
{
"date": "2016-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-027"
},
{
"date": "2016-11-25T03:59:08.720000",
"db": "NVD",
"id": "CVE-2016-5788"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-08614"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-94607"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5788"
},
{
"date": "2016-10-10T00:13:00",
"db": "BID",
"id": "93452"
},
{
"date": "2016-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005963"
},
{
"date": "2016-11-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-027"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-5788"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-027"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "General Electric Bently Nevada 3500/22M of USB Vulnerability gained in privileged access in the serial port version",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005963"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-027"
}
],
"trust": 0.6
}
}
VAR-201508-0010
Vulnerability from variot - Updated: 2025-04-13 23:37GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Login screen. NOTE: this might not qualify for inclusion in CVE if unauthenticated emergency access is part of the intended security policy of the product, can be controlled by the system administrator, and is not enabled by default. GE Healthcare Optima MR360 is a magnetic resonance imaging (MRI) system for the medical industry. An attacker can exploit this issue to gain unauthorized access to the affected device. Successful exploits will result in the complete compromise of the affected device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0010",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "optima mr360",
"scope": "eq",
"trust": 1.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "optima mr360",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "optima mr360",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
},
{
"model": "optima mr360",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05172"
},
{
"db": "BID",
"id": "76260"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004015"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-022"
},
{
"db": "NVD",
"id": "CVE-2010-5308"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:gehealthcare:optima_mr360_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004015"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven",
"sources": [
{
"db": "BID",
"id": "76260"
}
],
"trust": 0.3
},
"cve": "CVE-2010-5308",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2010-5308",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05172",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-47913",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-5308",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2010-5308",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05172",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-022",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-47913",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05172"
},
{
"db": "VULHUB",
"id": "VHN-47913"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004015"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-022"
},
{
"db": "NVD",
"id": "CVE-2010-5308"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Optima MR360 does not require authentication for the HIPAA emergency login procedure, which allows physically proximate users to gain access via an arbitrary username in the Emergency Login screen. NOTE: this might not qualify for inclusion in CVE if unauthenticated emergency access is part of the intended security policy of the product, can be controlled by the system administrator, and is not enabled by default. GE Healthcare Optima MR360 is a magnetic resonance imaging (MRI) system for the medical industry. \nAn attacker can exploit this issue to gain unauthorized access to the affected device. Successful exploits will result in the complete compromise of the affected device",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-5308"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004015"
},
{
"db": "CNVD",
"id": "CNVD-2015-05172"
},
{
"db": "BID",
"id": "76260"
},
{
"db": "VULHUB",
"id": "VHN-47913"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-5308",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004015",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-022",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-05172",
"trust": 0.6
},
{
"db": "BID",
"id": "76260",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-47913",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05172"
},
{
"db": "VULHUB",
"id": "VHN-47913"
},
{
"db": "BID",
"id": "76260"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004015"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-022"
},
{
"db": "NVD",
"id": "CVE-2010-5308"
}
]
},
"id": "VAR-201508-0010",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-47913"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:37:31.686000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Optima MR360 1.5T MR system Operator Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/MR360%20operator%20manual%20paper.pdf?DOCCLASS=A\u0026REQ=RAC\u0026DIRECTION=5339461-1EN\u0026FILENAME=MR360+operator+manual+paper.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4\u0026SUBMIT=+ACCEPT+"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004015"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-47913"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004015"
},
{
"db": "NVD",
"id": "CVE-2010-5308"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 2.0,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 1.6,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/mr360+operator+manual+paper.pdf?req=raa\u0026direction=5339461-1en\u0026filename=mr360%2boperator%2bmanual%2bpaper.pdf\u0026filerev=4\u0026docrev_org=4"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5308"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-5308"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en/global_gateway"
},
{
"trust": 0.3,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/mr360%20operator%20manual%20paper.pdf?docclass=a\u0026req=rac\u0026direction=5339461-1en\u0026filename=mr360+operator+manual+paper.pdf\u0026filerev=4\u0026docrev_org=4\u0026submit"
},
{
"trust": 0.1,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/mr360+operator+manual+paper.pdf?req=raa\u0026amp;direction=5339461-1en\u0026amp;filename=mr360%2boperator%2bmanual%2bpaper.pdf\u0026amp;filerev=4\u0026amp;docrev_org=4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05172"
},
{
"db": "VULHUB",
"id": "VHN-47913"
},
{
"db": "BID",
"id": "76260"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004015"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-022"
},
{
"db": "NVD",
"id": "CVE-2010-5308"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05172"
},
{
"db": "VULHUB",
"id": "VHN-47913"
},
{
"db": "BID",
"id": "76260"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004015"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-022"
},
{
"db": "NVD",
"id": "CVE-2010-5308"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05172"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-47913"
},
{
"date": "2015-07-10T00:00:00",
"db": "BID",
"id": "76260"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004015"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-022"
},
{
"date": "2015-08-04T14:59:11.503000",
"db": "NVD",
"id": "CVE-2010-5308"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05172"
},
{
"date": "2015-08-05T00:00:00",
"db": "VULHUB",
"id": "VHN-47913"
},
{
"date": "2015-07-10T00:00:00",
"db": "BID",
"id": "76260"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004015"
},
{
"date": "2015-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-022"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2010-5308"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-022"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Optima MR360 Vulnerabilities to gain access to",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004015"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-022"
}
],
"trust": 0.6
}
}
VAR-201502-0245
Vulnerability from variot - Updated: 2025-04-13 23:27Buffer overflow in the Field Device Tool (FDT) Frame application in the HART Device Type Manager (DTM) library, as used in MACTek Bullet DTM 1.00.0, GE Vector DTM 1.00.0, GE SVi1000 Positioner DTM 1.00.0, GE SVI II AP Positioner DTM 2.00.1, and GE 12400 Level Transmitter DTM 1.00.0, allows remote attackers to cause a denial of service (DTM outage) via crafted packets. General Electric Company is a manufacturer of electrical equipment, electrical and electronic equipment. General Electric (GE) and MACTek 'HART DTM' Library have a denial of service vulnerability that an attacker can use to cause an affected system to stop responding and initiate a denial of service attack. An attacker can exploit this issue to cause the affected system to become unresponsive, resulting in a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0245",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vector device type manager",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "1.00.0"
},
{
"model": "bullet device type manager",
"scope": "eq",
"trust": 1.0,
"vendor": "mactek",
"version": "1.00.0"
},
{
"model": "12400 level transmitter device type manager",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": "1.00.0"
},
{
"model": "svi ii ap positioner device type manager",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": "2.00.1"
},
{
"model": "12400 level transmitter dtm",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": "1.00.0"
},
{
"model": "svi ii ap positioner dtm",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": "2.00.1"
},
{
"model": "svi1000 positioner dtm",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": "1.00.0"
},
{
"model": "vector dtm",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": "1.00.0"
},
{
"model": "bullet wirelesshart device type manager",
"scope": "eq",
"trust": 0.8,
"vendor": "mactek",
"version": "(dtm) 1.00.0"
},
{
"model": "electric mactek bullet dtm",
"scope": "eq",
"trust": 0.6,
"vendor": "general",
"version": "1.00.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "12400 level transmitter device type manager",
"version": "1.00.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "svi ii ap positioner device type manager",
"version": "2.00.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vector device type manager",
"version": "1.00.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bullet device type manager",
"version": "1.00.0"
}
],
"sources": [
{
"db": "IVD",
"id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00995"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007859"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-133"
},
{
"db": "NVD",
"id": "CVE-2014-9203"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ge:12400_level_transmitter_device_type_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ge:svi_ii_ap_positioner_device_type_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ge:svi1000_positione_device_type_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ge:vector_device_type_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mactek:bullet_device_type_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007859"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alexander Bolshev",
"sources": [
{
"db": "BID",
"id": "72524"
}
],
"trust": 0.3
},
"cve": "CVE-2014-9203",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-9203",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-00995",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "a3a0ad20-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-9203",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-9203",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-00995",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201502-133",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "a3a0ad20-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00995"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007859"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-133"
},
{
"db": "NVD",
"id": "CVE-2014-9203"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the Field Device Tool (FDT) Frame application in the HART Device Type Manager (DTM) library, as used in MACTek Bullet DTM 1.00.0, GE Vector DTM 1.00.0, GE SVi1000 Positioner DTM 1.00.0, GE SVI II AP Positioner DTM 2.00.1, and GE 12400 Level Transmitter DTM 1.00.0, allows remote attackers to cause a denial of service (DTM outage) via crafted packets. General Electric Company is a manufacturer of electrical equipment, electrical and electronic equipment. General Electric (GE) and MACTek \u0027HART DTM\u0027 Library have a denial of service vulnerability that an attacker can use to cause an affected system to stop responding and initiate a denial of service attack. \nAn attacker can exploit this issue to cause the affected system to become unresponsive, resulting in a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9203"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007859"
},
{
"db": "CNVD",
"id": "CNVD-2015-00995"
},
{
"db": "BID",
"id": "72524"
},
{
"db": "IVD",
