CVE-2016-0862
published 2016-02-05CVE-2016-0862: General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext…
PriorityP343medium6.5CVSS 3.0
AVNACLPRLUINSUCHINAN
EXPLOIT
EPSS
9.93%
95.0th percentile
General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ge | snmp_web_adapter_firmware | <= 4.7 | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
GE SNMP/Web Interface Vulnerabilities
cisa_ics·2018-08-23
GE SNMP/Web Interface Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
GE SNMP/Web Interface Vulnerabilities
Last RevisedAugust 23, 2018
Alert CodeICSA-16-033-02
## OVERVIEW
Independent researcher Karn Ganeshen has identified two vulnerabilities in the GE SNMP/Web Interface adapter. GE has produced a new firmware version to mitigate the identified vulnerabilities in later model devices. Earlier model SNMP/Web Interface adapters may need to be upgraded to accommodate the new firmware version to address the identified vulnerabilities.
These vulnerabilities could be exploited remotely.
## AFFECTED PRODUCTS
The following SNMP/Web Interface adapter v
GHSA
GHSA-2p48-mg67-hr6x: General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4
ghsa_unreviewed·2022-05-14
CVE-2016-0862 [MEDIUM] CWE-200 GHSA-2p48-mg67-hr6x: General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4
General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors.
No detection rules found.
No writeups or analysis indexed.
http://apps.geindustrial.com/publibrary/checkout/Application%20and%20Technical%7CGEIS_SNMP%7CPDF&filename=GEIS_SNMP.pdfhttp://packetstormsecurity.com/files/135586/GE-Industrial-Solutions-UPS-SNMP-Adapter-Command-Injection.htmlhttp://seclists.org/fulldisclosure/2016/Feb/21https://ics-cert.us-cert.gov/advisories/ICSA-16-033-02https://www.exploit-db.com/exploits/39408/http://apps.geindustrial.com/publibrary/checkout/Application%20and%20Technical%7CGEIS_SNMP%7CPDF&filename=GEIS_SNMP.pdfhttp://packetstormsecurity.com/files/135586/GE-Industrial-Solutions-UPS-SNMP-Adapter-Command-Injection.htmlhttp://seclists.org/fulldisclosure/2016/Feb/21https://ics-cert.us-cert.gov/advisories/ICSA-16-033-02https://www.exploit-db.com/exploits/39408/
2016-02-05
Published