Main Vulnerability Database Vulnerabilities #VU16537

#VU16537 Path traversal in GE products - CVE-2018-19003

Published: December 13, 2018 / Updated: December 14, 2018

Vulnerability identifier: #VU16537

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-19003

CWE-ID: CWE-22

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
LS2100e
EX2100e_Reg
EX2100e
Mark VIe

Software vendor:
GE

Description

The vulnerability allows an adjacent unauthenticated attacker to obtain potentially sensitive information.

The vulnerability exists due to improper restriction of the ability of an attacker to gain access to restricted information. An adjacent attacker can conduct directory traversal attack and gain access to potentially sensitive information.

Remediation

Update the affected products to the latest versions.

External links

https://ics-cert.us-cert.gov/advisories/ICSA-18-347-04

#VU16537 Path traversal in GE products - CVE-2018-19003

Description

Remediation

External links

Please verify you're human