PT-2023-14419 · Ge Grid Solutions · Ge Grid Solutions Ms3000
Daniel Szameitat
·
Published
2023-01-17
·
Updated
2023-01-26
·
CVE-2022-43977
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
GE Grid Solutions MS3000 versions prior to 3.7.6.25p0 3.2.2.17p0 4.7p0
Description
An issue was discovered where the debug port accessible via TCP, utilizing a qconn service, lacks access control. This issue affects GE Grid Solutions MS3000 devices.
Recommendations
For versions prior to 3.7.6.25p0 3.2.2.17p0 4.7p0, consider disabling the qconn service or restricting access to the debug port via TCP as a temporary workaround until a patch is available.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ge Grid Solutions Ms3000