An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. Direct access to the API is possible on TCP port 8888 via programs located in the cgi-bin folder without any authentication.
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Link | Tags |
---|---|
https://wid.cert-bund.de/.well-known/csaf/white/2022/bsi-2022-0005.json | third party advisory |