{"api_version":"1","generated_at":"2026-05-06T20:53:56+00:00","cve":"CVE-2018-10611","urls":{"html":"https://cve.report/CVE-2018-10611","api":"https://cve.report/api/cve/CVE-2018-10611.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-10611","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-10611"},"summary":{"title":"CVE-2018-10611","description":"Java remote method invocation (RMI) input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to allow unauthenticated users to launch applications and support remote code execution through web services.","state":"PUBLIC","assigner":"ics-cert@hq.dhs.gov","published_at":"2018-06-04 14:29:00","updated_at":"2019-10-09 23:32:00"},"problem_types":["CWE-287"],"metrics":[],"references":[{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02","name":"https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02","refsource":"MISC","tags":["Third Party Advisory","US Government Resource"],"title":"GE MDS PulseNET and MDS PulseNET Enterprise | ICS-CERT","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/104377","name":"104377","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Multiple GE MDS PulseNET Products Multiple Security vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1","name":"http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1","refsource":"CONFIRM","tags":["Permissions Required"],"title":"Grid Passport Login : GE Grid Solutions","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-10611","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10611","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"10611","vulnerable":"1","versionEndIncluding":"3.2.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ge","cpe5":"mds_pulsenet","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"10611","vulnerable":"1","versionEndIncluding":"3.2.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ge","cpe5":"mds_pulsenet","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"enterprise","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","DATE_PUBLIC":"2018-05-31T00:00:00","ID":"CVE-2018-10611","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"MDS PulseNET and MDS PulseNET Enterprise","version":{"version_data":[{"version_value":"Version 3.2.1 and prior"}]}}]},"vendor_name":"GE"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Java remote method invocation (RMI) input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to allow unauthenticated users to launch applications and support remote code execution through web services."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Improper Authentication CWE-287"}]}]},"references":{"reference_data":[{"name":"104377","refsource":"BID","url":"http://www.securityfocus.com/bid/104377"},{"name":"http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1","refsource":"CONFIRM","url":"http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1"},{"name":"https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02","refsource":"MISC","url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02"}]}},"nvd":{"publishedDate":"2018-06-04 14:29:00","lastModifiedDate":"2019-10-09 23:32:00","problem_types":["CWE-287"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ge:mds_pulsenet:*:*:*:*:*:*:*:*","versionEndIncluding":"3.2.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ge:mds_pulsenet:*:*:*:*:enterprise:*:*:*","versionEndIncluding":"3.2.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"10611","Ordinal":"127052","Title":"CVE-2018-10611","CVE":"CVE-2018-10611","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"10611","Ordinal":"1","NoteData":"Java remote method invocation (RMI) input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to allow unauthenticated users to launch applications and support remote code execution through web services.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"10611","Ordinal":"2","NoteData":"2018-06-04","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"10611","Ordinal":"3","NoteData":"2018-06-05","Type":"Other","Title":"Modified"}]}}}