CVE-2018-10613

Published: Jun 4, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior.

Affected (2)

Products: Ge: Mds Pulsenet

1 product

Mds Pulsenet

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ge Mds Pulsenet	Up to 3.2.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Ge Mds Pulsenet	Up to 3.2.1

Related CWEs

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (6)

http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1

Source: ics-cert@hq.dhs.gov

Permissions Required

http://www.securityfocus.com/bid/104377

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

http://www.securityfocus.com/bid/104377

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.