Details of VAR-201806-0574

ID

VAR-201806-0574

CVE

CVE-2018-10613

TITLE

GE MDS PulseNET and MDS PulseNET Enterprise Information Disclosure Vulnerability

Trust: 0.8

sources: IVD: e2f5c81e-39ab-11e9-9077-000c29342cb1 // CNVD: CNVD-2018-12138

DESCRIPTION

Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of GE MDS PulseNET. Authentication is not required to exploit this vulnerability. The specific flaw exists within the XmlAdapterServlet servlet. Due to the improper restriction of XML External Entity (XXE) references, a specially crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information under the context of the service. GEMDSPulseNET and MDSPulseNETEnterprise are products of General Electric (GE). GEMDSPulseNET is a network management software designed for radio communication systems. MDSPulseNETEnterprise is its enterprise version. Security vulnerabilities existed in GEMDSPulseNET and MDSPulseNET Enterprise 3.2.1 and earlier. Multiple GE MDS PulseNET products are prone to multiple security vulnerabilities. Attackers can exploit these issue to bypass the authentication mechanism, use a specially crafted request with directory-traversal sequences ('../') to access or read arbitrary files that contain sensitive information, or to cause a denial-of-service condition

Trust: 6.39

sources: NVD: CVE-2018-10613 // JVNDB: JVNDB-2018-006278 // ZDI: ZDI-18-541 // ZDI: ZDI-18-542 // ZDI: ZDI-18-543 // ZDI: ZDI-18-545 // ZDI: ZDI-18-544 // ZDI: ZDI-18-554 // CNVD: CNVD-2018-12138 // BID: 104377 // IVD: e2f5c81e-39ab-11e9-9077-000c29342cb1

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: e2f5c81e-39ab-11e9-9077-000c29342cb1 // CNVD: CNVD-2018-12138

AFFECTED PRODUCTS

vendor:	ge	model:	mds pulsenet	scope:	-	version:	-	Trust: 4.2
vendor:	ge	model:	mds pulsenet	scope:	lte	version:	3.2.1	Trust: 1.0
vendor:	ge	model:	mds pulsenet	scope:	eq	version:	3.2.1	Trust: 0.9
vendor:	general electric	model:	mds pulsenet	scope:	lte	version:	3.2.1	Trust: 0.8
vendor:	general electric	model:	mds pulsenet	scope:	lte	version:	enterprise 3.2.1	Trust: 0.8
vendor:	ge	model:	mds pulsenet enterprise	scope:	lte	version:	<=3.2.1	Trust: 0.6
vendor:	ge	model:	mds pulsenet	scope:	lte	version:	<=3.2.1	Trust: 0.6
vendor:	mds pulsenet	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	ge	model:	mds pulsenet enterprise	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	ge	model:	mds pulsenet enterprise	scope:	eq	version:	3.1.5	Trust: 0.3
vendor:	ge	model:	mds pulsenet enterprise	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	ge	model:	mds pulsenet	scope:	eq	version:	3.1.5	Trust: 0.3
vendor:	ge	model:	mds pulsenet	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	ge	model:	mds pulsenet enterprise	scope:	ne	version:	4.1	Trust: 0.3
vendor:	ge	model:	mds pulsenet	scope:	ne	version:	4.1	Trust: 0.3

sources: IVD: e2f5c81e-39ab-11e9-9077-000c29342cb1 // ZDI: ZDI-18-541 // ZDI: ZDI-18-542 // ZDI: ZDI-18-543 // ZDI: ZDI-18-545 // ZDI: ZDI-18-544 // ZDI: ZDI-18-554 // CNVD: CNVD-2018-12138 // BID: 104377 // JVNDB: JVNDB-2018-006278 // CNNVD: CNNVD-201806-268 // NVD: CVE-2018-10613

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2018-10613
value:	MEDIUM
Trust: 4.2
nvd@nist.gov:	CVE-2018-10613
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-10613
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-12138
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201806-268
value:	HIGH
Trust: 0.6
IVD:	e2f5c81e-39ab-11e9-9077-000c29342cb1
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2018-10613
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 6.0
CNVD:	CNVD-2018-12138
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2f5c81e-39ab-11e9-9077-000c29342cb1
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2018-10613
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: IVD: e2f5c81e-39ab-11e9-9077-000c29342cb1 // ZDI: ZDI-18-541 // ZDI: ZDI-18-542 // ZDI: ZDI-18-543 // ZDI: ZDI-18-545 // ZDI: ZDI-18-544 // ZDI: ZDI-18-554 // CNVD: CNVD-2018-12138 // JVNDB: JVNDB-2018-006278 // CNNVD: CNNVD-201806-268 // NVD: CVE-2018-10613

PROBLEMTYPE DATA

problemtype:

CWE-611

Trust: 1.8

sources: JVNDB: JVNDB-2018-006278 // NVD: CVE-2018-10613

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-268

TYPE

Code problem

Trust: 0.8

sources: IVD: e2f5c81e-39ab-11e9-9077-000c29342cb1 // CNNVD: CNNVD-201806-268

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-006278

PATCH

title:	GE has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02	Trust: 4.2
title:	Top Page	url:	https://www.ge.com/	Trust: 0.8
title:	GEMDSPulseNETandMDSPulseNETEnterprise Information Disclosure Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/132869	Trust: 0.6
title:	GE MDS PulseNET and MDS PulseNET Enterprise Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80554	Trust: 0.6

sources: ZDI: ZDI-18-541 // ZDI: ZDI-18-542 // ZDI: ZDI-18-543 // ZDI: ZDI-18-545 // ZDI: ZDI-18-544 // ZDI: ZDI-18-554 // CNVD: CNVD-2018-12138 // JVNDB: JVNDB-2018-006278 // CNNVD: CNNVD-201806-268

