CVE-2016-2310 - OpenCVE

General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ge	Multilink Firmware Multilink Ml1200 Multilink Ml1600 Multilink Ml2400 Multilink Ml3000 Multilink Ml3100 Multilink Ml800 Multilink Ml810

Configuration 1 [-]

AND

cpe:2.3:o:ge:multilink_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:ge:multilink_ml1200:-:::::::*
	cpe:2.3:h:ge:multilink_ml1600:-:::::::*
	cpe:2.3:h:ge:multilink_ml2400:-:::::::*
	cpe:2.3:h:ge:multilink_ml800:-:::::::*
	cpe:2.3:h:ge:multilink_ml810:-:::::::*

Configuration 2 [-]

AND

OR	cpe:2.3:h:ge:multilink_ml3000:-:::::::*
	cpe:2.3:h:ge:multilink_ml3100:-:::::::*
	cpe:2.3:h:ge:multilink_ml810:-:::::::*

cpe:2.3:o:ge:multilink_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://ics-cert.us-cert.gov/advisories/ICSA-16-154-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2016-06-09T10:00:00

Updated: 2024-08-05T23:24:48.970Z

Reserved: 2016-02-09T00:00:00

Link: CVE-2016-2310

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2016-06-09T10:59:00.290

Modified: 2021-03-29T18:06:12.797

Link: CVE-2016-2310

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-06-02T00:00:00", "descriptions": [{"lang": "en", "value": "General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-06-09T01:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-154-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2016-2310", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-154-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-154-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:24:48.970Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-154-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2016-2310", "datePublished": "2016-06-09T10:00:00", "dateReserved": "2016-02-09T00:00:00", "dateUpdated": "2024-08-05T23:24:48.970Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:multilink_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "57707326-C7A4-412B-BF90-98E12CF97312", "versionEndIncluding": "5.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ge:multilink_ml1200:-:*:*:*:*:*:*:*", "matchCriteriaId": "1179F179-510A-4A97-8365-B81C0E0FC605", "vulnerable": false}, {"criteria": "cpe:2.3:h:ge:multilink_ml1600:-:*:*:*:*:*:*:*", "matchCriteriaId": "620703E4-1D78-44CB-B353-517A8AB2A815", "vulnerable": false}, {"criteria": "cpe:2.3:h:ge:multilink_ml2400:-:*:*:*:*:*:*:*", "matchCriteriaId": "426A283A-540C-43F2-8397-52668BADDEB8", "vulnerable": false}, {"criteria": "cpe:2.3:h:ge:multilink_ml800:-:*:*:*:*:*:*:*", "matchCriteriaId": "9A00E85C-1B21-43F7-8323-F759216BFB90", "vulnerable": false}, {"criteria": "cpe:2.3:h:ge:multilink_ml810:-:*:*:*:*:*:*:*", "matchCriteriaId": "81DC26E5-D3D7-41C6-B654-B06FA0461451", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ge:multilink_ml3000:-:*:*:*:*:*:*:*", "matchCriteriaId": "7EE40202-1D8F-406E-8281-B67DCF5E8501", "vulnerable": false}, {"criteria": "cpe:2.3:h:ge:multilink_ml3100:-:*:*:*:*:*:*:*", "matchCriteriaId": "D72F9922-A473-4076-91E3-CF3899C179D7", "vulnerable": false}, {"criteria": "cpe:2.3:h:ge:multilink_ml810:-:*:*:*:*:*:*:*", "matchCriteriaId": "81DC26E5-D3D7-41C6-B654-B06FA0461451", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ge:multilink_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF7A9653-BF61-4480-B349-577C6155B991", "versionEndIncluding": "5.5.0k", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware before 5.5.0 and ML810, ML3000, and ML3100 switches with firmware before 5.5.0k have hardcoded credentials, which allows remote attackers to modify configuration settings via the web interface."}, {"lang": "es", "value": "Switches General Electric (GE) Multilink ML800, ML1200, ML1600 y ML2400 con firmware en versiones anteriores a 5.5.0 y switches ML810, ML3000 y ML3100 con firmware en versiones anteriores a 5.5.0k tienen credenciales embebidas, lo que permite a atacantes remotos modificar ajustes de configuraci\u00f3n a trav\u00e9s de la interfaz web."}], "evaluatorComment": "CWE-798: Use of Hard-coded Credentials", "id": "CVE-2016-2310", "lastModified": "2021-03-29T18:06:12.797", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-06-09T10:59:00.290", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-154-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}