Vulnerability Description
GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 have hardcoded credentials for a support account, which allows remote attackers to obtain administrative access, and consequently execute arbitrary code, by leveraging knowledge of the password.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ge | Mds Pulsenet | <= 3.1.3 |
References
- http://www.gedigitalenergy.com/app/resources.aspx?prod=pulsenet&type=9Vendor Advisory
- http://zerodayinitiative.com/advisories/ZDI-15-440/
- https://ics-cert.us-cert.gov/advisories/ICSA-15-258-03Third Party AdvisoryUS Government Resource
- http://www.gedigitalenergy.com/app/resources.aspx?prod=pulsenet&type=9Vendor Advisory
- http://zerodayinitiative.com/advisories/ZDI-15-440/
- https://ics-cert.us-cert.gov/advisories/ICSA-15-258-03Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2015-6456?
CVE-2015-6456 is a vulnerability with a CVSS score of 9.0 (HIGH). GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 have hardcoded credentials for a support account, which allows remote attackers to obtain administrative access, and consequentl...
How severe is CVE-2015-6456?
CVE-2015-6456 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-6456?
Check the references section above for vendor advisories and patch information. Affected products include: Ge Mds Pulsenet.