CVE-2016-0862

MEDIUM

General Electric GE Industrial Solutions UPS SNMP/Web Adapter <4.8 ...

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-0862. PoCs published by Karn Ganeshen.

AI-analyzed exploit summary The exploit demonstrates a command injection vulnerability in GE Industrial Solutions' SNMP/Web Interface cards (CVE-2016-0861) via the `dig.asp` endpoint, allowing authenticated users to execute arbitrary system commands. It also highlights clear-text storage of sensitive information (CVE-2016-0862).

Description

General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Karn Ganeshen · textwebappshardware

https://www.exploit-db.com/exploits/39408

View Code ZIP pw:eip

The exploit demonstrates a command injection vulnerability in GE Industrial Solutions' SNMP/Web Interface cards (CVE-2016-0861) via the `dig.asp` endpoint, allowing authenticated users to execute arbitrary system commands. It also highlights clear-text storage of sensitive information (CVE-2016-0862).

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: GE Industrial Solutions SNMP/Web Interface cards (firmware < 4.8)

Auth required

Prerequisites: Authenticated access to the web interface · Network access to the vulnerable device

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Vendor Advisory x_refsource_confirm

http://apps.geindustrial.com/publibrary/checkout/Application%20and%20Technical%7CGEIS_SNMP%7CPDF&filename=GEIS_SNMP.pdf

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/135586/GE-Industrial-Solutions-UPS-SNMP-Adapter-Command-Injection.html

Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2016/Feb/21

Third Party Advisory, US Government Resource x_refsource_misc

https://ics-cert.us-cert.gov/advisories/ICSA-16-033-02

Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/39408/

Scores

CVSS v3 6.5

EPSS 0.0993

EPSS Percentile 95.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (1)

ge/snmp\/web_adapter_firmware < 4.7

Published Feb 05, 2016

Tracked Since Feb 18, 2026