18 matches found
EUVD-2014-5307
Malware in sbrugna...
EUVD-2015-4007
Malware in sbrugna...
GE Multilink Switches < 5.5.0 Hardcoded Credentials
Binary data 720079.prm...
GE Multilink Swtiches Hardcoded Encryption Key
Binary data 720053.prm...
GE Multilink Multiple Switches XSS
Binary data 720065.prm...
CVE-2015-3976
Cross-site scripting XSS vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier...
Cross site scripting
Cross-site scripting XSS vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier...
CVE-2015-3976 GE Multilink Cross-site Scripting
Cross-site scripting XSS vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier...
CVE-2015-3976
The CVE-2015-3976 issue is a Cross-site Scripting (XSS) vulnerability affecting GE Multilink switches: ML800/1200/1600/2400 (firmware ≤ 4.2.1) and ML810/3000/3100 (firmware ≤ 5.2.0). The underlying problem is improper neutralization of input during web page generation in the switch web interface,...
CVE-2016-2310
General Electric GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface...
GE Multilink Switch Vulnerabilities (Update A)
OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-013-04 GE MultiLink Switch Vulnerabilities that was published January 13, 2015, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 3 -------- Eireann Leverett of IOActive has identified three...
CVE-2014-5419
GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key across different customers' installations, which makes it easier for remote attackers to obtain the...
CVE-2014-5418
GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier allow remote attackers to cause a denial of service resource consumption or reboot via crafted packets...
Code injection
GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key across different customers' installations, which makes it easier for remote attackers to obtain the...
CVE-2014-5419 GE Multilink Use of Hard-coded Cryptographic Key
GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key across different customers' installations, which makes it easier for remote attackers to obtain the...
CVE-2014-5418
CVE-2014-5418 affects GE Multilink ML800/ML1200/ML1600/ML2400 (firmware 4.2.1 and earlier) and ML810/ML3000/ML3100 (firmware 5.2.0 and earlier). The vulnerability enables remote attackers to cause a denial of service by sending crafted packets that exhaust resources or reboot the switch. The ICS-...
CVE-2014-5419
CVE-2014-5419 affects GE Multilink switches (ML800/1200/1600/2400 on firmware 4.2.1 and earlier; ML810/3000/3100 on firmware 5.2.0 and earlier). Root cause: use of the same RSA private key across installations, enabling an attacker to decrypt SSL traffic by extracting the key from firmware. Impac...
CVE-2014-5418 GE Multilink Uncontrolled Resource Consumption
GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier allow remote attackers to cause a denial of service resource consumption or reboot via crafted packets...