"id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9203",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-15-036-01",
"trust": 2.7
},
{
"db": "BID",
"id": "72524",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-00995",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201502-133",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007859",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-15-036-01A",
"trust": 0.3
},
{
"db": "IVD",
"id": "A3A0AD20-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00995"
},
{
"db": "BID",
"id": "72524"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007859"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-133"
},
{
"db": "NVD",
"id": "CVE-2014-9203"
}
]
},
"id": "VAR-201502-0245",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00995"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00995"
}
]
},
"last_update_date": "2025-04-13T23:27:33.904000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GEOG 15-01_Security_Advisory_HART DTM",
"trust": 0.8,
"url": "http://d3qm6x350yyq59.cloudfront.net/sites/geog.dev.local/files/geog_15-01_security_advisory_hart_dtm.pdf"
},
{
"title": "Download Center",
"trust": 0.8,
"url": "http://www.ge-mcs.com/en/download.html"
},
{
"title": "Bullet_DTM_1_00_1.exe",
"trust": 0.8,
"url": "https://mactekcorp.com/downloadFiles/Bullet_DTM_1_00_1.exe"
},
{
"title": "BULLET WirelessHART Adapter",
"trust": 0.8,
"url": "https://mactekcorp.com/product6a.php"
},
{
"title": "General Electric (GE) and MACTek \u0027HART DTM\u0027 Library have patches for denial of service vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/55174"
},
{
"title": "VECTOR_DTM_Installer_V1.00.1",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53668"
},
{
"title": "SVI_II_AP_DTM_Installer_V2.10.1",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53671"
},
{
"title": "SVi1000_DTM_Installer_V1.00.1",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53670"
},
{
"title": "12400_DTM_Installer_V1.00.1",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53669"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00995"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007859"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-133"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007859"
},
{
"db": "NVD",
"id": "CVE-2014-9203"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-036-01"
},
{
"trust": 1.6,
"url": "http://www.geoilandgas.com/securityadvisory"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9203"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9203"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/72524"
},
{
"trust": 0.3,
"url": "http://www.ge.com/"
},
{
"trust": 0.3,
"url": "https://mactekcorp.com/"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-036-01a"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00995"
},
{
"db": "BID",
"id": "72524"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007859"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-133"
},
{
"db": "NVD",
"id": "CVE-2014-9203"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00995"
},
{
"db": "BID",
"id": "72524"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007859"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-133"
},
{
"db": "NVD",
"id": "CVE-2014-9203"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-10T00:00:00",
"db": "IVD",
"id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-02-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00995"
},
{
"date": "2015-02-05T00:00:00",
"db": "BID",
"id": "72524"
},
{
"date": "2015-02-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007859"
},
{
"date": "2015-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-133"
},
{
"date": "2015-02-07T15:59:00.050000",
"db": "NVD",
"id": "CVE-2014-9203"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00995"
},
{
"date": "2015-02-05T00:00:00",
"db": "BID",
"id": "72524"
},
{
"date": "2015-02-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007859"
},
{
"date": "2015-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-133"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-9203"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-133"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MACTek Bullet DTM And multiple GE DTM Used in products HART DTM Buffer overflow vulnerability in library",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007859"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-133"
}
],
"trust": 0.8
}
}
VAR-201509-0298
Vulnerability from variot - Updated: 2025-04-13 23:25GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 have hardcoded credentials for a support account, which allows remote attackers to obtain administrative access, and consequently execute arbitrary code, by leveraging knowledge of the password. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. http://cwe.mitre.org/data/definitions/798.htmlBy using password information, a third party can gain administrative access and, as a result, execute arbitrary code. Authentication is required to exploit this vulnerability but it can bypassed using static credentials. The specific flaw exists within the PulseNET web service. It contains a hidden support account, with static credentials, that gives full access. An attacker could leverage this vulnerability to execute arbitrary code under the context of SYSTEM. GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise are products of General Electric (GE). GE Digital Energy MDS PulseNET is a software application for monitoring industrial communications network equipment. MDS PulseNET Enterprise is one of the enterprise editions. Multiple GE MDS PulseNET products are prone to a directory-traversal vulnerability and a security-bypass vulnerability Attackers can exploit these issue to bypass the authentication mechanism and gain access or to read and delete arbitrary files in the context of the application. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201509-0298",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mds pulsenet",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "3.1.3"
},
{
"model": "mds pulsenet",
"scope": "lt",
"trust": 0.8,
"vendor": "general electric",
"version": "3.1.5"
},
{
"model": "mds pulsenet",
"scope": "lt",
"trust": 0.8,
"vendor": "general electric",
"version": "enterprise 3.1.5"
},
{
"model": "mds pulsenet",
"scope": null,
"trust": 0.7,
"vendor": "ge",
"version": null
},
{
"model": "mds pulsenet",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
},
{
"model": "mds pulsenet",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "3.1.3"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-440"
},
{
"db": "CNVD",
"id": "CNVD-2015-06255"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004924"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-378"
},
{
"db": "NVD",
"id": "CVE-2015-6456"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ge:mds_pulsenet",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004924"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Andrea Micalizzi (rgod)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-440"
}
],
"trust": 0.7
},
"cve": "CVE-2015-6456",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2015-6456",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 2.5,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2015-06255",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6456",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-6456",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2015-6456",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-06255",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-378",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-440"
},
{
"db": "CNVD",
"id": "CNVD-2015-06255"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004924"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-378"
},
{
"db": "NVD",
"id": "CVE-2015-6456"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 have hardcoded credentials for a support account, which allows remote attackers to obtain administrative access, and consequently execute arbitrary code, by leveraging knowledge of the password. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. http://cwe.mitre.org/data/definitions/798.htmlBy using password information, a third party can gain administrative access and, as a result, execute arbitrary code. Authentication is required to exploit this vulnerability but it can bypassed using static credentials. The specific flaw exists within the PulseNET web service. It contains a hidden support account, with static credentials, that gives full access. An attacker could leverage this vulnerability to execute arbitrary code under the context of SYSTEM. GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise are products of General Electric (GE). GE Digital Energy MDS PulseNET is a software application for monitoring industrial communications network equipment. MDS PulseNET Enterprise is one of the enterprise editions. Multiple GE MDS PulseNET products are prone to a directory-traversal vulnerability and a security-bypass vulnerability\nAttackers can exploit these issue to bypass the authentication mechanism and gain access or to read and delete arbitrary files in the context of the application. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6456"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004924"
},
{
"db": "ZDI",
"id": "ZDI-15-440"
},
{
"db": "CNVD",
"id": "CNVD-2015-06255"
},
{
"db": "BID",
"id": "76756"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6456",
"trust": 4.0
},
{
"db": "ICS CERT",
"id": "ICSA-15-258-03",
"trust": 3.0
},
{
"db": "ZDI",
"id": "ZDI-15-440",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004924",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2922",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-06255",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201509-378",
"trust": 0.6
},
{
"db": "BID",
"id": "76756",
"trust": 0.3
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-440"
},
{
"db": "CNVD",
"id": "CNVD-2015-06255"
},
{
"db": "BID",
"id": "76756"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004924"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-378"
},
{
"db": "NVD",
"id": "CVE-2015-6456"
}
]
},
"id": "VAR-201509-0298",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06255"
}
],
"trust": 1.1714286
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06255"
}
]
},
"last_update_date": "2025-04-13T23:25:12.453000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MDS PulseNet Support Documents",
"trust": 0.8,
"url": "http://www.gedigitalenergy.com/app/resources.aspx?prod=pulsenet\u0026type=9"
},
{
"title": "GE has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-258-03"
},
{
"title": "Patch for GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise Remote Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/64556"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-440"
},
{
"db": "CNVD",
"id": "CNVD-2015-06255"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004924"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004924"
},
{
"db": "NVD",
"id": "CVE-2015-6456"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-258-03"
},
{
"trust": 2.2,
"url": "http://zerodayinitiative.com/advisories/zdi-15-440/"
},
{
"trust": 1.6,
"url": "http://www.gedigitalenergy.com/app/resources.aspx?prod=pulsenet\u0026type=9"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6456"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6456"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-440"
},
{
"db": "CNVD",
"id": "CNVD-2015-06255"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004924"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-378"
},
{
"db": "NVD",
"id": "CVE-2015-6456"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-15-440"
},
{
"db": "CNVD",
"id": "CNVD-2015-06255"
},
{
"db": "BID",
"id": "76756"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004924"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-378"
},
{
"db": "NVD",
"id": "CVE-2015-6456"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-16T00:00:00",
"db": "ZDI",
"id": "ZDI-15-440"
},
{
"date": "2015-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06255"
},
{
"date": "2015-09-15T00:00:00",
"db": "BID",
"id": "76756"
},
{
"date": "2015-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004924"
},
{
"date": "2015-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-378"
},
{
"date": "2015-09-18T22:59:05.483000",
"db": "NVD",
"id": "CVE-2015-6456"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-16T00:00:00",
"db": "ZDI",
"id": "ZDI-15-440"
},
{
"date": "2015-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06255"
},
{
"date": "2015-11-03T19:14:00",
"db": "BID",
"id": "76756"
},
{
"date": "2015-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004924"
},
{
"date": "2015-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-378"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-6456"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-378"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise Vulnerabilities that gain management access",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004924"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "76756"
}
],
"trust": 0.3
}
}
VAR-201509-0299
