CVE-2019-6548 – GE Communicator versions prior to 4.0.517 conta... (How to Fix)

Q: What is the severity of CVE-2019-6548?

CVE-2019-6548 has a CVSS score of 9.8 (CRITICAL). GE Communicator versions prior to 4.0.517 contain two hardcoded backdoor accounts that allow attackers to gain full control over the database. This affects all users running vulnerable versions of GE Communicator. The service is protected by default Windows firewall settings, limiting exposure.

📋 TL;DR

GE Communicator versions prior to 4.0.517 contain two hardcoded backdoor accounts that allow attackers to gain full control over the database. This affects all users running vulnerable versions of GE Communicator. The service is protected by default Windows firewall settings, limiting exposure.

💻 Affected Systems

Products:

GE Communicator

Versions: All versions prior to 4.0.517

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerable by default, but service is protected by Windows firewall default settings which block external access.

📦 What is this software?

Ge Communicator by Ge

View all CVEs affecting Ge Communicator →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the GE Communicator database, allowing attackers to modify, delete, or exfiltrate sensitive industrial control system data, potentially disrupting operations.

🟠

Likely Case

Unauthorized access to the database by attackers who can reach the service, leading to data theft or manipulation if firewall rules are misconfigured.

🟢

If Mitigated

Minimal impact if Windows firewall blocks external access and proper network segmentation is in place, though internal threats remain.

🌐 Internet-Facing: LOW - The service is not internet-facing by default due to Windows firewall settings, but risk increases if firewall is disabled or misconfigured.

🏢 Internal Only: HIGH - Internal attackers or malware with network access can exploit the hardcoded credentials to gain database control.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation is straightforward using the hardcoded credentials if network access is available; no authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.0.517

Vendor Advisory: https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02

Restart Required: Yes

Instructions:

1. Download GE Communicator version 4.0.517 or later from GE Digital. 2. Install the update following vendor instructions. 3. Restart the system to apply changes.

🔧 Temporary Workarounds

Block Service Ports with Firewall

windows

Configure Windows firewall or network firewalls to block inbound connections to GE Communicator service ports.

netsh advfirewall firewall add rule name="Block GE Communicator" dir=in action=block protocol=TCP localport=<port_number>

Network Segmentation

all

Isolate GE Communicator systems on a separate network segment with strict access controls.

🧯 If You Can't Patch

Ensure Windows firewall is enabled and configured to block all inbound connections to GE Communicator ports.
Implement strict network access controls and monitor for unauthorized access attempts to the service.

🔍 How to Verify

Check if Vulnerable:

Check GE Communicator version in the application interface or installation directory; versions below 4.0.517 are vulnerable.

Check Version:

Check application properties or consult GE Digital documentation for version details.

Verify Fix Applied:

Confirm GE Communicator version is 4.0.517 or higher after patching and verify no unauthorized accounts exist in the database.

📡 Detection & Monitoring

Log Indicators:

Failed or successful login attempts using hardcoded account names in GE Communicator logs
Unusual database access patterns

Network Indicators:

Inbound connections to GE Communicator service ports from unauthorized IPs
Traffic patterns indicating database queries or modifications

SIEM Query:

source="GE Communicator" AND (event_type="login" AND (username="backdoor_account1" OR username="backdoor_account2"))

📊 Metadata

CVE ID: CVE-2019-6548

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-798

Published: May 9, 2019

Last Updated: November 21, 2024

🔗 References

https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02 Mitigation,Third Party Advisory,US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-19-122-02 Mitigation,Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-6548, you might also want to check these: