Main Vulnerability Database Vulnerabilities #VU16537

Path traversal in GE products - CVE-2018-19003

Published: December 13, 2018 / Updated: December 14, 2018

Vulnerability identifier: #VU16537

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-19003

CWE-ID: CWE-22

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: GE

Affected software:
LS2100e
EX2100e_Reg
EX2100e
Mark VIe

Detailed vulnerability description

The vulnerability allows an adjacent unauthenticated attacker to obtain potentially sensitive information.

The vulnerability exists due to improper restriction of the ability of an attacker to gain access to restricted information. An adjacent attacker can conduct directory traversal attack and gain access to potentially sensitive information.

How to mitigate CVE-2018-19003

Update the affected products to the latest versions.

Sources

https://ics-cert.us-cert.gov/advisories/ICSA-18-347-04

Path traversal in GE products - CVE-2018-19003

Detailed vulnerability description

How to mitigate CVE-2018-19003

Sources

Please verify you're human