3 results (0.003 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

An issue was discovered on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. The debug port accessible via TCP (a qconn service) lacks access control. • https://wid.cert-bund.de/.well-known/csaf/white/2022/bsi-2022-0005.json •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. Direct access to the API is possible on TCP port 8888 via programs located in the cgi-bin folder without any authentication. • https://wid.cert-bund.de/.well-known/csaf/white/2022/bsi-2022-0005.json •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. A vulnerability in the web server allows arbitrary files and configurations to be read via directory traversal over TCP port 8888. • https://wid.cert-bund.de/.well-known/csaf/white/2022/bsi-2022-0005.json • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •