CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-6459

Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.019

EPSS Ranking 82.2%

CVSS Severity

CVSS v2 Score 10.0

References

http://www.gedigitalenergy.com/app/resources.aspx?prod=pulsenet&type=9
http://zerodayinitiative.com/advisories/ZDI-15-439/
https://ics-cert.us-cert.gov/advisories/ICSA-15-258-03
http://www.gedigitalenergy.com/app/resources.aspx?prod=pulsenet&type=9
http://zerodayinitiative.com/advisories/ZDI-15-439/
https://ics-cert.us-cert.gov/advisories/ICSA-15-258-03

Products affected by CVE-2015-6459

Ge » Mds Pulsenet » Version: 3.0.0

cpe:2.3:a:ge:mds_pulsenet:3.0.0
Ge » Mds Pulsenet » Version: 3.0.1

cpe:2.3:a:ge:mds_pulsenet:3.0.1
Ge » Mds Pulsenet » Version: 3.1.3

cpe:2.3:a:ge:mds_pulsenet:3.1.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-6459

Products

Pricing

Contact Us