Vulnerability from variot - Updated: 2025-04-13 23:25Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname. Authentication is not required to exploit this vulnerability.The specific flaw exists within the FileDownloadServlet. By specifying a filename including directory traversal, an attacker can read and then delete an arbitrary file on the system. The read and subsequent deletion will be performed under the context of SYSTEM. GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise are products of General Electric (GE). GE Digital Energy MDS PulseNET is a software application for monitoring industrial communications network equipment. MDS PulseNET Enterprise is one of the enterprise editions. This may aid in further attacks
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "mds pulsenet",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "3.1.3"
},
{
"_id": null,
"model": "mds pulsenet",
"scope": "lt",
"trust": 0.8,
"vendor": "general electric",
"version": "3.1.5"
},
{
"_id": null,
"model": "mds pulsenet",
"scope": "lt",
"trust": 0.8,
"vendor": "general electric",
"version": "enterprise 3.1.5"
},
{
"_id": null,
"model": "mds pulsenet",
"scope": null,
"trust": 0.7,
"vendor": "ge",
"version": null
},
{
"_id": null,
"model": "mds pulsenet",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
},
{
"_id": null,
"model": "mds pulsenet",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "3.1.3"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-439"
},
{
"db": "CNVD",
"id": "CNVD-2015-06254"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004925"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-379"
},
{
"db": "NVD",
"id": "CVE-2015-6459"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ge:mds_pulsenet",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004925"
}
]
},
"credits": {
"_id": null,
"data": "Andrea Micalizzi (rgod)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-439"
}
],
"trust": 0.7
},
"cve": "CVE-2015-6459",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-6459",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-6459",
"impactScore": 9.2,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-06254",
"impactScore": 9.2,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6459",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-6459",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2015-6459",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-06254",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-379",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-439"
},
{
"db": "CNVD",
"id": "CNVD-2015-06254"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004925"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-379"
},
{
"db": "NVD",
"id": "CVE-2015-6459"
}
]
},
"description": {
"_id": null,
"data": "Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname. Authentication is not required to exploit this vulnerability.The specific flaw exists within the FileDownloadServlet. By specifying a filename including directory traversal, an attacker can read and then delete an arbitrary file on the system. The read and subsequent deletion will be performed under the context of SYSTEM. GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise are products of General Electric (GE). GE Digital Energy MDS PulseNET is a software application for monitoring industrial communications network equipment. MDS PulseNET Enterprise is one of the enterprise editions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6459"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004925"
},
{
"db": "ZDI",
"id": "ZDI-15-439"
},
{
"db": "CNVD",
"id": "CNVD-2015-06254"
},
{
"db": "BID",
"id": "76756"
}
],
"trust": 3.06
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2015-6459",
"trust": 4.0
},
{
"db": "ICS CERT",
"id": "ICSA-15-258-03",
"trust": 3.0
},
{
"db": "ZDI",
"id": "ZDI-15-439",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004925",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2906",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-06254",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201509-379",
"trust": 0.6
},
{
"db": "BID",
"id": "76756",
"trust": 0.3
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-439"
},
{
"db": "CNVD",
"id": "CNVD-2015-06254"
},
{
"db": "BID",
"id": "76756"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004925"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-379"
},
{
"db": "NVD",
"id": "CVE-2015-6459"
}
]
},
"id": "VAR-201509-0299",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06254"
}
],
"trust": 1.1714286
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06254"
}
]
},
"last_update_date": "2025-04-13T23:25:12.417000Z",
"patch": {
"_id": null,
"data": [
{
"title": "MDS PulseNet Support Documents",
"trust": 0.8,
"url": "http://www.gedigitalenergy.com/app/resources.aspx?prod=pulsenet\u0026type=9"
},
{
"title": "GE has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-258-03"
},
{
"title": "Patch for GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise Absolute Path Traversal Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/64557"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-439"
},
{
"db": "CNVD",
"id": "CNVD-2015-06254"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004925"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004925"
},
{
"db": "NVD",
"id": "CVE-2015-6459"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-258-03"
},
{
"trust": 2.2,
"url": "http://zerodayinitiative.com/advisories/zdi-15-439/"
},
{
"trust": 1.6,
"url": "http://www.gedigitalenergy.com/app/resources.aspx?prod=pulsenet\u0026type=9"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6459"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6459"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-439"
},
{
"db": "CNVD",
"id": "CNVD-2015-06254"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004925"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-379"
},
{
"db": "NVD",
"id": "CVE-2015-6459"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-15-439",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2015-06254",
"ident": null
},
{
"db": "BID",
"id": "76756",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004925",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201509-379",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2015-6459",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2015-09-16T00:00:00",
"db": "ZDI",
"id": "ZDI-15-439",
"ident": null
},
{
"date": "2015-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06254",
"ident": null
},
{
"date": "2015-09-15T00:00:00",
"db": "BID",
"id": "76756",
"ident": null
},
{
"date": "2015-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004925",
"ident": null
},
{
"date": "2015-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-379",
"ident": null
},
{
"date": "2015-09-18T22:59:07.013000",
"db": "NVD",
"id": "CVE-2015-6459",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2015-09-16T00:00:00",
"db": "ZDI",
"id": "ZDI-15-439",
"ident": null
},
{
"date": "2015-09-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06254",
"ident": null
},
{
"date": "2015-11-03T19:14:00",
"db": "BID",
"id": "76756",
"ident": null
},
{
"date": "2015-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004925",
"ident": null
},
{
"date": "2015-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-379",
"ident": null
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-6459",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-379"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise Absolute Path Traversal Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06254"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-379"
}
],
"trust": 1.2
},
"type": {
"_id": null,
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-379"
}
],
"trust": 0.6
}
}
VAR-201508-0013
Vulnerability from variot - Updated: 2025-04-13 23:18GE Healthcare Infinia II has a default password of (1) infinia for the infinia user, (2) #bigguy1 for the acqservice user, (3) dont4get2 for the Administrator user, (4) #bigguy1 for the emergency user, and (5) 2Bfamous for the InfiniaAdmin user, which has unspecified impact and attack vectors. GE Healthcare Infinia II is a dual detector imaging system for the medical industry at General Electric (GE). An attacker could exploit this vulnerability to control the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0013",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "infinia ii",
"scope": "eq",
"trust": 1.0,
"vendor": "gehealthcare",
"version": "*"
},
{
"model": "infinia ii",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "healthcare infinia ii",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
},
{
"model": "infinia ii",
"scope": null,
"trust": 0.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "infinia ii",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05143"
},
{
"db": "BID",
"id": "76179"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003996"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-017"
},
{
"db": "NVD",
"id": "CVE-2006-7253"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:gehealthcare:infinia_ii_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003996"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven",
"sources": [
{
"db": "BID",
"id": "76179"
}
],
"trust": 0.3
},
"cve": "CVE-2006-7253",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2006-7253",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05143",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-7253",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2006-7253",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05143",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-017",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05143"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003996"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-017"
},
{
"db": "NVD",
"id": "CVE-2006-7253"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Infinia II has a default password of (1) infinia for the infinia user, (2) #bigguy1 for the acqservice user, (3) dont4get2 for the Administrator user, (4) #bigguy1 for the emergency user, and (5) 2Bfamous for the InfiniaAdmin user, which has unspecified impact and attack vectors. GE Healthcare Infinia II is a dual detector imaging system for the medical industry at General Electric (GE). An attacker could exploit this vulnerability to control the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-7253"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003996"
},
{
"db": "CNVD",
"id": "CNVD-2015-05143"
},
{
"db": "BID",
"id": "76179"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-7253",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003996",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05143",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-017",
"trust": 0.6
},
{
"db": "BID",
"id": "76179",
"trust": 0.3
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05143"
},
{
"db": "BID",
"id": "76179"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003996"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-017"
},
{
"db": "NVD",
"id": "CVE-2006-7253"
}
]
},
"id": "VAR-201508-0013",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05143"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05143"
}
]
},
"last_update_date": "2025-04-13T23:18:04.830000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Infinia II System Service Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/H-xw4100+Workstation.pdf?REQ=RAA\u0026DIRECTION=2411012-100\u0026FILENAME=H-xw4100%2BWorkstation.pdf\u0026FILEREV=6\u0026DOCREV_ORG=6"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003996"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003996"
},
{
"db": "NVD",
"id": "CVE-2006-7253"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 1.6,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 1.6,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/h-xw4100+workstation.pdf?req=raa\u0026direction=2411012-100\u0026filename=h-xw4100%2bworkstation.pdf\u0026filerev=6\u0026docrev_org=6"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-7253"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-7253"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en/products/categories/goldseal_-_refurbished_systems/goldseal_nuclear_medicine/goldseal_infinia_ii"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05143"
},
{
"db": "BID",
"id": "76179"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003996"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-017"
},
{
"db": "NVD",
"id": "CVE-2006-7253"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05143"
},
{
"db": "BID",
"id": "76179"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003996"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-017"
},
{
"db": "NVD",
"id": "CVE-2006-7253"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05143"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76179"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003996"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-017"
},
{
"date": "2015-08-04T14:59:06.237000",
"db": "NVD",
