CVE-2019-10966
MEDIUMGE Aestiva and Aespire 7100 and 7900 - Unauthenticated Remote Configuration Modification and Alarm Silencing
Title source: llmDescription
In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exists where serial devices are connected via an added unsecured terminal server to a TCP/IP network configuration, which could allow an attacker to remotely modify device configuration and silence alarms.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/109102
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsma-19-190-01
Scores
CVSS v3
5.3
EPSS
0.0134
EPSS Percentile
67.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-287
Status
published
Products (4)
ge/aespire_7100_firmware
ge/aespire_7900_firmware
ge/aestiva_7100_firmware
ge/aestiva_7900_firmware
Published
Jul 10, 2019
Tracked Since
Feb 18, 2026