Sign-up

ID

VAR-201812-0243


CVE

CVE-2018-15362


TITLE

GE Proficy Cimplicity GDS In XML External entity vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2018-014363

DESCRIPTION

XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0. GE Proficy Cimplicity GDS Is XML An external entity vulnerability exists.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. Attackers can exploit this issue to gain access to sensitive information or cause denial-of-service conditions. Versions prior to Global Discovery Server 2.1 are vulnerable

Trust: 1.89

sources: NVD: CVE-2018-15362 // JVNDB: JVNDB-2018-014363 // BID: 106133

AFFECTED PRODUCTS

vendor:gemodel:cimplicityscope:eqversion:9.5

Trust: 1.3

vendor:gemodel:cimplicityscope:eqversion:10.0

Trust: 1.3

vendor:gemodel:cimplicityscope:eqversion:9.0_r2

Trust: 1.0

vendor:general electricmodel:cimplicityscope:eqversion:10.0

Trust: 0.8

vendor:general electricmodel:cimplicityscope:eqversion:9.0 r2

Trust: 0.8

vendor:general electricmodel:cimplicityscope:eqversion:9.5

Trust: 0.8

vendor:gemodel:global discovery serverscope:eqversion:2.0

Trust: 0.3

vendor:gemodel:global discovery serverscope:eqversion:1.1

Trust: 0.3

vendor:gemodel:global discovery serverscope:eqversion:1.0

Trust: 0.3

vendor:gemodel:cimplicity r2scope:eqversion:9.0

Trust: 0.3

vendor:gemodel:global discovery serverscope:neversion:2.1

Trust: 0.3

sources: BID: 106133 // JVNDB: JVNDB-2018-014363 // NVD: CVE-2018-15362

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2018-15362
value: CRITICAL

Trust: 1.8

CNNVD: CNNVD-201812-278
value: MEDIUM

Trust: 0.6

NVD: CVE-2018-15362
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

NVD: CVE-2018-15362
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2018-014363 // CNNVD: CNNVD-201812-278 // NVD: CVE-2018-15362

PROBLEMTYPE DATA

problemtype:CWE-611

Trust: 1.8

sources: JVNDB: JVNDB-2018-014363 // NVD: CVE-2018-15362

THREAT TYPE

network

Trust: 0.3

sources: BID: 106133

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201812-278

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2018-15362

PATCH
title:CIMPLICITYurl:https://www.ge.com/digital/products/cimplicity
Trust: 0.8
title:GE Proficy CIMPLICITY Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87545
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014363 // 
            
            
            
            CNNVD: CNNVD-201812-278

EXTERNAL IDS
db:ICS CERTid:ICSA-18-340-01
Trust: 2.7
db:NVDid:CVE-2018-15362
Trust: 2.7
db:BIDid:106133
Trust: 1.9
db:JVNDBid:JVNDB-2018-014363
Trust: 0.8
db:CNNVDid:CNNVD-201812-278
Trust: 0.6
sources:
            
            
            BID: 106133 // 
            
            
            
            JVNDB: JVNDB-2018-014363 // 
            
            
            
            CNNVD: CNNVD-201812-278 // 
            
            
            
            NVD: CVE-2018-15362

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-340-01
Trust: 2.7
url:https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/07/klcert-18-025-general-electric-proficy-gds-xml-external-entity-xxe/
Trust: 2.4
url:http://www.securityfocus.com/bid/106133
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15362
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-15362
Trust: 0.8
url:http://www.ge-ip.com/
Trust: 0.3
url:https://digitalsupport.ge.com/communities/en_us/article/ge-digital-security-advisory-ged-18-01
Trust: 0.3
sources:
            
            
            BID: 106133 // 
            
            
            
            JVNDB: JVNDB-2018-014363 // 
            
            
            
            CNNVD: CNNVD-201812-278 // 
            
            
            
            NVD: CVE-2018-15362

CREDITS
Vladimir Dashchenko of Kaspersky Lab
Trust: 0.3
sources:
            
            
            BID: 106133

SOURCES
db:BIDid:106133
db:JVNDBid:JVNDB-2018-014363
db:CNNVDid:CNNVD-201812-278
db:NVDid:CVE-2018-15362

LAST UPDATE DATE
2022-05-04T08:54:39.630000+00:00

SOURCES UPDATE DATE
db:BIDid:106133date:2018-12-06T00:00:00
db:JVNDBid:JVNDB-2018-014363date:2019-03-19T00:00:00
db:CNNVDid:CNNVD-201812-278date:2019-02-13T00:00:00
db:NVDid:CVE-2018-15362date:2019-02-06T13:28:00

SOURCES RELEASE DATE
db:BIDid:106133date:2018-12-06T00:00:00
db:JVNDBid:JVNDB-2018-014363date:2019-03-19T00:00:00
db:CNNVDid:CNNVD-201812-278date:2018-12-07T00:00:00
db:NVDid:CVE-2018-15362date:2018-12-07T15:29:00