"id": "CVE-2006-7253"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05143"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76179"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003996"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-017"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2006-7253"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-017"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Infinia II Trust Management Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05143"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-017"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-017"
}
],
"trust": 0.6
}
}
VAR-201508-0009
Vulnerability from variot - Updated: 2025-04-13 23:04The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of (1) operator for the root account, (2) adw2.0 for the admin account, and (3) adw2.0 for the sdc account, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value. GE Healthcare CADStream Server is a suite of applications for the medical industry that provide automated analysis and reporting for magnetic resonance imaging. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. An attacker could exploit this vulnerability to take control of the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0009",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "optima mr360",
"scope": "eq",
"trust": 1.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "optima mr360",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "optima mr360",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
},
{
"model": "optima mr360",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05173"
},
{
"db": "BID",
"id": "76248"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004014"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-021"
},
{
"db": "NVD",
"id": "CVE-2010-5307"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:gehealthcare:optima_mr360_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004014"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven",
"sources": [
{
"db": "BID",
"id": "76248"
}
],
"trust": 0.3
},
"cve": "CVE-2010-5307",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2010-5307",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05173",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-47912",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-5307",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2010-5307",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05173",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-021",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-47912",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05173"
},
{
"db": "VULHUB",
"id": "VHN-47912"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004014"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-021"
},
{
"db": "NVD",
"id": "CVE-2010-5307"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of (1) operator for the root account, (2) adw2.0 for the admin account, and (3) adw2.0 for the sdc account, which has unspecified impact and attack vectors. NOTE: it is not clear whether these passwords are default, hardcoded, or dependent on another system or product that requires a fixed value. GE Healthcare CADStream Server is a suite of applications for the medical industry that provide automated analysis and reporting for magnetic resonance imaging. \nRemote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. An attacker could exploit this vulnerability to take control of the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-5307"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004014"
},
{
"db": "CNVD",
"id": "CNVD-2015-05173"
},
{
"db": "BID",
"id": "76248"
},
{
"db": "VULHUB",
"id": "VHN-47912"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-5307",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004014",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-021",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-05173",
"trust": 0.6
},
{
"db": "BID",
"id": "76248",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-47912",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05173"
},
{
"db": "VULHUB",
"id": "VHN-47912"
},
{
"db": "BID",
"id": "76248"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004014"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-021"
},
{
"db": "NVD",
"id": "CVE-2010-5307"
}
]
},
"id": "VAR-201508-0009",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-47912"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:04:05.910000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Optima MR360 1.5T MR system Operator Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA\u0026DIRECTION=5339461-1EN\u0026FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004014"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-47912"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004014"
},
{
"db": "NVD",
"id": "CVE-2010-5307"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 1.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 1.7,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 1.6,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/mr360+operator+manual+paper.pdf?req=raa\u0026direction=5339461-1en\u0026filename=mr360%2boperator%2bmanual%2bpaper.pdf\u0026filerev=4\u0026docrev_org=4"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5307"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-5307"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en"
},
{
"trust": 0.1,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/mr360+operator+manual+paper.pdf?req=raa\u0026amp;direction=5339461-1en\u0026amp;filename=mr360%2boperator%2bmanual%2bpaper.pdf\u0026amp;filerev=4\u0026amp;docrev_org=4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05173"
},
{
"db": "VULHUB",
"id": "VHN-47912"
},
{
"db": "BID",
"id": "76248"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004014"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-021"
},
{
"db": "NVD",
"id": "CVE-2010-5307"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05173"
},
{
"db": "VULHUB",
"id": "VHN-47912"
},
{
"db": "BID",
"id": "76248"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004014"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-021"
},
{
"db": "NVD",
"id": "CVE-2010-5307"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05173"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-47912"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76248"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004014"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-021"
},
{
"date": "2015-08-04T14:59:10.517000",
"db": "NVD",
"id": "CVE-2010-5307"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05173"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULHUB",
"id": "VHN-47912"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76248"
},
{
"date": "2018-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004014"
},
{
"date": "2015-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-021"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2010-5307"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-021"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Optima MR360 of HIPAA Vulnerability in configuration interface",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004014"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-021"
}
],
"trust": 0.6
}
}
VAR-201508-0003
Vulnerability from variot - Updated: 2025-04-13 23:04GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) "2" for the LOCAL user of the FTP server for the Codonics printer, which has unspecified impact and attack vectors. GE Healthcare Discovery VH is a dual-detection gamma camera from General Electric (GE) of the United States for full-body scanning of patients in the medical industry and providing superior image quality. An attacker could exploit this vulnerability to control the device. GE Healthcare Discovery VH is prone to an insecure default-password vulnerability. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0003",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "discovery vh",
"scope": "eq",
"trust": 1.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "discovery vh",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "healthcare discovery vh",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
},
{
"model": "discovery vh",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05145"
},
{
"db": "BID",
"id": "76278"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003994"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-015"
},
{
"db": "NVD",
"id": "CVE-2003-1603"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:gehealthcare:discovery_vh",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003994"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven",
"sources": [
{
"db": "BID",
"id": "76278"
}
],
"trust": 0.3
},
"cve": "CVE-2003-1603",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2003-1603",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05145",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2003-1603",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2003-1603",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05145",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-015",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05145"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003994"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-015"
},
{
"db": "NVD",
"id": "CVE-2003-1603"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) \"2\" for the LOCAL user of the FTP server for the Codonics printer, which has unspecified impact and attack vectors. GE Healthcare Discovery VH is a dual-detection gamma camera from General Electric (GE) of the United States for full-body scanning of patients in the medical industry and providing superior image quality. An attacker could exploit this vulnerability to control the device. GE Healthcare Discovery VH is prone to an insecure default-password vulnerability. \nRemote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-1603"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003994"
},
{
"db": "CNVD",
"id": "CNVD-2015-05145"
},
{
"db": "BID",
"id": "76278"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2003-1603",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003994",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05145",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-015",
"trust": 0.6
},
{
"db": "BID",
"id": "76278",
"trust": 0.3
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05145"
},
{
"db": "BID",
"id": "76278"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003994"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-015"
},
{
"db": "NVD",
"id": "CVE-2003-1603"
}
]
},
"id": "VAR-201508-0003",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05145"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05145"
}
]
},
"last_update_date": "2025-04-13T23:04:05.877000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Discovery VH System Service Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/2337093-100.pdf?REQ=RAA\u0026DIRECTION=2337093-100\u0026FILENAME=2337093-100.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003994"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003994"
},
{
"db": "NVD",
"id": "CVE-2003-1603"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 1.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 1.6,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/2337093-100.pdf?req=raa\u0026direction=2337093-100\u0026filename=2337093-100.pdf\u0026filerev=1\u0026docrev_org=1"
},
{
"trust": 1.6,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-1603"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2003-1603"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05145"
},
{
"db": "BID",
"id": "76278"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003994"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-015"
},
{
"db": "NVD",
"id": "CVE-2003-1603"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05145"
},
{
"db": "BID",
"id": "76278"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003994"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-015"
},
{
"db": "NVD",
"id": "CVE-2003-1603"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05145"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76278"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003994"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-015"
},
{
"date": "2015-08-04T14:59:04.127000",
"db": "NVD",
"id": "CVE-2003-1603"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05145"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76278"
},
{
"date": "2018-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003994"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-015"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2003-1603"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-015"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Discovery VH Trust Management Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05145"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-015"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-015"
}
],
"trust": 0.6
}
}
VAR-201508-0011
Vulnerability from variot - Updated: 2025-04-13 23:04GE Healthcare CADStream Server has a default password of confirma for the admin user, which has unspecified impact and attack vectors. GE Healthcare CADStream Server is a suite of applications for the medical industry that provide automated analysis and reporting for magnetic resonance imaging.
