CVE-2018-10611
CRITICALGE MDS PulseNET < 3.2.1 - Unauthenticated Remote Code Execution via Java RMI
Title source: llmDescription
Java remote method invocation (RMI) input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to allow unauthenticated users to launch applications and support remote code execution through web services.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104377
Permissions Required x_refsource_confirm
http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02
Scores
CVSS v3
9.8
EPSS
0.0506
EPSS Percentile
91.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (1)
ge/mds_pulsenet
< 3.2.1 (2 CPE variants)
Published
Jun 04, 2018
Tracked Since
Feb 18, 2026