CVE-2019-13559

CVE-2019-13559

Vendor N/A
Product GE Mark VIe Controller
Weakness CWE-798 · Hardcoded credentials
Published April 7, 2020
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

GE Mark VIe Controller is shipped with pre-configured hard-coded credentials that may allow root-user access to the controller. A limited application of the affected product may ship without setup and configuration instructions immediately available to the end user. The bulk of controllers go into applications requiring the GE commissioning engineer to change default configurations during the installation process. GE recommends that users reset controller passwords during installation in the operating environment.

Key dates

02Disclosure timeline

April 7, 2020 CVE published
August 4, 2024 Record updated