Daniel Szameitat

**Name of the Vulnerable Software and Affected Versions** FC46-WebBridge on GE Grid Solutions MS3000 devices versions prior to 3.7.6.25p0 3.2.2.17p0 4.7p0 **Description** An issue was discovered that allows direct access to the API on TCP port 8888 via programs located in the cgi-bin folder without any authentication. **Recommendations** For versions prior to 3.7.6.25p0 3.2.2.17p0 4.7p0, update to version 3.7.6.25p0 3.2.2.17p0 4.7p0 or later to resolve the issue. As a temporary workaround, consider restricting access to the cgi-bin folder and TCP port 8888 to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GE Grid Solutions MS3000 versions prior to 3.7.6.25p0 3.2.2.17p0 4.7p0 **Description** An issue was discovered where the debug port accessible via TCP, utilizing a qconn service, lacks access control. This issue affects GE Grid Solutions MS3000 devices. **Recommendations** For versions prior to 3.7.6.25p0 3.2.2.17p0 4.7p0, consider disabling the qconn service or restricting access to the debug port via TCP as a temporary workaround until a patch is available.