Sign-up

ID

VAR-201806-0573


CVE

CVE-2018-10611


TITLE

GE MDS PulseNET and MDS PulseNET Enterprise Remote code execution vulnerability

Trust: 0.8

sources: IVD: e2f21e9f-39ab-11e9-92fe-000c29342cb1 // CNVD: CNVD-2018-11074

DESCRIPTION

Java remote method invocation (RMI) input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to allow unauthenticated users to launch applications and support remote code execution through web services. GE MDS PulseNET and MDS PulseNET Enterprise Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The interface is not sufficiently protected from low-privileged users. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE MDS PulseNET. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of the CommandLineService web service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code under the context of the current web service. GE MDS PulseNET and MDS PulseNET Enterprise are products of General Electric (GE). GE MDS PulseNET is a suite of network management software designed for radio communication systems. Attackers can exploit these issue to bypass the authentication mechanism, use a specially crafted request with directory-traversal sequences ('../') to access or read arbitrary files that contain sensitive information, or to cause a denial-of-service condition. The following products and versions are vulnerable: PulseNET Version 3.2.1 and prior PulseNET Enterprise Version 3.2.1

Trust: 5.76

sources: NVD: CVE-2018-10611 // JVNDB: JVNDB-2018-006279 // ZDI: ZDI-18-550 // ZDI: ZDI-18-551 // ZDI: ZDI-18-547 // ZDI: ZDI-18-548 // ZDI: ZDI-18-549 // CNVD: CNVD-2018-11074 // BID: 104377 // IVD: e2f21e9f-39ab-11e9-92fe-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2f21e9f-39ab-11e9-92fe-000c29342cb1 // CNVD: CNVD-2018-11074

AFFECTED PRODUCTS

vendor:gemodel:mds pulsenetscope: - version: -

Trust: 3.5

vendor:gemodel:mds pulsenetscope:lteversion:3.2.1

Trust: 1.0

vendor:gemodel:mds pulsenetscope:eqversion:3.2.1

Trust: 0.9

vendor:general electricmodel:mds pulsenetscope:lteversion:3.2.1

Trust: 0.8

vendor:general electricmodel:mds pulsenetscope:lteversion:enterprise 3.2.1

Trust: 0.8

vendor:gemodel:mds pulsenet enterprisescope:lteversion:<=3.2.1

Trust: 0.6

vendor:gemodel:mds pulsenetscope:lteversion:<=3.2.1

Trust: 0.6

vendor:mds pulsenetmodel: - scope:eqversion:*

Trust: 0.4

vendor:gemodel:mds pulsenet enterprisescope:eqversion:3.2.1

Trust: 0.3

vendor:gemodel:mds pulsenet enterprisescope:eqversion:3.1.5

Trust: 0.3

vendor:gemodel:mds pulsenet enterprisescope:eqversion:3.1.3

Trust: 0.3

vendor:gemodel:mds pulsenetscope:eqversion:3.1.5

Trust: 0.3

vendor:gemodel:mds pulsenetscope:eqversion:3.1.3

Trust: 0.3

vendor:gemodel:mds pulsenet enterprisescope:neversion:4.1

Trust: 0.3

vendor:gemodel:mds pulsenetscope:neversion:4.1

Trust: 0.3

sources: IVD: e2f21e9f-39ab-11e9-92fe-000c29342cb1 // ZDI: ZDI-18-550 // ZDI: ZDI-18-551 // ZDI: ZDI-18-547 // ZDI: ZDI-18-548 // ZDI: ZDI-18-549 // CNVD: CNVD-2018-11074 // BID: 104377 // JVNDB: JVNDB-2018-006279 // CNNVD: CNNVD-201806-269 // NVD: CVE-2018-10611

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2018-10611
value: HIGH

Trust: 2.8

nvd@nist.gov: CVE-2018-10611
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-10611
value: CRITICAL

Trust: 0.8

ZDI: CVE-2018-10611
value: MEDIUM

Trust: 0.7

CNVD: CNVD-2018-11074
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201806-269
value: CRITICAL

Trust: 0.6

IVD: e2f21e9f-39ab-11e9-92fe-000c29342cb1
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2018-10611
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 4.6

ZDI: CVE-2018-10611
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

CNVD: CNVD-2018-11074
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2f21e9f-39ab-11e9-92fe-000c29342cb1
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-10611
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2f21e9f-39ab-11e9-92fe-000c29342cb1 // ZDI: ZDI-18-550 // ZDI: ZDI-18-551 // ZDI: ZDI-18-547 // ZDI: ZDI-18-548 // ZDI: ZDI-18-549 // CNVD: CNVD-2018-11074 // JVNDB: JVNDB-2018-006279 // CNNVD: CNNVD-201806-269 // NVD: CVE-2018-10611

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2018-006279 // NVD: CVE-2018-10611

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-269

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201806-269

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-006279

PATCH
title:GE has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02
Trust: 3.5
title:Top Pageurl:https://www.ge.com/
Trust: 0.8
title:Patch for GE MDS PulseNET and MDS PulseNET Enterprise Remote Code Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/131449
Trust: 0.6
title:GE MDS PulseNET  and MDS PulseNET Enterprise Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80555
Trust: 0.6
sources:
            
            
            ZDI: ZDI-18-550 // 
            
            
            
            ZDI: ZDI-18-551 // 
            
            
            
            ZDI: ZDI-18-547 // 
            
            
            
            ZDI: ZDI-18-548 // 
            
            
            
