EUVD-2015-6397

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

GE Digital Energy MDS PulseNET before 3.1.5 has hardcoded credentials for a support account allowing access

Reporter	Title	Published	Views	Family All 9
Tenable Nessus	General Electric's MDS PulseNET < 3.1.5 Multiple Vulnerabilities	15 Jan 201600:00	–	nessus
CNVD	GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise Remote Code Execution Vulnerability	23 Sep 201500:00	–	cnvd
Check Point Advisories	GE MDS PulseNET Hidden Support Account Remote Code Execution (CVE-2015-6456)	7 Oct 201500:00	–	checkpoint_advisories
CVE	CVE-2015-6456	18 Sep 201522:00	–	cve
Cvelist	CVE-2015-6456	18 Sep 201522:00	–	cvelist
ICS	GE MDS PulseNET Vulnerabilities	18 Jun 201506:00	–	ics
NVD	CVE-2015-6456	18 Sep 201522:59	–	nvd
Prion	Hardcoded credentials	18 Sep 201522:59	–	prion
Zero Day Initiative	GE MDS PulseNET Hidden Support Account Remote Code Execution Vulnerability	16 Sep 201500:00	–	zdi

[
  {
    "enisaIdVendor": [
      {
        "id": "628d0923-0e35-3417-8fbc-edd076def845",
        "vendor": {
          "name": "n/a"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "a2fe1adf-4d1c-3b32-9d01-bb2b56288935",
        "product": {
          "name": "n/a"
        },
        "product_version": "n/a"
      }
    ]
  }
]

Source	Link
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-15-440/
gedigitalenergy	www.gedigitalenergy.com/app/resources.aspx
ics-cert	www.ics-cert.us-cert.gov/advisories/ICSA-15-258-03
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

6.3Medium risk

Vulners AI Score6.3

CVSS 29

EPSS0.01506