Remote Configuration Modification and Alarm Silencing Vulnerability in GE Aestiva and Aespire Versions 7100 and 7900

Remote Configuration Modification and Alarm Silencing Vulnerability in GE Aestiva and Aespire Versions 7100 and 7900

CVE-2019-10966 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exists where serial devices are connected via an added unsecured terminal server to a TCP/IP network configuration, which could allow an attacker to remotely modify device configuration and silence alarms.

Learn more about our Cis Benchmark Audit For Server Software.