GE MDS PulseNET Vulnerabilities

Low RiskICS-CERT ICSA-15-258-03Jun 18, 2015

Summary

GE MDS PulseNET contains multiple authentication bypass vulnerabilities (CWE-798: hardcoded credentials, CWE-23: path traversal) in versions 3.1.3 and earlier. These allow unauthenticated attackers with network access to the management interface to gain administrative-level access to SCADA monitoring and control functions. The product is end-of-life with no vendor patches available. MDS PulseNET is used to remotely manage and monitor RTUs, communications hardware, and distribution automation in utility networks.

What this means

What could happen

An attacker could bypass authentication to access MDS PulseNET systems and extract or manipulate SCADA/power distribution data, potentially disrupting remote monitoring and control of power substations or utility networks.

Who's at risk

Electric utilities and power distributors using GE MDS PulseNET as their SCADA remote terminal unit (RTU) management and monitoring platform. Specifically: control center operators, network engineers responsible for substation communication, and anyone managing power distribution automation. Also affects water utilities using the same platform for remote monitoring and control of pumps and gates.

How it could be exploited

An attacker with network access to the MDS PulseNET management interface could exploit authentication bypass vulnerabilities (CWE-798: hardcoded credentials, CWE-23: path traversal) to gain unauthorized administrative access without valid credentials. Once authenticated, the attacker could read sensitive configuration, monitoring data, or potentially send commands to connected RTUs and PLCs.

Prerequisites

Network access to MDS PulseNET management interface (typically port 80/443 or proprietary port)
No valid credentials required due to authentication bypass
Target must be running MDS PulseNET or MDS PulseNET Enterprise version 3.1.3 or earlier

No patch available (product end-of-life)Authentication bypass (hardcoded credentials or path traversal)Remote network access possibleAffects critical infrastructure monitoring and control

Exploitability

Some exploitation risk — EPSS score 1.6%

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

MDS PulseNET Enterprise: <=3.1.3≤ 3.1.3No fix (EOL)

MDS PulseNET: <=3.1.3≤ 3.1.3No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGSegment MDS PulseNET systems from the general network using a firewall. Restrict access to the management interface to authorized engineering workstations and SCADA networks only.

WORKAROUNDDisable or restrict unnecessary remote management features on MDS PulseNET if they are not in use.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGImplement network monitoring on the MDS PulseNET management interface to detect unauthorized access attempts.

Long-term hardening

0/1

HOTFIXPlan decommissioning or replacement of MDS PulseNET systems with modern alternatives that receive active vendor support and security updates.

CVEs (2)

CVE-2015-6459 CVE-2015-6456

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/18f2492d-457a-4f4c-adce-77183ff3439e

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.