Detections
Analytics

General Electric's MDS PulseNET < 3.1.5 Multiple Vulnerabilities

critical Nessus Network Monitor Plugin ID 9052

Synopsis

The remote host is running an outdated version of General Electric's MDS PulseNET application.

Description

The version of General Electric's MDS PulseNET application is prior to 3.1.5 and is affected by multiple vulnerabilities :

- The application installs with default, hardcoded credentials for a support account. This allows remote attackers to trivially gain privileged access to the application.
 - A flaw exists that allows traversing outside of a restricted path. The issue is due to the 'FileDownloadServlet' not properly sanitizing user input, specifically path traversal style attacks (e.g. '../') supplied via filenames. With a specially crafted request, a remote attacker can read or delete arbitrary files.

Solution

Upgrade to MDS PulseNET version 3.1.5 or later.

See Also

https://ics-cert.us-cert.gov/advisories/ICSA-15-258-03

http://www.zerodayinitiative.com/advisories/ZDI-15-439

http://www.zerodayinitiative.com/advisories/ZDI-15-440

http://www.gedigitalenergy.com/products/support/MDS/PB15007_B-PulseNET-Hard-Coded_Credentials_Path_Traversal_Vulnerabilities.pdf

http://www.gedigitalenergy.com/app/resources.aspx?prod=pulsenet&type=9

Plugin Details

Severity: Critical

ID: 9052

Family: SCADA

Published: 1/15/2016

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ge:mds_pulsenet

Patch Publication Date: 9/15/2015

Vulnerability Publication Date: 9/15/2015

Reference Information

CVE: CVE-2015-6456