Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-13559

GE Mark VIe Controller is shipped with pre-configured hard-coded credentials that may allow root-user access to the controller. A limited application of the affected product may ship without setup and configuration instructions immediately available to the end user. The bulk of controllers go into applications requiring the GE commissioning engineer to change default configurations during the installation process. GE recommends that users reset controller passwords during installation in the operating environment.

Published

2020-04-07T18:15:13.430

Last Modified

2024-11-21T04:25:09.913

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-798
Type: Primary
CWE-798

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	ge	mark_vie_controll_system	-	Yes

References

https://www.us-cert.gov/ics/advisories/icsa-19-281-02 Third Party Advisory, US Government Resource ([email protected])
https://www.us-cert.gov/ics/advisories/icsa-19-281-02 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)