            ZDI: ZDI-18-549 // 
            
            
            
            CNVD: CNVD-2018-11074 // 
            
            
            
            JVNDB: JVNDB-2018-006279 // 
            
            
            
            CNNVD: CNNVD-201806-269

EXTERNAL IDS
db:NVDid:CVE-2018-10611
Trust: 7.0
db:ICS CERTid:ICSA-18-151-02
Trust: 3.3
db:BIDid:104377
Trust: 1.9
db:CNVDid:CNVD-2018-11074
Trust: 0.8
db:CNNVDid:CNNVD-201806-269
Trust: 0.8
db:JVNDBid:JVNDB-2018-006279
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-5575
Trust: 0.7
db:ZDIid:ZDI-18-550
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-5591
Trust: 0.7
db:ZDIid:ZDI-18-551
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-5535
Trust: 0.7
db:ZDIid:ZDI-18-547
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-5536
Trust: 0.7
db:ZDIid:ZDI-18-548
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-5537
Trust: 0.7
db:ZDIid:ZDI-18-549
Trust: 0.7
db:IVDid:E2F21E9F-39AB-11E9-92FE-000C29342CB1
Trust: 0.2
sources:
            
            
            IVD: e2f21e9f-39ab-11e9-92fe-000c29342cb1 // 
            
            
            
            ZDI: ZDI-18-550 // 
            
            
            
            ZDI: ZDI-18-551 // 
            
            
            
            ZDI: ZDI-18-547 // 
            
            
            
            ZDI: ZDI-18-548 // 
            
            
            
            ZDI: ZDI-18-549 // 
            
            
            
            CNVD: CNVD-2018-11074 // 
            
            
            
            BID: 104377 // 
            
            
            
            JVNDB: JVNDB-2018-006279 // 
            
            
            
            CNNVD: CNNVD-201806-269 // 
            
            
            
            NVD: CVE-2018-10611

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-151-02
Trust: 6.8
url:http://www.gegridsolutions.com/app/downloadfile.aspx?prod=pulsenet&type=9&file=1
Trust: 2.2
url:http://www.securityfocus.com/bid/104377
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10611
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-10611
Trust: 0.8
url:http://www.ge.com/
Trust: 0.3
sources:
            
            
            ZDI: ZDI-18-550 // 
            
            
            
            ZDI: ZDI-18-551 // 
            
            
            
            ZDI: ZDI-18-547 // 
            
            
            
            ZDI: ZDI-18-548 // 
            
            
            
            ZDI: ZDI-18-549 // 
            
            
            
            CNVD: CNVD-2018-11074 // 
            
            
            
            BID: 104377 // 
            
            
            
            JVNDB: JVNDB-2018-006279 // 
            
            
            
            CNNVD: CNNVD-201806-269 // 
            
            
            
            NVD: CVE-2018-10611

CREDITS
rgod
Trust: 3.8
sources:
            
            
            ZDI: ZDI-18-550 // 
            
            
            
            ZDI: ZDI-18-551 // 
            
            
            
            ZDI: ZDI-18-547 // 
            
            
            
            ZDI: ZDI-18-548 // 
            
            
            
            ZDI: ZDI-18-549 // 
            
            
            
            BID: 104377

SOURCES
db:IVDid:e2f21e9f-39ab-11e9-92fe-000c29342cb1
db:ZDIid:ZDI-18-550
db:ZDIid:ZDI-18-551
db:ZDIid:ZDI-18-547
db:ZDIid:ZDI-18-548
db:ZDIid:ZDI-18-549
db:CNVDid:CNVD-2018-11074
db:BIDid:104377
db:JVNDBid:JVNDB-2018-006279
db:CNNVDid:CNNVD-201806-269
db:NVDid:CVE-2018-10611

LAST UPDATE DATE
2024-11-23T22:52:04.148000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-18-550date:2018-06-06T00:00:00
db:ZDIid:ZDI-18-551date:2018-06-06T00:00:00
db:ZDIid:ZDI-18-547date:2018-06-06T00:00:00
db:ZDIid:ZDI-18-548date:2018-06-06T00:00:00
db:ZDIid:ZDI-18-549date:2018-06-06T00:00:00
db:CNVDid:CNVD-2018-11074date:2018-06-07T00:00:00
db:BIDid:104377date:2018-05-31T00:00:00
db:JVNDBid:JVNDB-2018-006279date:2018-08-15T00:00:00
db:CNNVDid:CNNVD-201806-269date:2019-10-17T00:00:00
db:NVDid:CVE-2018-10611date:2024-11-21T03:41:39.733

SOURCES RELEASE DATE
db:IVDid:e2f21e9f-39ab-11e9-92fe-000c29342cb1date:2018-06-07T00:00:00
db:ZDIid:ZDI-18-550date:2018-06-06T00:00:00
db:ZDIid:ZDI-18-551date:2018-06-06T00:00:00
db:ZDIid:ZDI-18-547date:2018-06-06T00:00:00
db:ZDIid:ZDI-18-548date:2018-06-06T00:00:00
db:ZDIid:ZDI-18-549date:2018-06-06T00:00:00
db:CNVDid:CNVD-2018-11074date:2018-06-08T00:00:00
db:BIDid:104377date:2018-05-31T00:00:00
db:JVNDBid:JVNDB-2018-006279date:2018-08-15T00:00:00
db:CNNVDid:CNNVD-201806-269date:2018-06-04T00:00:00
db:NVDid:CVE-2018-10611date:2018-06-04T14:29:00.203