GE SNMP/Web Interface Vulnerabilities

Act Now8.8ICS-CERT ICSA-16-033-02Nov 5, 2016

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

GE SNMP/Web Interface adapter firmware versions prior to 4.8 contain command injection vulnerabilities (CWE-77, CWE-312) in the web interface and SNMP service. An authenticated user with valid credentials could execute arbitrary commands with the privileges of the adapter, potentially compromising connected industrial control devices and networks.

What this means

What could happen

An authenticated attacker with valid credentials could execute arbitrary commands on the SNMP/Web Interface adapter, potentially altering process parameters, collecting sensitive operational data, or disrupting communications with industrial control systems.

Who's at risk

GE industrial automation operators using SNMP/Web Interface adapters for remote device management, particularly in electric utilities, water authorities, and manufacturing facilities that rely on Ethernet-connected PLCs, RTUs, and IEDs for supervisory control.

How it could be exploited

An attacker with valid engineering or administrative credentials could access the web interface or SNMP service on the adapter and inject commands that allow code execution. This requires network-level access to the adapter's management ports (typically port 80 for HTTP or port 161 for SNMP).

Prerequisites

Valid engineering workstation or administrative credentials
Network access to the adapter's web interface (port 80) or SNMP service (port 161)
Adapter firmware version prior to 4.8

Requires valid credentialsHigh CVSS score (8.8)No patch availableHigh exploit probability (19.2% EPSS)Affects remote management interfaces

Exploitability

High exploit probability (EPSS 19.2%)

Affected products (1)

ProductAffected VersionsFix Status

SNMP/Web Interface adapter firmware: <4.8<4.8No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGRestrict network access to the SNMP/Web Interface adapter to authorized engineering workstations only using firewall rules or network segmentation

HARDENINGImplement strong access controls and change default credentials if present; enforce unique, complex passwords for all administrative accounts

WORKAROUNDDisable SNMP service if not required for operations

Mitigations - no patch available

0/2

SNMP/Web Interface adapter firmware: <4.8 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGMonitor adapter activity for unauthorized access attempts or unusual command execution

HARDENINGIsolate the adapter to a restricted management network separate from field devices

CVEs (2)

CVE-2016-0861 CVE-2016-0862

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/115a04c1-4980-41db-b901-d194c688cd61