Remote Configuration Modification and Alarm Silencing Vulnerability in GE Aestiva and Aespire Versions 7100 and 7900
CVE-2019-10966 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exists where serial devices are connected via an added unsecured terminal server to a TCP/IP network configuration, which could allow an attacker to remotely modify device configuration and silence alarms.
Learn more about our Cis Benchmark Audit For Server Software.