CVE-2022-43977

EUVD-2022-46945
An issue was discovered on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. The debug port accessible via TCP (a qconn service) lacks access control.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
gems_3000_firmware
𝑥
< 3.7.6.25p0_3.2.2.17p0_4.7p0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://wid.cert-bund.de/.well-known/csaf/white/2022/bsi-2022-0005.json
https://wid.cert-bund.de/.well-known/csaf/white/2022/bsi-2022-0005.json