PT-2023-14419 · Ge Grid Solutions · Ge Grid Solutions Ms3000
Daniel Szameitat
·
Publicado
2023-01-17
·
Atualizado
2023-01-26
·
CVE-2022-43977
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
GE Grid Solutions MS3000 versions prior to 3.7.6.25p0 3.2.2.17p0 4.7p0
Description
An issue was discovered where the debug port accessible via TCP, utilizing a qconn service, lacks access control. This issue affects GE Grid Solutions MS3000 devices.
Recommendations
For versions prior to 3.7.6.25p0 3.2.2.17p0 4.7p0, consider disabling the qconn service or restricting access to the debug port via TCP as a temporary workaround until a patch is available.
Correção
Improper Access Control
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ge Grid Solutions Ms3000