Vulnerability Details CVE-2019-10966
In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exists where serial devices are connected via an added unsecured terminal server to a TCP/IP network configuration, which could allow an attacker to remotely modify device configuration and silence alarms.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.6%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
Products affected by CVE-2019-10966
-
cpe:2.3:h:ge:aespire_7100:-
-
cpe:2.3:h:ge:aespire_7900:-
-
cpe:2.3:h:ge:aestiva_7100:-
-
cpe:2.3:h:ge:aestiva_7900:-
-
cpe:2.3:o:ge:aespire_7100_firmware:-
-
cpe:2.3:o:ge:aespire_7900_firmware:-
-
cpe:2.3:o:ge:aestiva_7100_firmware:-
-
cpe:2.3:o:ge:aestiva_7900_firmware:-