GE Healthcare CADStream Server has built-in accounts. The admin uses a 'confirma' password, allowing remote attackers to use these accounts to control the device. An attacker can exploit this issue to gain unauthorized access to the affected device. Successful exploits will result in the complete compromise of the affected device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0011",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cadstream server",
"scope": "eq",
"trust": 1.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "cadstream server",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "cadstream server",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
},
{
"model": "cadstream server",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05171"
},
{
"db": "BID",
"id": "76185"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004016"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-023"
},
{
"db": "NVD",
"id": "CVE-2010-5309"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:gehealthcare:cadstream_server_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004016"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven",
"sources": [
{
"db": "BID",
"id": "76185"
}
],
"trust": 0.3
},
"cve": "CVE-2010-5309",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2010-5309",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05171",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-47914",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-5309",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2010-5309",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05171",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-023",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-47914",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2010-5309",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05171"
},
{
"db": "VULHUB",
"id": "VHN-47914"
},
{
"db": "VULMON",
"id": "CVE-2010-5309"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004016"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-023"
},
{
"db": "NVD",
"id": "CVE-2010-5309"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare CADStream Server has a default password of confirma for the admin user, which has unspecified impact and attack vectors. GE Healthcare CADStream Server is a suite of applications for the medical industry that provide automated analysis and reporting for magnetic resonance imaging. \n\nGE Healthcare CADStream Server has built-in accounts. The admin uses a \u0027confirma\u0027 password, allowing remote attackers to use these accounts to control the device. \nAn attacker can exploit this issue to gain unauthorized access to the affected device. Successful exploits will result in the complete compromise of the affected device",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-5309"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004016"
},
{
"db": "CNVD",
"id": "CNVD-2015-05171"
},
{
"db": "BID",
"id": "76185"
},
{
"db": "VULHUB",
"id": "VHN-47914"
},
{
"db": "VULMON",
"id": "CVE-2010-5309"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-5309",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004016",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-023",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-05171",
"trust": 0.6
},
{
"db": "BID",
"id": "76185",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-47914",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2010-5309",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05171"
},
{
"db": "VULHUB",
"id": "VHN-47914"
},
{
"db": "VULMON",
"id": "CVE-2010-5309"
},
{
"db": "BID",
"id": "76185"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004016"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-023"
},
{
"db": "NVD",
"id": "CVE-2010-5309"
}
]
},
"id": "VAR-201508-0011",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-47914"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:04:05.809000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Optima MR360 1.5T MR system Operator Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/MR360+operator+manual+paper.pdf?REQ=RAA\u0026DIRECTION=5339461-1EN\u0026FILENAME=MR360%2Boperator%2Bmanual%2Bpaper.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004016"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-47914"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004016"
},
{
"db": "NVD",
"id": "CVE-2010-5309"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 2.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 1.8,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 1.7,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/mr360+operator+manual+paper.pdf?req=raa\u0026direction=5339461-1en\u0026filename=mr360%2boperator%2bmanual%2bpaper.pdf\u0026filerev=4\u0026docrev_org=4"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5309"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-5309"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en/global_gateway"
},
{
"trust": 0.1,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/mr360+operator+manual+paper.pdf?req=raa\u0026amp;direction=5339461-1en\u0026amp;filename=mr360%2boperator%2bmanual%2bpaper.pdf\u0026amp;filerev=4\u0026amp;docrev_org=4"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05171"
},
{
"db": "VULHUB",
"id": "VHN-47914"
},
{
"db": "VULMON",
"id": "CVE-2010-5309"
},
{
"db": "BID",
"id": "76185"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004016"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-023"
},
{
"db": "NVD",
"id": "CVE-2010-5309"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05171"
},
{
"db": "VULHUB",
"id": "VHN-47914"
},
{
"db": "VULMON",
"id": "CVE-2010-5309"
},
{
"db": "BID",
"id": "76185"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004016"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-023"
},
{
"db": "NVD",
"id": "CVE-2010-5309"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05171"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-47914"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2010-5309"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76185"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004016"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-023"
},
{
"date": "2015-08-04T14:59:12.457000",
"db": "NVD",
"id": "CVE-2010-5309"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05171"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULHUB",
"id": "VHN-47914"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULMON",
"id": "CVE-2010-5309"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76185"
},
{
"date": "2018-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004016"
},
{
"date": "2015-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-023"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2010-5309"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-023"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare CADStream Server Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004016"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-023"
}
],
"trust": 0.6
}
}
VAR-201508-0018
Vulnerability from variot - Updated: 2025-04-13 23:04GE Healthcare Centricity PACS 4.0 Server has a default password of (1) nasro for the nasro (ReadOnly) user and (2) nasrw for the nasrw (Read/Write) user, which has unspecified impact and attack vectors. GE Healthcare Centricity PACS is the company's image archiving and transmission system for the medical industry. Attackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0018",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "centricity pacs server",
"scope": "eq",
"trust": 1.6,
"vendor": "gehealthcare",
"version": "4.0"
},
{
"model": "centricity pacs",
"scope": "eq",
"trust": 0.8,
"vendor": "ge healthcare",
"version": "4.0"
},
{
"model": "centricity pacs",
"scope": "eq",
"trust": 0.6,
"vendor": "general electric",
"version": "4.0"
},
{
"model": "centricity pacs",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "4.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05168"
},
{
"db": "BID",
"id": "76183"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004004"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-029"
},
{
"db": "NVD",
"id": "CVE-2012-6693"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:gehealthcare:centricity_pacs_workstation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004004"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven",
"sources": [
{
"db": "BID",
"id": "76183"
}
],
"trust": 0.3
},
"cve": "CVE-2012-6693",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2012-6693",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05168",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-6693",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2012-6693",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05168",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-029",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05168"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004004"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-029"
},
{
"db": "NVD",
"id": "CVE-2012-6693"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Centricity PACS 4.0 Server has a default password of (1) nasro for the nasro (ReadOnly) user and (2) nasrw for the nasrw (Read/Write) user, which has unspecified impact and attack vectors. GE Healthcare Centricity PACS is the company\u0027s image archiving and transmission system for the medical industry. \nAttackers can exploit this issue to bypass the authentication mechanism and gain access to the vulnerable device",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-6693"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004004"
},
{
"db": "CNVD",
"id": "CNVD-2015-05168"
},
{
"db": "BID",
"id": "76183"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-6693",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004004",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05168",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-029",
"trust": 0.6
},
{
"db": "BID",
"id": "76183",
"trust": 0.3
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05168"
},
{
"db": "BID",
"id": "76183"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004004"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-029"
},
{
"db": "NVD",
"id": "CVE-2012-6693"
}
]
},
"id": "VAR-201508-0018",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2025-04-13T23:04:05.717000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Centricity PACS Workstation Installation and Service Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA\u0026DIRECTION=2069560-001\u0026FILENAME=C401_WS_INST_SV_2069560001r1.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
},
{
"title": "Centricity PACS Servers Service Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/C4x_SRV_SVC_2063464-001r2.pdf?REQ=RAA\u0026DIRECTION=2063464-001\u0026FILENAME=C4x_SRV_SVC_2063464-001r2.pdf\u0026FILEREV=2\u0026DOCREV_ORG=2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004004"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004004"
},
{
"db": "NVD",
"id": "CVE-2012-6693"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 1.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 1.6,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 1.6,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/c401_ws_inst_sv_2069560001r1.pdf?req=raa\u0026direction=2069560-001\u0026filename=c401_ws_inst_sv_2069560001r1.pdf\u0026filerev=1\u0026docrev_org=1"
},
{
"trust": 1.6,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/c4x_srv_svc_2063464-001r2.pdf?req=raa\u0026direction=2063464-001\u0026filename=c4x_srv_svc_2063464-001r2.pdf\u0026filerev=2\u0026docrev_org=2"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6693"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6693"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.in/en/products/categories/healthcare_it/medical_imaging_informatics_-_ris-pacs-cvis/centricity_pacs"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05168"
},
{
"db": "BID",
"id": "76183"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004004"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-029"
},
{
"db": "NVD",
"id": "CVE-2012-6693"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05168"
},
{
"db": "BID",
"id": "76183"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004004"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-029"
},
{
"db": "NVD",
"id": "CVE-2012-6693"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05168"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76183"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004004"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-029"
},
{
"date": "2015-08-04T14:59:18.643000",
"db": "NVD",
"id": "CVE-2012-6693"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05168"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76183"
},
{
"date": "2018-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004004"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-029"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2012-6693"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-029"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Centricity PACS Server vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004004"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-029"
}
],
"trust": 0.6
}
}
VAR-201508-0006
