Vulnerability Details CVE-2018-10613
Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1
- http://www.securityfocus.com/bid/104377
- https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02
- http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1
- http://www.securityfocus.com/bid/104377
- https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02
Products affected by CVE-2018-10613
-
cpe:2.3:a:ge:mds_pulsenet:3.0.0
-
cpe:2.3:a:ge:mds_pulsenet:3.0.1
-
cpe:2.3:a:ge:mds_pulsenet:3.1.3
-
cpe:2.3:a:ge:mds_pulsenet:3.2.0
-
cpe:2.3:a:ge:mds_pulsenet:3.2.1