CVE-2016-2310 – GE Multilink industrial switches have hardcoded... (How to Fix)

Q: What is the severity of CVE-2016-2310?

CVE-2016-2310 has a CVSS score of 9.8 (CRITICAL). GE Multilink industrial switches have hardcoded credentials that allow remote attackers to modify configuration settings via the web interface. This affects multiple switch models with outdated firmware, potentially compromising industrial control systems.

📋 TL;DR

GE Multilink industrial switches have hardcoded credentials that allow remote attackers to modify configuration settings via the web interface. This affects multiple switch models with outdated firmware, potentially compromising industrial control systems.

💻 Affected Systems

Products:

GE Multilink ML800
ML1200
ML1600
ML2400
ML810
ML3000
ML3100

Versions: ML800/1200/1600/2400: firmware before 5.5.0; ML810/3000/3100: firmware before 5.5.0k

Operating Systems: Switch firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All affected switches with default configurations are vulnerable. Web interface must be enabled (typically default).

📦 What is this software?

Multilink Firmware by Ge

View all CVEs affecting Multilink Firmware →

Multilink Firmware by Ge

View all CVEs affecting Multilink Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete network compromise allowing attackers to reconfigure switches, disrupt industrial operations, intercept traffic, or pivot to other critical systems.

🟠

Likely Case

Unauthorized configuration changes leading to network disruption, data interception, or denial of service in industrial environments.

🟢

If Mitigated

Limited impact if switches are isolated from untrusted networks and monitored for configuration changes.

🌐 Internet-Facing: HIGH - Web interface accessible remotely with hardcoded credentials makes exploitation trivial.

🏢 Internal Only: HIGH - Even internally, any attacker with network access can exploit these credentials.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only knowledge of hardcoded credentials and network access to web interface. No special tools needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: ML800/1200/1600/2400: 5.5.0 or later; ML810/3000/3100: 5.5.0k or later

Vendor Advisory: https://ics-cert.us-cert.gov/advisories/ICSA-16-154-01

Restart Required: Yes

Instructions:

1. Download firmware update from GE authorized distributor. 2. Backup current configuration. 3. Upload new firmware via web interface or console. 4. Reboot switch. 5. Verify firmware version and test functionality.

🔧 Temporary Workarounds

Network segmentation

all

Isolate switches from untrusted networks and restrict access to management interfaces.

Disable web interface

all

Disable HTTP/HTTPS management if not required, use console or SSH instead.

configure terminal
no ip http server
no ip http secure-server
end
write memory

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach switch management interfaces
Monitor for unauthorized configuration changes and failed login attempts

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface (System > About) or CLI (show version). Compare against patched versions.

Check Version:

show version

Verify Fix Applied:

Confirm firmware version is 5.5.0 or later for ML800/1200/1600/2400, or 5.5.0k or later for ML810/3000/3100.

📡 Detection & Monitoring

Log Indicators:

Unauthorized login attempts using default credentials
Unexpected configuration changes
Web interface access from unusual IPs

Network Indicators:

HTTP/HTTPS traffic to switch management interfaces from unauthorized sources
Configuration file transfers

SIEM Query:

source_ip IN (switch_management_ips) AND (event_type='login_failure' OR event_type='configuration_change')

📊 Metadata

CVE ID: CVE-2016-2310

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-798

Published: June 9, 2016

Last Updated: April 12, 2025

🔗 References

https://ics-cert.us-cert.gov/advisories/ICSA-16-154-01 Third Party Advisory,US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-16-154-01 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2016-2310, you might also want to check these: