CVE-2015-3976

Published: Aug 28, 2017Modified: May 13, 2026

5.4

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier.

Affected (7)

Products: Ge: Multilink Ml810 Firmware, Multilink Ml3000 Firmware, Multilink Ml3100 Firmware, Multilink Ml800 Firmware, Multilink Ml1200 Firmware, Multilink Ml1600 Firmware, Multilink Ml2400 Firmware

7 products

Multilink Ml810 Firmware

Multilink Ml3000 Firmware

Multilink Ml3100 Firmware

Multilink Ml800 Firmware

Multilink Ml1200 Firmware

Multilink Ml1600 Firmware

Multilink Ml2400 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilink Ml810 Firmware	Version 5.2.0

Running on/with	Platform Versions
Ge Multilink Ml810	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilink Ml3000 Firmware	Up to 5.2.0

Running on/with	Platform Versions
Ge Multilink Ml3000	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilink Ml3100 Firmware	Up to 5.2.0

Running on/with	Platform Versions
Ge Multilink Ml3100	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilink Ml800 Firmware	Version 4.2.1

Running on/with	Platform Versions
Ge Multilink Ml800	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilink Ml1200 Firmware	Version 4.2.1

Running on/with	Platform Versions
Ge Multilink Ml1200	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilink Ml1600 Firmware	Version 4.2.1

Running on/with	Platform Versions
Ge Multilink Ml1600	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Multilink Ml2400 Firmware	Version 4.2.1

Running on/with	Platform Versions
Ge Multilink Ml2400	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

http://www.gedigitalenergy.com/products/support/multilink/MLSB1214.pdf

Source: ics-cert@hq.dhs.gov

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2015/icsa-15-013-04a.json

Source: ics-cert@hq.dhs.gov

https://www.cisa.gov/news-events/ics-advisories/icsa-15-013-04a

Source: ics-cert@hq.dhs.gov

https://ics-cert.us-cert.gov/advisories/ICSA-15-013-04A

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.