PT-2018-5608 · Ge · Ge Gemnet License Server

Published

2018-03-20

Updated

2019-10-09

CVE-2017-14004

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: GE GEMNet License server (EchoServer) all current versions

Description: The issue concerns the use of default or hard-coded credentials in the affected devices. This could allow a remote attacker to bypass authentication and gain access to the devices.

Recommendations: For all current versions, consider changing the default or hard-coded credentials to unique, strong passwords to prevent unauthorized access. As a temporary workaround, restrict access to the devices to minimize the risk of exploitation.

Fix

Using Hardcoded Credentials

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798CWE-287

Related Identifiers

CVE-2017-14004

Affected Products

Ge Gemnet License Server

PT-2018-5608 · Ge · Ge Gemnet License Server

CVE-2017-14004

Weakness Enumeration

Related Identifiers

Affected Products

References · 2