Vulnerability Details : CVE-2018-10613
Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior.
Vulnerability category: XML external entity (XXE) injection
Products affected by CVE-2018-10613
- cpe:2.3:a:ge:mds_pulsenet:*:*:*:*:*:*:*:*
- cpe:2.3:a:ge:mds_pulsenet:*:*:*:*:enterprise:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-10613
0.43%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-10613
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2018-10613
-
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.Assigned by:
- ics-cert@hq.dhs.gov (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2018-10613
-
https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02
GE MDS PulseNET and MDS PulseNET Enterprise | CISAThird Party Advisory;US Government Resource
-
http://www.securityfocus.com/bid/104377
Multiple GE MDS PulseNET Products Multiple Security vulnerabilitiesThird Party Advisory;VDB Entry
-
http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1
Grid Passport Login : GE Grid SolutionsPermissions Required
Jump to