CVE-2016-2310

Published on: 06/09/2016 12:00:00 AM UTC

Last Modified on: 03/29/2021 06:06:00 PM UTC

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Certain versions of Ml1200 Switch from Ge contain the following vulnerability:

General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface.

  • CVE-2016-2310 has been assigned by [email protected] to track the vulnerability - currently rated as - currently rated as CRITICAL severity.

CVSS3 Score: 9.8 - CRITICAL

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 10 - HIGH

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
COMPLETE COMPLETE COMPLETE

CVE References

Description Tags Link
GE MultiLink Series Hard-coded Credential Vulnerability | ICS-CERT Third Party Advisory
US Government Resource
ics-cert.us-cert.gov
text/html
URL Logo MISC ics-cert.us-cert.gov/advisories/ICSA-16-154-01

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
HardwareGeMl1200 Switch-AllAllAll
HardwareGeMl1200 Switch-AllAllAll
HardwareGeMl1600 Switch-AllAllAll
HardwareGeMl1600 Switch-AllAllAll
HardwareGeMl2400 Switch-AllAllAll
HardwareGeMl2400 Switch-AllAllAll
HardwareGeMl3000 Switch-AllAllAll
HardwareGeMl3000 Switch-AllAllAll
HardwareGeMl3100 Switch-AllAllAll
HardwareGeMl3100 Switch-AllAllAll
HardwareGeMl800 Switch-AllAllAll
HardwareGeMl800 Switch-AllAllAll
HardwareGeMl810 Switch-AllAllAll
HardwareGeMl810 Switch-AllAllAll
Operating
System
GeMultilink FirmwareAllAllAllAll
Operating
System
GeMultilink FirmwareAllAllAllAll
Operating
System
GeMultilink FirmwareAllAllAllAll
HardwareGeMultilink Ml1200-AllAllAll
HardwareGeMultilink Ml1600-AllAllAll
HardwareGeMultilink Ml2400-AllAllAll
HardwareGeMultilink Ml3000-AllAllAll
HardwareGeMultilink Ml3100-AllAllAll
HardwareGeMultilink Ml800-AllAllAll
HardwareGeMultilink Ml810-AllAllAll
  • cpe:2.3:h:ge:ml1200_switch:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:ge:ml1200_switch:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:ge:ml1600_switch:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:ge:ml1600_switch:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:ge:ml2400_switch:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:ge:ml2400_switch:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:ge:ml3000_switch:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:ge:ml3000_switch:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:ge:ml3100_switch:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:ge:ml3100_switch:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:ge:ml800_switch:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:ge:ml800_switch:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:ge:ml810_switch:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:ge:ml810_switch:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:ge:multilink_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:ge:multilink_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:ge:multilink_firmware:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:ge:multilink_ml1200:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:ge:multilink_ml1600:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:ge:multilink_ml2400:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:ge:multilink_ml3000:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:ge:multilink_ml3100:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:ge:multilink_ml800:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:ge:multilink_ml810:-:*:*:*:*:*:*:*: