PT-2019-12107 · Ge · Ge Aestiva+1

Elad Luz

Published

2019-07-10

Updated

2020-10-02

CVE-2019-10966

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions GE Aestiva versions 7100 GE Aespire versions 7900

Description A vulnerability exists in the specified GE Aestiva and Aespire versions where serial devices connected via an added unsecured terminal server to a TCP/IP network configuration could allow an attacker to remotely modify device configuration and silence alarms.

Recommendations For GE Aestiva version 7100, consider securing the terminal server connection to prevent unauthorized access. For GE Aespire version 7900, consider securing the terminal server connection to prevent unauthorized access.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2019-10966

Affected Products

Ge Aespire

Ge Aestiva

PT-2019-12107 · Ge · Ge Aestiva+1

CVE-2019-10966

Weakness Enumeration

Related Identifiers

Affected Products

References · 3