Vulnerability from variot - Updated: 2025-04-13 23:04GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite.genieacq for the insite account that cannot be changed without disabling product functionality for remote InSite support, which has unspecified impact and attack vectors. GE Healthcare Millennium MG, NC and MyoSIGHT are all US Scandinavian (GE) scanning camera products for the medical industry. An attacker could exploit this vulnerability to control the device. Multiple GE Healthcare Products are prone to an insecure default-password vulnerability. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0006",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "millennium myosight",
"scope": "eq",
"trust": 1.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "millennium nc",
"scope": "eq",
"trust": 1.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "millennium mg",
"scope": "eq",
"trust": 1.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "millennium mg",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "millennium myosight",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "millennium nc",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "healthcare millennium mg/nc/myosight",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
},
{
"model": "millennium nc",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
},
{
"model": "millennium myosight",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
},
{
"model": "millennium mg",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05132"
},
{
"db": "BID",
"id": "76277"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003993"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-014"
},
{
"db": "NVD",
"id": "CVE-2002-2446"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:gehealthcare:millennium_mg_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:gehealthcare:millennium_myosight_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:gehealthcare:millennium_nc_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003993"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven of Protiviti.",
"sources": [
{
"db": "BID",
"id": "76277"
}
],
"trust": 0.3
},
"cve": "CVE-2002-2446",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2002-2446",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05132",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-6829",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-2446",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2002-2446",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05132",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-014",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-6829",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2002-2446",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05132"
},
{
"db": "VULHUB",
"id": "VHN-6829"
},
{
"db": "VULMON",
"id": "CVE-2002-2446"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003993"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-014"
},
{
"db": "NVD",
"id": "CVE-2002-2446"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite.genieacq for the insite account that cannot be changed without disabling product functionality for remote InSite support, which has unspecified impact and attack vectors. GE Healthcare Millennium MG, NC and MyoSIGHT are all US Scandinavian (GE) scanning camera products for the medical industry. An attacker could exploit this vulnerability to control the device. Multiple GE Healthcare Products are prone to an insecure default-password vulnerability. \nRemote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-2446"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003993"
},
{
"db": "CNVD",
"id": "CNVD-2015-05132"
},
{
"db": "BID",
"id": "76277"
},
{
"db": "VULHUB",
"id": "VHN-6829"
},
{
"db": "VULMON",
"id": "CVE-2002-2446"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2002-2446",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003993",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-05132",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201508-014",
"trust": 0.6
},
{
"db": "BID",
"id": "76277",
"trust": 0.5
},
{
"db": "VULHUB",
"id": "VHN-6829",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2002-2446",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05132"
},
{
"db": "VULHUB",
"id": "VHN-6829"
},
{
"db": "VULMON",
"id": "CVE-2002-2446"
},
{
"db": "BID",
"id": "76277"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003993"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-014"
},
{
"db": "NVD",
"id": "CVE-2002-2446"
}
]
},
"id": "VAR-201508-0006",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05132"
},
{
"db": "VULHUB",
"id": "VHN-6829"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05132"
}
]
},
"last_update_date": "2025-04-13T23:04:05.648000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Millennium MyoSIGHT Nuclear Medicine Imaging System Service Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/2354459-100.pdf?REQ=RAA\u0026DIRECTION=2354459-100\u0026FILENAME=2354459-100.pdf\u0026FILEREV=4\u0026DOCREV_ORG=4"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www3.gehealthcare.com/en/global_gateway"
},
{
"title": "Millenium MG \u0026 MC Nuclear Medicine Imaging System Service Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/2338955-100.pdf?REQ=RAA\u0026DIRECTION=2338955-100\u0026FILENAME=2338955-100.pdf\u0026FILEREV=1\u0026DOCREV_ORG=1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003993"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6829"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003993"
},
{
"db": "NVD",
"id": "CVE-2002-2446"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 2.4,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 2.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 1.7,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/2338955-100.pdf?req=raa\u0026direction=2338955-100\u0026filename=2338955-100.pdf\u0026filerev=1\u0026docrev_org=1"
},
{
"trust": 1.7,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/2354459-100.pdf?req=raa\u0026direction=2354459-100\u0026filename=2354459-100.pdf\u0026filerev=4\u0026docrev_org=4"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-2446"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2002-2446"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en/global_gateway"
},
{
"trust": 0.1,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/2338955-100.pdf?req=raa\u0026amp;direction=2338955-100\u0026amp;filename=2338955-100.pdf\u0026amp;filerev=1\u0026amp;docrev_org=1"
},
{
"trust": 0.1,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/2354459-100.pdf?req=raa\u0026amp;direction=2354459-100\u0026amp;filename=2354459-100.pdf\u0026amp;filerev=4\u0026amp;docrev_org=4"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/76277"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05132"
},
{
"db": "VULHUB",
"id": "VHN-6829"
},
{
"db": "VULMON",
"id": "CVE-2002-2446"
},
{
"db": "BID",
"id": "76277"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003993"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-014"
},
{
"db": "NVD",
"id": "CVE-2002-2446"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05132"
},
{
"db": "VULHUB",
"id": "VHN-6829"
},
{
"db": "VULMON",
"id": "CVE-2002-2446"
},
{
"db": "BID",
"id": "76277"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003993"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-014"
},
{
"db": "NVD",
"id": "CVE-2002-2446"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05132"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-6829"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2002-2446"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76277"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003993"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-014"
},
{
"date": "2015-08-04T14:59:02.877000",
"db": "NVD",
"id": "CVE-2002-2446"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05132"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULHUB",
"id": "VHN-6829"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULMON",
"id": "CVE-2002-2446"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76277"
},
{
"date": "2018-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003993"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-014"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2002-2446"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-014"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural GE Healthcare Millennium Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003993"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-014"
}
],
"trust": 0.6
}
}
VAR-201508-0007
Vulnerability from variot - Updated: 2025-04-13 23:04GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound Database, and possibly (4) gemnet2002 for the gemnet2002 account of the GEMNet license server, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. An attacker could use this vulnerability to control the device. Remote attackers with knowledge of the default credentials may exploit these vulnerabilities to gain unauthorized access and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0007",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "centricity image vault",
"scope": "eq",
"trust": 1.0,
"vendor": "gehealthcare",
"version": "*"
},
{
"model": "centricity cardiology image vault",
"scope": "eq",
"trust": 0.8,
"vendor": "ge healthcare",
"version": "3.x"
},
{
"model": "healthcare centricity image vault",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
},
{
"model": "centricity image vault",
"scope": null,
"trust": 0.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "centricity image vault",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "3.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05144"
},
{
"db": "BID",
"id": "76279"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003995"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-016"
},
{
"db": "NVD",
"id": "CVE-2004-2777"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:gehealthcare:centricity_image_vault_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003995"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven of Protiviti.",
"sources": [
{
"db": "BID",
"id": "76279"
}
],
"trust": 0.3
},
"cve": "CVE-2004-2777",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2004-2777",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05144",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-11205",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2004-2777",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2004-2777",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05144",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-016",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-11205",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2004-2777",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05144"
},
{
"db": "VULHUB",
"id": "VHN-11205"
},
{
"db": "VULMON",
"id": "CVE-2004-2777"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003995"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-016"
},
{
"db": "NVD",
"id": "CVE-2004-2777"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound Database, and possibly (4) gemnet2002 for the gemnet2002 account of the GEMNet license server, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. An attacker could use this vulnerability to control the device. \nRemote attackers with knowledge of the default credentials may exploit these vulnerabilities to gain unauthorized access and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2777"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003995"
},
{
"db": "CNVD",
"id": "CNVD-2015-05144"
},
{
"db": "BID",
"id": "76279"
},
{
"db": "VULHUB",
"id": "VHN-11205"
},
{
"db": "VULMON",
"id": "CVE-2004-2777"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2004-2777",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003995",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-016",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-05144",
"trust": 0.6
},
{
"db": "BID",
"id": "76279",
"trust": 0.5
},
{
"db": "VULHUB",
"id": "VHN-11205",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2004-2777",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05144"
},
{
"db": "VULHUB",
"id": "VHN-11205"
},
{
"db": "VULMON",
"id": "CVE-2004-2777"
},
{
"db": "BID",
"id": "76279"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003995"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-016"
},
{
"db": "NVD",
"id": "CVE-2004-2777"
}
]
},
"id": "VAR-201508-0007",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05144"
},
{
"db": "VULHUB",
"id": "VHN-11205"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05144"
}
]
},
"last_update_date": "2025-04-13T23:04:05.610000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Centricity Cardiology Image Vault Service Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/2010564-002E.pdf?REQ=RAA\u0026DIRECTION=2010564-002\u0026FILENAME=2010564-002E.pdf\u0026FILEREV=E\u0026DOCREV_ORG=E"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003995"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-11205"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003995"
},
{
"db": "NVD",
"id": "CVE-2004-2777"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 2.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 2.0,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/2010564-002e.pdf?req=raa\u0026direction=2010564-002\u0026filename=2010564-002e.pdf\u0026filerev=e\u0026docrev_org=e"
},
{
"trust": 1.8,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-2777"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2004-2777"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en/global_gateway"
},
{
"trust": 0.1,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/2010564-002e.pdf?req=raa\u0026amp;direction=2010564-002\u0026amp;filename=2010564-002e.pdf\u0026amp;filerev=e\u0026amp;docrev_org=e"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/76279"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05144"
