CVE-2016-0861
published 2016-02-05CVE-2016-0861: General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands…
PriorityP268high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
14.24%
96.1th percentile
General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands via unspecified vectors.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ge | ups_snmp_web_adapter_firmware | <= 4.7 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Command injection via the Hostname/IP address input field on the GE UPS SNMP/Web Adapter — look for shell metacharacters (e.g. semicolons) injected into that parameter in HTTP requests to the device's web interface. ↗
- →The injected command '; cat /etc/shadow' produces cleartext credential output including default accounts 'ge' and 'root123'; presence of these usernames in device responses is a strong indicator of exploitation. ↗
- →Exploitation requires authenticated access (low-privilege user sufficient); monitor for authenticated sessions followed by anomalous command-like strings in web form fields targeting GE SNMP/Web Interface adapters running firmware prior to 4.8. ↗
- ·Exploitation requires prior authentication; however, only low-privilege credentials are needed, making the bar for exploitation low. ↗
- ·Firmware fix (v4.8) only applies directly to product numbers 1024746, 1024747, 1024748, and 1024921; all other product numbers require a full hardware upgrade to accept the patched firmware. ↗
- ·Default/hardcoded accounts ('ge', 'root123') with home directory '/home/admin' are present on vulnerable devices; these should be treated as known-compromised credentials on any unpatched device. ↗
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
ghsa7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
GE SNMP/Web Interface Vulnerabilities
cisa_ics·2018-08-23
GE SNMP/Web Interface Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
GE SNMP/Web Interface Vulnerabilities
Last RevisedAugust 23, 2018
Alert CodeICSA-16-033-02
## OVERVIEW
Independent researcher Karn Ganeshen has identified two vulnerabilities in the GE SNMP/Web Interface adapter. GE has produced a new firmware version to mitigate the identified vulnerabilities in later model devices. Earlier model SNMP/Web Interface adapters may need to be upgraded to accommodate the new firmware version to address the identified vulnerabilities.
These vulnerabilities could be exploited remotely.
## AFFECTED PRODUCTS
The following SNMP/Web Interface adapter v
GHSA
GHSA-78mv-6rfc-wcg4: General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4
ghsa_unreviewed·2022-05-17
CVE-2016-0861 [HIGH] CWE-77 GHSA-78mv-6rfc-wcg4: General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4
General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands via unspecified vectors.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-13·CVSS 7.5
CVE-2018-0835 [HIGH] CWE-787 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-13·CVSS 7.5
CVE-2018-0857 [HIGH] CWE-787 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-13·CVSS 7.5
CVE-2018-0859 [HIGH] CWE-787 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-13·CVSS 7.5
CVE-2018-0860 [HIGH] CWE-787 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0861, and CVE-2018-0866.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-13·CVSS 7.5
CVE-2018-0834 [HIGH] CWE-787 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-13·CVSS 7.5
CVE-2018-0837 [HIGH] CWE-787 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-13·CVSS 7.5
CVE-2018-0838 [HIGH] CWE-787 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
No detection rules found.
No writeups or analysis indexed.
http://apps.geindustrial.com/publibrary/checkout/Application%20and%20Technical%7CGEIS_SNMP%7CPDF&filename=GEIS_SNMP.pdfhttp://packetstormsecurity.com/files/135586/GE-Industrial-Solutions-UPS-SNMP-Adapter-Command-Injection.htmlhttp://seclists.org/fulldisclosure/2016/Feb/21https://ics-cert.us-cert.gov/advisories/ICSA-16-033-02https://www.exploit-db.com/exploits/39408/http://apps.geindustrial.com/publibrary/checkout/Application%20and%20Technical%7CGEIS_SNMP%7CPDF&filename=GEIS_SNMP.pdfhttp://packetstormsecurity.com/files/135586/GE-Industrial-Solutions-UPS-SNMP-Adapter-Command-Injection.htmlhttp://seclists.org/fulldisclosure/2016/Feb/21https://ics-cert.us-cert.gov/advisories/ICSA-16-033-02https://www.exploit-db.com/exploits/39408/
2016-02-05
Published