CVE-2015-6459
Summary
| CVE | CVE-2015-6459 |
|---|---|
| State | PUBLISHED |
| Assigner | icscert |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-09-18 22:59:07 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:N/AC:L/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ge | Mds Pulsenet | All | All | All | All |
| Application | Ge | Mds Pulsenet | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| MDS PulseNet - Support Documents | af854a3a-2127-422b-91ae-364da2661108 | www.gedigitalenergy.com | Vendor Advisory |
| Zero Day Initiative | af854a3a-2127-422b-91ae-364da2661108 | zerodayinitiative.com | |
| GE MDS PulseNET Vulnerabilities | ICS-CERT | af854a3a-2127-422b-91ae-364da2661108 | ics-cert.us-cert.gov | Third Party Advisory, US Government Resource |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.