2 matches found
GE MDS PulseNET Hidden Support Account Remote Code Execution (CVE-2015-6456)
A default credential vulnerability has been reported in GE MDS PulseNET. The vulnerability is due to static credentials of a hidden support account permitting administrator access to the system. A remote attacker can exploit these default credentials to access the system. Once authenticated, the...
CVE-2015-6456
GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise are affected versions prior to 3.1.5, which contain hard-coded credentials for a hidden support account. This enables remote attackers to obtain administrative access and potentially execute arbitrary code. Public advisories (ZDI-15-440; ...