},
{
"db": "VULHUB",
"id": "VHN-11205"
},
{
"db": "VULMON",
"id": "CVE-2004-2777"
},
{
"db": "BID",
"id": "76279"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003995"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-016"
},
{
"db": "NVD",
"id": "CVE-2004-2777"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05144"
},
{
"db": "VULHUB",
"id": "VHN-11205"
},
{
"db": "VULMON",
"id": "CVE-2004-2777"
},
{
"db": "BID",
"id": "76279"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003995"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-016"
},
{
"db": "NVD",
"id": "CVE-2004-2777"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05144"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-11205"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2004-2777"
},
{
"date": "2015-07-10T00:00:00",
"db": "BID",
"id": "76279"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003995"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-016"
},
{
"date": "2015-08-04T14:59:05.237000",
"db": "NVD",
"id": "CVE-2004-2777"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05144"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULHUB",
"id": "VHN-11205"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULMON",
"id": "CVE-2004-2777"
},
{
"date": "2015-07-10T00:00:00",
"db": "BID",
"id": "76279"
},
{
"date": "2018-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003995"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-016"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2004-2777"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-016"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Centricity Image Vault Trust Management Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05144"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-016"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-016"
}
],
"trust": 0.6
}
}
VAR-201508-0001
Vulnerability from variot - Updated: 2025-04-13 23:04GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of Muse!Admin for the Museadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. An attacker could use this vulnerability to control the device. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0001",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "centricity dms",
"scope": "eq",
"trust": 1.9,
"vendor": "gehealthcare",
"version": "4.2"
},
{
"model": "centricity dms",
"scope": "eq",
"trust": 1.9,
"vendor": "gehealthcare",
"version": "4.1"
},
{
"model": "centricity dms",
"scope": "eq",
"trust": 1.9,
"vendor": "gehealthcare",
"version": "4.0"
},
{
"model": "centricity cardiology data management system",
"scope": "eq",
"trust": 0.8,
"vendor": "ge healthcare",
"version": "4.0"
},
{
"model": "centricity cardiology data management system",
"scope": "eq",
"trust": 0.8,
"vendor": "ge healthcare",
"version": "4.1"
},
{
"model": "centricity cardiology data management system",
"scope": "eq",
"trust": 0.8,
"vendor": "ge healthcare",
"version": "4.2"
},
{
"model": "healthcare centricity dms",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05142"
},
{
"db": "BID",
"id": "76263"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003997"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-018"
},
{
"db": "NVD",
"id": "CVE-2007-6757"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:gehealthcare:centricity_dms_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003997"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven of Protiviti.",
"sources": [
{
"db": "BID",
"id": "76263"
}
],
"trust": 0.3
},
"cve": "CVE-2007-6757",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2007-6757",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05142",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-30119",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-6757",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2007-6757",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05142",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-018",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-30119",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2007-6757",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05142"
},
{
"db": "VULHUB",
"id": "VHN-30119"
},
{
"db": "VULMON",
"id": "CVE-2007-6757"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003997"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-018"
},
{
"db": "NVD",
"id": "CVE-2007-6757"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of Muse!Admin for the Museadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. An attacker could use this vulnerability to control the device. \nRemote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-6757"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003997"
},
{
"db": "CNVD",
"id": "CNVD-2015-05142"
},
{
"db": "BID",
"id": "76263"
},
{
"db": "VULHUB",
"id": "VHN-30119"
},
{
"db": "VULMON",
"id": "CVE-2007-6757"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-6757",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003997",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-018",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-05142",
"trust": 0.6
},
{
"db": "BID",
"id": "76263",
"trust": 0.5
},
{
"db": "VULHUB",
"id": "VHN-30119",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2007-6757",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05142"
},
{
"db": "VULHUB",
"id": "VHN-30119"
},
{
"db": "VULMON",
"id": "CVE-2007-6757"
},
{
"db": "BID",
"id": "76263"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003997"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-018"
},
{
"db": "NVD",
"id": "CVE-2007-6757"
}
]
},
"id": "VAR-201508-0001",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05142"
},
{
"db": "VULHUB",
"id": "VHN-30119"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05142"
}
]
},
"last_update_date": "2025-04-13T23:04:05.572000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Centricity Cardiology Data Management System System Management Manual Software Version 4.1",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/2019295-133G.pdf?REQ=RAA\u0026DIRECTION=2019295-133\u0026FILENAME=2019295-133G.pdf\u0026FILEREV=G\u0026DOCREV_ORG=G"
},
{
"title": "Centricity Cardiology Data Management System System Management Manual Software Version 4.0",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/2019295-133D.pdf?REQ=RAA\u0026DIRECTION=2019295-133D\u0026FILENAME=2019295-133D.pdf\u0026FILEREV=D\u0026DOCREV_ORG=D"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003997"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30119"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003997"
},
{
"db": "NVD",
"id": "CVE-2007-6757"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 2.4,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 2.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 1.7,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/2019295-133d.pdf?req=raa\u0026direction=2019295-133d\u0026filename=2019295-133d.pdf\u0026filerev=d\u0026docrev_org=d"
},
{
"trust": 1.7,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/2019295-133g.pdf?req=raa\u0026direction=2019295-133\u0026filename=2019295-133g.pdf\u0026filerev=g\u0026docrev_org=g"
},
{
"trust": 1.7,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/dms+sys+mgmt+manual.pdf?req=raa\u0026direction=doc1258180\u0026filename=dms%2bsys%2bmgmt%2bmanual.pdf\u0026filerev=3\u0026docrev_org=3"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6757"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6757"
},
{
"trust": 0.3,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/2019295-133d.pdf?docclass=a\u0026req=rac\u0026direction=2019295-133d\u0026filename=2019295-133d.pdf\u0026filerev=d\u0026docrev_org=d\u0026submit=+accept+"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en/global_gateway"
},
{
"trust": 0.1,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/2019295-133d.pdf?req=raa\u0026amp;direction=2019295-133d\u0026amp;filename=2019295-133d.pdf\u0026amp;filerev=d\u0026amp;docrev_org=d"
},
{
"trust": 0.1,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/2019295-133g.pdf?req=raa\u0026amp;direction=2019295-133\u0026amp;filename=2019295-133g.pdf\u0026amp;filerev=g\u0026amp;docrev_org=g"
},
{
"trust": 0.1,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/dms+sys+mgmt+manual.pdf?req=raa\u0026amp;direction=doc1258180\u0026amp;filename=dms%2bsys%2bmgmt%2bmanual.pdf\u0026amp;filerev=3\u0026amp;docrev_org=3"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/76263"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05142"
},
{
"db": "VULHUB",
"id": "VHN-30119"
},
{
"db": "VULMON",
"id": "CVE-2007-6757"
},
{
"db": "BID",
"id": "76263"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003997"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-018"
},
{
"db": "NVD",
"id": "CVE-2007-6757"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05142"
},
{
"db": "VULHUB",
"id": "VHN-30119"
},
{
"db": "VULMON",
"id": "CVE-2007-6757"
},
{
"db": "BID",
"id": "76263"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003997"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-018"
},
{
"db": "NVD",
"id": "CVE-2007-6757"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05142"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-30119"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2007-6757"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76263"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003997"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-018"
},
{
"date": "2015-08-04T14:59:07.300000",
"db": "NVD",
"id": "CVE-2007-6757"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05142"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULHUB",
"id": "VHN-30119"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULMON",
"id": "CVE-2007-6757"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76263"
},
{
"date": "2018-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003997"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-018"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2007-6757"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-018"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Centricity DMS Trust Management Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05142"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-018"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-018"
}
],
"trust": 0.6
}
}
VAR-201508-0002
Vulnerability from variot - Updated: 2025-04-13 23:04GE Healthcare Discovery 530C has a password of #bigguy1 for the (1) acqservice user and (2) wsservice user of the Xeleris System, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. GE Healthcare Discovery 530C is a suite of applications for the medical industry that provide automated analysis and reporting for magnetic resonance imaging.
GE Healthcare Discovery 530C has built-in accounts. The acqservice user and the Xeleris System wsservice user ‘# bigguy1’ are used as passwords, allowing remote attackers to use these accounts to control devices. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. An attacker could exploit this vulnerability to take control of the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0002",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "discovery 530c",
"scope": "eq",
"trust": 1.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "discovery nm 530c",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "discovery 530c",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
},
{
"model": "discovery 530c",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05167"
},
{
"db": "BID",
"id": "76261"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003998"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-019"
},
{
"db": "NVD",
"id": "CVE-2009-5143"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:gehealthcare:discovery_530c_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003998"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven",
"sources": [
{
"db": "BID",
"id": "76261"
}
],
"trust": 0.3
},
"cve": "CVE-2009-5143",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2009-5143",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05167",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-42589",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-5143",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2009-5143",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05167",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-019",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-42589",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2009-5143",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05167"
},
{
"db": "VULHUB",
"id": "VHN-42589"
},
{
"db": "VULMON",
"id": "CVE-2009-5143"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003998"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-019"
},
{
"db": "NVD",
"id": "CVE-2009-5143"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Discovery 530C has a password of #bigguy1 for the (1) acqservice user and (2) wsservice user of the Xeleris System, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value. GE Healthcare Discovery 530C is a suite of applications for the medical industry that provide automated analysis and reporting for magnetic resonance imaging. \n\nGE Healthcare Discovery 530C has built-in accounts. The acqservice user and the Xeleris System wsservice user \u2018# bigguy1\u2019 are used as passwords, allowing remote attackers to use these accounts to control devices. \nRemote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. An attacker could exploit this vulnerability to take control of the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-5143"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003998"
