OTPulse
FeedAboutContact

GE MDS PulseNET Vulnerabilities

Low RiskICS-CERT ICSA-15-258-03Jun 18, 2015
Summary

GE MDS PulseNET contains multiple authentication bypass vulnerabilities (CWE-798: hardcoded credentials, CWE-23: path traversal) in versions 3.1.3 and earlier. These allow unauthenticated attackers with network access to the management interface to gain administrative-level access to SCADA monitoring and control functions. The product is end-of-life with no vendor patches available. MDS PulseNET is used to remotely manage and monitor RTUs, communications hardware, and distribution automation in utility networks.

What this means
What could happen
An attacker could bypass authentication to access MDS PulseNET systems and extract or manipulate SCADA/power distribution data, potentially disrupting remote monitoring and control of power substations or utility networks.
Who's at risk
Electric utilities and power distributors using GE MDS PulseNET as their SCADA remote terminal unit (RTU) management and monitoring platform. Specifically: control center operators, network engineers responsible for substation communication, and anyone managing power distribution automation. Also affects water utilities using the same platform for remote monitoring and control of pumps and gates.
How it could be exploited
An attacker with network access to the MDS PulseNET management interface could exploit authentication bypass vulnerabilities (CWE-798: hardcoded credentials, CWE-23: path traversal) to gain unauthorized administrative access without valid credentials. Once authenticated, the attacker could read sensitive configuration, monitoring data, or potentially send commands to connected RTUs and PLCs.
Prerequisites
  • Network access to MDS PulseNET management interface (typically port 80/443 or proprietary port)
  • No valid credentials required due to authentication bypass
  • Target must be running MDS PulseNET or MDS PulseNET Enterprise version 3.1.3 or earlier
No patch available (product end-of-life)Authentication bypass (hardcoded credentials or path traversal)Remote network access possibleAffects critical infrastructure monitoring and control
Exploitability
Moderate exploit probability (EPSS 1.6%)
Affected products (2)
2 EOL
ProductAffected VersionsFix Status
MDS PulseNET Enterprise: <=3.1.3≤ 3.1.3No fix (EOL)
MDS PulseNET: <=3.1.3≤ 3.1.3No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGSegment MDS PulseNET systems from the general network using a firewall. Restrict access to the management interface to authorized engineering workstations and SCADA networks only.
WORKAROUNDDisable or restrict unnecessary remote management features on MDS PulseNET if they are not in use.
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGImplement network monitoring on the MDS PulseNET management interface to detect unauthorized access attempts.
Long-term hardening
0/1
HOTFIXPlan decommissioning or replacement of MDS PulseNET systems with modern alternatives that receive active vendor support and security updates.
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/18f2492d-457a-4f4c-adce-77183ff3439e
GE MDS PulseNET Vulnerabilities - OTPulse