{"api_version":"1","generated_at":"2026-05-06T20:47:59+00:00","cve":"CVE-2018-10613","urls":{"html":"https://cve.report/CVE-2018-10613","api":"https://cve.report/api/cve/CVE-2018-10613.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-10613","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-10613"},"summary":{"title":"CVE-2018-10613","description":"Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior.","state":"PUBLIC","assigner":"ics-cert@hq.dhs.gov","published_at":"2018-06-04 14:29:00","updated_at":"2019-10-09 23:32:00"},"problem_types":["CWE-611"],"metrics":[],"references":[{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02","name":"https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02","refsource":"MISC","tags":["Third Party Advisory","US Government Resource"],"title":"GE MDS PulseNET and MDS PulseNET Enterprise | ICS-CERT","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/104377","name":"104377","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Multiple GE MDS PulseNET Products Multiple Security vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1","name":"http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1","refsource":"CONFIRM","tags":["Permissions Required"],"title":"Grid Passport Login : GE Grid Solutions","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-10613","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10613","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"10613","vulnerable":"1","versionEndIncluding":"3.2.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ge","cpe5":"mds_pulsenet","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"10613","vulnerable":"1","versionEndIncluding":"3.2.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ge","cpe5":"mds_pulsenet","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"enterprise","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","DATE_PUBLIC":"2018-05-31T00:00:00","ID":"CVE-2018-10613","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"MDS PulseNET and MDS PulseNET Enterprise","version":{"version_data":[{"version_value":"Version 3.2.1 and prior"}]}}]},"vendor_name":"GE"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"XXE CWE-611"}]}]},"references":{"reference_data":[{"name":"104377","refsource":"BID","url":"http://www.securityfocus.com/bid/104377"},{"name":"http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1","refsource":"CONFIRM","url":"http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1"},{"name":"https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02","refsource":"MISC","url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02"}]}},"nvd":{"publishedDate":"2018-06-04 14:29:00","lastModifiedDate":"2019-10-09 23:32:00","problem_types":["CWE-611"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ge:mds_pulsenet:*:*:*:*:*:*:*:*","versionEndIncluding":"3.2.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ge:mds_pulsenet:*:*:*:*:enterprise:*:*:*","versionEndIncluding":"3.2.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"10613","Ordinal":"127054","Title":"CVE-2018-10613","CVE":"CVE-2018-10613","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"10613","Ordinal":"1","NoteData":"Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"10613","Ordinal":"2","NoteData":"2018-06-04","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"10613","Ordinal":"3","NoteData":"2018-06-05","Type":"Other","Title":"Modified"}]}}}