CVE-2018-10615
published 2018-06-04CVE-2018-10615: Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior host platform.
PriorityP343high8.1CVSS 3.0
AVNACLPRLUINSUCHIHAN
EPSS
2.60%
83.4th percentile
Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior host platform.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ge | mds_pulsenet | <= 3.2.1 | — |
| ge | mds_pulsenet_and_mds_pulsenet_enterprise | — | — |
CVSS provenance
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
GE MDS PulseNET and MDS PulseNET Enterprise
cisa_ics·2018-05-31·CVSS 9.8
[CRITICAL] GE MDS PulseNET and MDS PulseNET Enterprise
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
GE MDS PulseNET and MDS PulseNET Enterprise
Last RevisedMay 31, 2018
Alert CodeICSA-18-151-02
## 1. EXECUTIVE SUMMARY
-
CVSS v3 7.3
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: GE
- Equipment: MDS PulseNET and MDS PulseNET Enterprise
- Vulnerabilities: Improper Authentication, Improper Restriction of XML External Entity Reference, Relative Path Traversal
## 2. RISK EVALUATION
Exploitation of these vulnerabilities may allow elevation of privilege and exfiltration of information on the host platform.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCT
GHSA
GHSA-8qc2-68rm-f7m2: Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS PulseNET Enterprise version 3
ghsa_unreviewed·2022-05-13
CVE-2018-10615 [HIGH] CWE-22 GHSA-8qc2-68rm-f7m2: Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS PulseNET Enterprise version 3
Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior host platform.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1http://www.securityfocus.com/bid/104377https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1http://www.securityfocus.com/bid/104377https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02
2018-06-04
Published