CVE-2018-10611
published 2018-06-04CVE-2018-10611: Java remote method invocation (RMI) input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to allow unauthenticated…
PriorityP264critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
5.06%
91.2th percentile
Java remote method invocation (RMI) input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to allow unauthenticated users to launch applications and support remote code execution through web services.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ge | mds_pulsenet | <= 3.2.1 | — |
| ge | mds_pulsenet_and_mds_pulsenet_enterprise | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2018-10611 exploits the Java RMI input port on GE MDS PulseNET to allow unauthenticated remote code execution via Web Services; monitor for unexpected inbound connections to Java RMI ports (default 1099/tcp) on PulseNET servers ↗
- ·No known public exploits specifically targeting CVE-2018-10611 were identified at time of advisory publication ↗
- ·The vulnerability is network-exploitable with no authentication required and low attack complexity, increasing risk for internet-exposed PulseNET deployments ↗
- ·CVSS v3 base score is 7.3 with vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L, reflecting unauthenticated network access with impacts across confidentiality, integrity, and availability ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
GE MDS PulseNET and MDS PulseNET Enterprise
cisa_ics·2018-05-31·CVSS 9.8
[CRITICAL] GE MDS PulseNET and MDS PulseNET Enterprise
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
GE MDS PulseNET and MDS PulseNET Enterprise
Last RevisedMay 31, 2018
Alert CodeICSA-18-151-02
## 1. EXECUTIVE SUMMARY
-
CVSS v3 7.3
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: GE
- Equipment: MDS PulseNET and MDS PulseNET Enterprise
- Vulnerabilities: Improper Authentication, Improper Restriction of XML External Entity Reference, Relative Path Traversal
## 2. RISK EVALUATION
Exploitation of these vulnerabilities may allow elevation of privilege and exfiltration of information on the host platform.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCT
GHSA
GHSA-phjq-8f4h-vmmv: Java remote method invocation (RMI) input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3
ghsa_unreviewed·2022-05-13
CVE-2018-10611 [CRITICAL] CWE-287 GHSA-phjq-8f4h-vmmv: Java remote method invocation (RMI) input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3
Java remote method invocation (RMI) input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to allow unauthenticated users to launch applications and support remote code execution through web services.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1http://www.securityfocus.com/bid/104377https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1http://www.securityfocus.com/bid/104377https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02
2018-06-04
Published