CVE-2015-6459 — HIGH (10.0)

Q: How severe is CVE-2015-6459?

CVE-2015-6459 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-6459?

Check the references section above for vendor advisories and patch information. Affected products include: Ge Mds Pulsenet.

Vulnerability Description

Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Ge	Mds Pulsenet	<= 3.1.3

Related Weaknesses (CWE)

CWE-22

References

http://www.gedigitalenergy.com/app/resources.aspx?prod=pulsenet&type=9Vendor Advisory
http://zerodayinitiative.com/advisories/ZDI-15-439/
https://ics-cert.us-cert.gov/advisories/ICSA-15-258-03Third Party AdvisoryUS Government Resource
http://www.gedigitalenergy.com/app/resources.aspx?prod=pulsenet&type=9Vendor Advisory
http://zerodayinitiative.com/advisories/ZDI-15-439/
https://ics-cert.us-cert.gov/advisories/ICSA-15-258-03Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2015-6459?

CVE-2015-6459 is a vulnerability with a CVSS score of 10.0 (HIGH). Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delet...

How severe is CVE-2015-6459?

CVE-2015-6459 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-6459?

Check the references section above for vendor advisories and patch information. Affected products include: Ge Mds Pulsenet.