Detections
Analytics
GE PACSystems Multiple Devices Denial of Service
high Nessus Network Monitor Plugin ID 720155
Synopsis
In GE PACSystems devices, the device does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable.Description
In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystems RSTi-EP CPE 100 all versions, and PACSystems CPU320/CRU320 RXi all versions, the device does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable.Solution
Perform vendor recommended mitigations and apply available vendor upgrades.See Also
https://ics-cert.us-cert.gov/advisories/ICSA-18-137-01,http://www.securityfocus.com/bid/104241
Plugin Details
Severity: High
ID: 720155
Family: SCADA
Published: 5/8/2019
Updated: 9/30/2019
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 5.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Patch Publication Date: 5/17/2018
Vulnerability Publication Date: 5/17/2018
Reference Information
CVE: CVE-2018-8867
BID: 104241