},
{
"db": "CNVD",
"id": "CNVD-2015-05167"
},
{
"db": "BID",
"id": "76261"
},
{
"db": "VULHUB",
"id": "VHN-42589"
},
{
"db": "VULMON",
"id": "CVE-2009-5143"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-5143",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003998",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-019",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-05167",
"trust": 0.6
},
{
"db": "BID",
"id": "76261",
"trust": 0.5
},
{
"db": "VULHUB",
"id": "VHN-42589",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2009-5143",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05167"
},
{
"db": "VULHUB",
"id": "VHN-42589"
},
{
"db": "VULMON",
"id": "CVE-2009-5143"
},
{
"db": "BID",
"id": "76261"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003998"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-019"
},
{
"db": "NVD",
"id": "CVE-2009-5143"
}
]
},
"id": "VAR-201508-0002",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-42589"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:04:05.504000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Discovery NM 530c Nuclear Medicine Imaging System Installation Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/5323167-1EN_r2.pdf?REQ=RAA\u0026DIRECTION=5323167-1EN\u0026FILENAME=5323167-1EN_r2.pdf\u0026FILEREV=2\u0026DOCREV_ORG=2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003998"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-42589"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003998"
},
{
"db": "NVD",
"id": "CVE-2009-5143"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 2.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 1.8,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 1.7,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/5323167-1en_r2.pdf?req=raa\u0026direction=5323167-1en\u0026filename=5323167-1en_r2.pdf\u0026filerev=2\u0026docrev_org=2"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-5143"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-5143"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en"
},
{
"trust": 0.1,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/5323167-1en_r2.pdf?req=raa\u0026amp;direction=5323167-1en\u0026amp;filename=5323167-1en_r2.pdf\u0026amp;filerev=2\u0026amp;docrev_org=2"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/76261"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05167"
},
{
"db": "VULHUB",
"id": "VHN-42589"
},
{
"db": "VULMON",
"id": "CVE-2009-5143"
},
{
"db": "BID",
"id": "76261"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003998"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-019"
},
{
"db": "NVD",
"id": "CVE-2009-5143"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05167"
},
{
"db": "VULHUB",
"id": "VHN-42589"
},
{
"db": "VULMON",
"id": "CVE-2009-5143"
},
{
"db": "BID",
"id": "76261"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003998"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-019"
},
{
"db": "NVD",
"id": "CVE-2009-5143"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05167"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-42589"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2009-5143"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76261"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003998"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-019"
},
{
"date": "2015-08-04T14:59:08.347000",
"db": "NVD",
"id": "CVE-2009-5143"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05167"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULHUB",
"id": "VHN-42589"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULMON",
"id": "CVE-2009-5143"
},
{
"date": "2015-08-04T00:00:00",
"db": "BID",
"id": "76261"
},
{
"date": "2018-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003998"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-019"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2009-5143"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-019"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Discovery 530C Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003998"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-019"
}
],
"trust": 0.6
}
}
VAR-201508-0008
Vulnerability from variot - Updated: 2025-04-13 23:04GE Healthcare Optima CT680, CT540, CT640, and CT520 has a default password of #bigguy for the root user, which has unspecified impact and attack vectors. GE Healthcare Optima CT680, CT540, CT640, and CT520 are general computed tomography products for the medical industry. Multiple GE Healthcare Products are prone to an insecure default-password vulnerability. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. An attacker could exploit this vulnerability to take control of the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0008",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "optima ct520",
"scope": "eq",
"trust": 1.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "optima ct680",
"scope": "eq",
"trust": 1.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "optima ct540",
"scope": "eq",
"trust": 1.6,
"vendor": "gehealthcare",
"version": null
},
{
"model": "optima ct520",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "optima ct540",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "optima ct640",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "optima ct680",
"scope": null,
"trust": 0.8,
"vendor": "ge healthcare",
"version": null
},
{
"model": "optima ct680",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
},
{
"model": "optima ct540",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
},
{
"model": "optima ct640",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
},
{
"model": "optima ct520",
"scope": null,
"trust": 0.6,
"vendor": "general electric",
"version": null
},
{
"model": "optima ct680",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
},
{
"model": "optima ct640",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
},
{
"model": "optima ct540",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
},
{
"model": "optima ct520",
"scope": "eq",
"trust": 0.3,
"vendor": "gehealthcare",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05169"
},
{
"db": "BID",
"id": "76262"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004013"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-020"
},
{
"db": "NVD",
"id": "CVE-2010-5306"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:gehealthcare:optima_ct520_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:gehealthcare:optima_ct540_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:gehealthcare:optima_ct640_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:gehealthcare:optima_ct680_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004013"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Scott Erven of Protiviti.",
"sources": [
{
"db": "BID",
"id": "76262"
}
],
"trust": 0.3
},
"cve": "CVE-2010-5306",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2010-5306",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05169",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-47911",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-5306",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2010-5306",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-05169",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-020",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-47911",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05169"
},
{
"db": "VULHUB",
"id": "VHN-47911"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004013"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-020"
},
{
"db": "NVD",
"id": "CVE-2010-5306"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Healthcare Optima CT680, CT540, CT640, and CT520 has a default password of #bigguy for the root user, which has unspecified impact and attack vectors. GE Healthcare Optima CT680, CT540, CT640, and CT520 are general computed tomography products for the medical industry. Multiple GE Healthcare Products are prone to an insecure default-password vulnerability. \nRemote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. An attacker could exploit this vulnerability to take control of the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-5306"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004013"
},
{
"db": "CNVD",
"id": "CNVD-2015-05169"
},
{
"db": "BID",
"id": "76262"
},
{
"db": "VULHUB",
"id": "VHN-47911"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-5306",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSMA-18-037-02",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004013",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201508-020",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-05169",
"trust": 0.6
},
{
"db": "BID",
"id": "76262",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-47911",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05169"
},
{
"db": "VULHUB",
"id": "VHN-47911"
},
{
"db": "BID",
"id": "76262"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004013"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-020"
},
{
"db": "NVD",
"id": "CVE-2010-5306"
}
]
},
"id": "VAR-201508-0008",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05169"
},
{
"db": "VULHUB",
"id": "VHN-47911"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05169"
}
]
},
"last_update_date": "2025-04-13T23:04:05.468000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Optima CT680 Series Installation Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/5472001-1EN_rev2.pdf?DOCCLASS=A\u0026REQ=RAC\u0026DIRECTION=5472001-1EN\u0026FILENAME=5472001-1EN_rev2.pdf\u0026FILEREV=2\u0026DOCREV_ORG=2\u0026SUBMIT=+ACCEPT+"
},
{
"title": "BrightSpeed Elite/Optima CT540 Installation Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/5341628-1EN_r12.pdf?DOCCLASS=A\u0026REQ=RAC\u0026DIRECTION=5341628-1EN\u0026FILENAME=5341628-1EN_r12.pdf\u0026FILEREV=12\u0026DOCREV_ORG=12\u0026SUBMIT=+ACCEPT+"
},
{
"title": "Optima CT520 Series Installation Manual",
"trust": 0.8,
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/5401943_rev%203.pdf?DOCCLASS=A\u0026REQ=RAC\u0026DIRECTION=5401943\u0026FILENAME=5401943_rev+3.pdf\u0026FILEREV=3\u0026DOCREV_ORG=3\u0026SUBMIT=+ACCEPT+"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004013"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-47911"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004013"
},
{
"db": "NVD",
"id": "CVE-2010-5306"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"trust": 1.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-037-02"
},
{
"trust": 1.9,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/5341628-1en_r12.pdf?req=raa\u0026direction=5341628-1en\u0026filename=5341628-1en_r12.pdf\u0026filerev=12\u0026docrev_org=12"
},
{
"trust": 1.9,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/5401943_rev+3.pdf?req=raa\u0026direction=5401943\u0026filename=5401943_rev%2b3.pdf\u0026filerev=3\u0026docrev_org=3"
},
{
"trust": 1.9,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/5472001-1en_rev2.pdf?req=raa\u0026direction=5472001-1en\u0026filename=5472001-1en_rev2.pdf\u0026filerev=2\u0026docrev_org=2"
},
{
"trust": 1.7,
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5306"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-5306"
},
{
"trust": 0.3,
"url": "http://www3.gehealthcare.com/en/global_gateway"
},
{
"trust": 0.1,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/5341628-1en_r12.pdf?req=raa\u0026amp;direction=5341628-1en\u0026amp;filename=5341628-1en_r12.pdf\u0026amp;filerev=12\u0026amp;docrev_org=12"
},
{
"trust": 0.1,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/5401943_rev+3.pdf?req=raa\u0026amp;direction=5401943\u0026amp;filename=5401943_rev%2b3.pdf\u0026amp;filerev=3\u0026amp;docrev_org=3"
},
{
"trust": 0.1,
"url": "http://apps.gehealthcare.com/servlet/clientservlet/5472001-1en_rev2.pdf?req=raa\u0026amp;direction=5472001-1en\u0026amp;filename=5472001-1en_rev2.pdf\u0026amp;filerev=2\u0026amp;docrev_org=2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05169"
},
{
"db": "VULHUB",
"id": "VHN-47911"
},
{
"db": "BID",
"id": "76262"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004013"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-020"
},
{
"db": "NVD",
"id": "CVE-2010-5306"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05169"
},
{
"db": "VULHUB",
"id": "VHN-47911"
},
{
"db": "BID",
"id": "76262"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004013"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-020"
},
{
"db": "NVD",
"id": "CVE-2010-5306"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05169"
},
{
"date": "2015-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-47911"
},
{
"date": "2015-07-10T00:00:00",
"db": "BID",
"id": "76262"
},
{
"date": "2015-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004013"
},
{
"date": "2015-08-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-020"
},
{
"date": "2015-08-04T14:59:09.503000",
"db": "NVD",
"id": "CVE-2010-5306"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05169"
},
{
"date": "2018-03-28T00:00:00",
"db": "VULHUB",
"id": "VHN-47911"
},
{
"date": "2015-07-10T00:00:00",
"db": "BID",
"id": "76262"
},
{
"date": "2018-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004013"
},
{
"date": "2015-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-020"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2010-5306"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-020"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural GE Healthcare Optima Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004013"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-020"
}
],
"trust": 0.6
}
}