CVE-2019-10966

Summary

In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exists where serial devices are connected via an added unsecured terminal server to a TCP/IP network configuration, which could allow an attacker to remotely modify device configuration and silence alarms.

Affected Software

VendorProductVersion RangeStatus
GEAestiva and Aespireversions 7100affected
GEAestiva and Aespireversions 7900affected

Weaknesses

  • CWE-287: IMPROPER AUTHENTICATION CWE-287

ADP Enrichment

CVE Program Container

Additional References

References