Lucene search
K

61 matches found

ICS
ICS
added 2016/03/06 7:0 a.m.38 views

GE MultiLink Series Hard-coded Credential Vulnerability

OVERVIEW GE has identified a hard-coded credential vulnerability in GE’s MultiLink series managed switches. GE has produced new firmware versions to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following MultiLink products are affected: GE ML8...

10CVSS9.9AI score0.03219EPSS
Exploits0References10
CNVD
CNVD
added 2015/11/19 12:0 a.m.3 views

Multiple GE Switches Cross-Site Scripting Vulnerability

GE Multilink ML800 and others are Ethernet switch products from General Electric GE. A cross-site scripting vulnerability exists in multiple GE switches. A remote attacker can exploit the vulnerability to inject arbitrary web script or HTML...

6.8CVSS6.3AI score0.0119EPSS
Exploits0References1
ICS
ICS
added 2015/10/16 6:0 a.m.42 views

GE Multilink Switch Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-013-04 GE MultiLink Switch Vulnerabilities that was published January 13, 2015, on the NCCIC/ICS-CERT web site. --------- Begin Update A Part 1 of 3 -------- Eireann Leverett of IOActive has identified three...

6.3AI score
Exploits0References10
NVD
NVD
added 2015/01/17 2:59 a.m.20 views

CVE-2014-5419

GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key across different customers' installations, which makes it easier for remote attackers to obtain the...

10CVSS5.4AI score0.0242EPSS
Exploits0References4
NVD
NVD
added 2015/01/17 2:59 a.m.17 views

CVE-2014-5418

GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier allow remote attackers to cause a denial of service resource consumption or reboot via crafted packets...

7.8CVSS5.6AI score0.03192EPSS
Exploits0References4
Prion
Prion
added 2015/01/17 2:59 a.m.19 views

Code injection

GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key across different customers' installations, which makes it easier for remote attackers to obtain the...

5CVSS7.2AI score0.0242EPSS
Exploits0References2Affected Software7
Cvelist
Cvelist
added 2015/01/17 2:0 a.m.20 views

CVE-2014-5419 GE Multilink Use of Hard-coded Cryptographic Key

GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key across different customers' installations, which makes it easier for remote attackers to obtain the...

10CVSS5.4AI score0.0242EPSS
Exploits0References3
Cvelist
Cvelist
added 2015/01/17 2:0 a.m.19 views

CVE-2014-5418 GE Multilink Uncontrolled Resource Consumption

GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier allow remote attackers to cause a denial of service resource consumption or reboot via crafted packets...

5CVSS5.6AI score0.03192EPSS
Exploits0References3
CVE
CVE
added 2015/01/17 2:0 a.m.47 views

CVE-2014-5418

CVE-2014-5418 affects GE Multilink ML800/ML1200/ML1600/ML2400 (firmware 4.2.1 and earlier) and ML810/ML3000/ML3100 (firmware 5.2.0 and earlier). The vulnerability enables remote attackers to cause a denial of service by sending crafted packets that exhaust resources or reboot the switch. The ICS-...

7.8CVSS7AI score0.03192EPSS
Exploits0References4Affected Software2
CVE
CVE
added 2015/01/17 2:0 a.m.45 views

CVE-2014-5419

CVE-2014-5419 affects GE Multilink switches (ML800/1200/1600/2400 on firmware 4.2.1 and earlier; ML810/3000/3100 on firmware 5.2.0 and earlier). Root cause: use of the same RSA private key across installations, enabling an attacker to decrypt SSL traffic by extracting the key from firmware. Impac...

10CVSS6.8AI score0.0242EPSS
Exploits0References4Affected Software2
myhack58
myhack58
added 2015/01/16 12:0 a.m.15 views

General Electric(GE)industrial control switches exposed high-risk vulnerabilities-vulnerability warning-the black bar safety net

Security researchers recently in the General Electric(GE MultiLink ML800 series switches found on the 2 high-risk vulnerabilities, an attacker can exploit the vulnerability in the case of unauthorized crack of network traffic and to launch a DOS attack. Discover vulnerabilities The MultiLink ML80...

2.7AI score
Exploits0
NVD
NVD
added 2012/12/26 5:55 p.m.18 views

CVE-2012-5589

The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users with text-editing permissions to read arbitrary node titles via a generated link...

3.5CVSS6.4AI score0.00962EPSS
Exploits0References4
Prion
Prion
added 2012/12/26 5:55 p.m.10 views

Code injection

The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users with text-editing permissions to read arbitrary node titles via a generated link...

3.5CVSS6.8AI score0.00962EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2012/12/26 5:0 p.m.40 views

CVE-2012-5589

The CVE-2012-5589 entry concerns the Drupal MultiLink module (versions 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7) which does not properly enforce node-access checks when generating in-content links. This allows remote authenticated users with text-editing permissions to read arbitrary nod...

3.5CVSS6.5AI score0.00962EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2012/12/26 5:0 p.m.19 views

CVE-2012-5589

The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users with text-editing permissions to read arbitrary node titles via a generated link...

6.4AI score0.00962EPSS
Exploits0References4
Drupal
Drupal
added 2012/11/28 12:0 a.m.25 views

SA-CONTRIB-2012-170 - MultiLink - Access Bypass

MultiLink allows you to generate in-content links to a suitable node or node translation based on the visitor's language preferences. It allows the Node Title of the target node to be shown as the visible text and title attribute for the generated link. Prior to versions 6.x-2.7 and 7.x-2.7 the...

3.5CVSS6.3AI score0.00962EPSS
Exploits0References11
securityvulns
securityvulns
added 2006/01/19 12:0 a.m.32 views

Cisco Security Advisory: IOS Stack Group Bidding Protocol Crafted Packet DoS

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: IOS Stack Group Bidding Protocol Crafted Packet DoS Document ID: 68793 Advisory ID: cisco-sa-20060118-sgbp http://www.cisco.com/warp/public/707/cisco-sa-20060118-sgbp.shtml Revision 1.0 ============ For Public Release 2006...

Exploits0
CVE
CVE
added 2002/03/09 5:0 a.m.52 views

CVE-1999-1203

CVE-1999-1203 affects Ascend systems using Multilink PPP for ISDN dialup prior to version 4.6. The vulnerability arises from a spoofed endpoint identifier, enabling remote attackers to cause a denial of service (availability impact). The provided documents do not specify a fix or mitigation. No e...

5CVSS7AI score0.01614EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2002/03/09 5:0 a.m.17 views

CVE-1999-1203

Multilink PPP for ISDN dialup users in Ascend before 4.6 allows remote attackers to cause a denial of service via a spoofed endpoint identifier...

6.6AI score0.01614EPSS
Exploits0References3
Packet Storm
Packet Storm
added 1999/08/17 12:0 a.m.56 views

ascend.multilink.ppp.txt

Date: Wed, 10 Feb 1999 15:08:50 -0800 From: David Schwartz To: [email protected] Subject: Security problems in ISDN equipment authentication A security flaw is probably still present in Ascend's multilink PPP implementation over ISDN. Due to its fundamental nature, it's probably in other ISDN...

7.4AI score
Exploits0
Rows per page
Query Builder