January 2016

View all on this date written articles further down below.
29 Jan 2016

[ICS] GEDE UPS SNMP Adapter Vulnerabilities

On a recent pentest, I found few vulnerabilities in GE Industrial Solutions - UPS SNMP Adapter. Successful exploitation can lead to arbitrary command execution as superuser on the device, and sensitive information leakage.

GE Advisory: http://apps.geindustrial.com/publibrary/checkout/GEIS_SNMP?TNR=Application%20and%20Technical|GEIS_SNMP|PDF&filename=GEIS_SNMP.pdf

ICS-CERT Advisory:
https://ics-cert.us-cert.gov/advisories/ICSA-16-033-02

Affected Products
• All SNMP/Web Interface cards with firmware version prior to 4.8 manufactured by GE Industrial Solutions.

CVE-IDs
CVE-2016-0861
CVE-2016-0862

Read on for details and poc.

Read more