Vulnerabilites related to GE - MDS PulseNET and MDS PulseNET Enterprise
CVE-2018-10613 (GCVE-0-2018-10613)
Vulnerability from cvelistv5
Published
2018-06-04 14:00
Modified
2024-09-16 16:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-611 - XXE
Summary
Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GE | MDS PulseNET and MDS PulseNET Enterprise |
Version: Version 3.2.1 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:46.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104377",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104377"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet\u0026type=9\u0026file=1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MDS PulseNET and MDS PulseNET Enterprise",
"vendor": "GE",
"versions": [
{
"status": "affected",
"version": "Version 3.2.1 and prior"
}
]
}
],
"datePublic": "2018-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "XXE CWE-611",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-05T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "104377",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104377"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet\u0026type=9\u0026file=1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-05-31T00:00:00",
"ID": "CVE-2018-10613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MDS PulseNET and MDS PulseNET Enterprise",
"version": {
"version_data": [
{
"version_value": "Version 3.2.1 and prior"
}
]
}
}
]
},
"vendor_name": "GE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XXE CWE-611"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104377",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104377"
},
{
"name": "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet\u0026type=9\u0026file=1",
"refsource": "CONFIRM",
"url": "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet\u0026type=9\u0026file=1"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10613",
"datePublished": "2018-06-04T14:00:00Z",
"dateReserved": "2018-05-01T00:00:00",
"dateUpdated": "2024-09-16T16:52:57.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10611 (GCVE-0-2018-10611)
Vulnerability from cvelistv5
Published
2018-06-04 14:00
Modified
2024-09-16 18:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Improper Authentication
Summary
Java remote method invocation (RMI) input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to allow unauthenticated users to launch applications and support remote code execution through web services.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GE | MDS PulseNET and MDS PulseNET Enterprise |
Version: Version 3.2.1 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:46.151Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104377",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104377"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet\u0026type=9\u0026file=1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MDS PulseNET and MDS PulseNET Enterprise",
"vendor": "GE",
"versions": [
{
"status": "affected",
"version": "Version 3.2.1 and prior"
}
]
}
],
"datePublic": "2018-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Java remote method invocation (RMI) input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to allow unauthenticated users to launch applications and support remote code execution through web services."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-05T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "104377",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104377"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet\u0026type=9\u0026file=1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-05-31T00:00:00",
"ID": "CVE-2018-10611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MDS PulseNET and MDS PulseNET Enterprise",
"version": {
"version_data": [
{
"version_value": "Version 3.2.1 and prior"
}
]
}
}
]
},
"vendor_name": "GE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Java remote method invocation (RMI) input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to allow unauthenticated users to launch applications and support remote code execution through web services."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authentication CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104377",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104377"
},
{
"name": "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet\u0026type=9\u0026file=1",
"refsource": "CONFIRM",
"url": "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet\u0026type=9\u0026file=1"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10611",
"datePublished": "2018-06-04T14:00:00Z",
"dateReserved": "2018-05-01T00:00:00",
"dateUpdated": "2024-09-16T18:33:38.782Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10615 (GCVE-0-2018-10615)
Vulnerability from cvelistv5
Published
2018-06-04 14:00
Modified
2024-09-16 23:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-23 - Relative path traversal
Summary
Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior host platform.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GE | MDS PulseNET and MDS PulseNET Enterprise |
Version: Version 3.2.1 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:46.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104377",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104377"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet\u0026type=9\u0026file=1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MDS PulseNET and MDS PulseNET Enterprise",
"vendor": "GE",
"versions": [
{
"status": "affected",
"version": "Version 3.2.1 and prior"
}
]
}
],
"datePublic": "2018-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior host platform."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "Relative path traversal CWE-23",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-05T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "104377",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104377"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet\u0026type=9\u0026file=1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-05-31T00:00:00",
"ID": "CVE-2018-10615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MDS PulseNET and MDS PulseNET Enterprise",
"version": {
"version_data": [
{
"version_value": "Version 3.2.1 and prior"
}
]
}
}
]
},
"vendor_name": "GE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior host platform."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Relative path traversal CWE-23"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104377",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104377"
},
{
"name": "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet\u0026type=9\u0026file=1",
"refsource": "CONFIRM",
"url": "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet\u0026type=9\u0026file=1"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10615",
"datePublished": "2018-06-04T14:00:00Z",
"dateReserved": "2018-05-01T00:00:00",
"dateUpdated": "2024-09-16T23:51:13.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}