EXTERNAL IDS

db:	NVD	id:	CVE-2018-10613	Trust: 7.7
db:	ICS CERT	id:	ICSA-18-151-02	Trust: 3.3
db:	BID	id:	104377	Trust: 1.9
db:	CNVD	id:	CNVD-2018-12138	Trust: 0.8
db:	CNNVD	id:	CNNVD-201806-268	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-006278	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-5517	Trust: 0.7
db:	ZDI	id:	ZDI-18-541	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5518	Trust: 0.7
db:	ZDI	id:	ZDI-18-542	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5538	Trust: 0.7
db:	ZDI	id:	ZDI-18-543	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5541	Trust: 0.7
db:	ZDI	id:	ZDI-18-545	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5539	Trust: 0.7
db:	ZDI	id:	ZDI-18-544	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5540	Trust: 0.7
db:	ZDI	id:	ZDI-18-554	Trust: 0.7
db:	IVD	id:	E2F5C81E-39AB-11E9-9077-000C29342CB1	Trust: 0.2

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-151-02	Trust: 7.5
url:	http://www.gegridsolutions.com/app/downloadfile.aspx?prod=pulsenet&type=9&file=1	Trust: 1.6
url:	http://www.securityfocus.com/bid/104377	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10613	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10613	Trust: 0.8
url:	http://www.ge.com/	Trust: 0.3

sources: ZDI: ZDI-18-541 // ZDI: ZDI-18-542 // ZDI: ZDI-18-543 // ZDI: ZDI-18-545 // ZDI: ZDI-18-544 // ZDI: ZDI-18-554 // CNVD: CNVD-2018-12138 // BID: 104377 // JVNDB: JVNDB-2018-006278 // CNNVD: CNNVD-201806-268 // NVD: CVE-2018-10613

CREDITS

rgod

Trust: 4.5

sources: ZDI: ZDI-18-541 // ZDI: ZDI-18-542 // ZDI: ZDI-18-543 // ZDI: ZDI-18-545 // ZDI: ZDI-18-544 // ZDI: ZDI-18-554 // BID: 104377

SOURCES

db:	IVD	id:	e2f5c81e-39ab-11e9-9077-000c29342cb1
db:	ZDI	id:	ZDI-18-541
db:	ZDI	id:	ZDI-18-542
db:	ZDI	id:	ZDI-18-543
db:	ZDI	id:	ZDI-18-545
db:	ZDI	id:	ZDI-18-544
db:	ZDI	id:	ZDI-18-554
db:	CNVD	id:	CNVD-2018-12138
db:	BID	id:	104377
db:	JVNDB	id:	JVNDB-2018-006278
db:	CNNVD	id:	CNNVD-201806-268
db:	NVD	id:	CVE-2018-10613

LAST UPDATE DATE

2024-11-23T22:52:04.044000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-541	date:	2018-06-06T00:00:00
db:	ZDI	id:	ZDI-18-542	date:	2018-06-06T00:00:00
db:	ZDI	id:	ZDI-18-543	date:	2018-06-06T00:00:00
db:	ZDI	id:	ZDI-18-545	date:	2018-06-06T00:00:00
db:	ZDI	id:	ZDI-18-544	date:	2018-06-06T00:00:00
db:	ZDI	id:	ZDI-18-554	date:	2018-06-07T00:00:00
db:	CNVD	id:	CNVD-2018-12138	date:	2018-06-27T00:00:00
db:	BID	id:	104377	date:	2018-05-31T00:00:00
db:	JVNDB	id:	JVNDB-2018-006278	date:	2018-08-15T00:00:00
db:	CNNVD	id:	CNNVD-201806-268	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-10613	date:	2024-11-21T03:41:39.983

SOURCES RELEASE DATE

db:	IVD	id:	e2f5c81e-39ab-11e9-9077-000c29342cb1	date:	2018-06-27T00:00:00
db:	ZDI	id:	ZDI-18-541	date:	2018-06-06T00:00:00
db:	ZDI	id:	ZDI-18-542	date:	2018-06-06T00:00:00
db:	ZDI	id:	ZDI-18-543	date:	2018-06-06T00:00:00
db:	ZDI	id:	ZDI-18-545	date:	2018-06-06T00:00:00
db:	ZDI	id:	ZDI-18-544	date:	2018-06-06T00:00:00
db:	ZDI	id:	ZDI-18-554	date:	2018-06-07T00:00:00
db:	CNVD	id:	CNVD-2018-12138	date:	2018-06-27T00:00:00
db:	BID	id:	104377	date:	2018-05-31T00:00:00
db:	JVNDB	id:	JVNDB-2018-006278	date:	2018-08-15T00:00:00
db:	CNNVD	id:	CNNVD-201806-268	date:	2018-06-04T00:00:00
db:	NVD	id:	CVE-2018-10613	date:	2018-06-04T14:29:00.250