Vulnerability Description
Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior.
CVSS Score
7.5
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ge | Mds Pulsenet | <= 3.2.1 |
Related Weaknesses (CWE)
References
- http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1Permissions Required
- http://www.securityfocus.com/bid/104377Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02Third Party AdvisoryUS Government Resource
- http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1Permissions Required
- http://www.securityfocus.com/bid/104377Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2018-10613?
CVE-2018-10613 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior.
How severe is CVE-2018-10613?
CVE-2018-10613 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-10613?
Check the references section above for vendor advisories and patch information. Affected products include: Ge Mds Pulsenet.