CVE-2018-10613
HIGHGE MDS PulseNET and MDS PulseNET Enterprise <= 3.2.1 - XML External Entity Injection
Title source: llmDescription
Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104377
Permissions Required x_refsource_confirm
http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02
Scores
CVSS v3
7.5
EPSS
0.1828
EPSS Percentile
96.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-611
Status
published
Products (1)
ge/mds_pulsenet
< 3.2.1 (2 CPE variants)
Published
Jun 04, 2018
Tracked Since
Feb 18, 2026