VAR-201812-0243
Vulnerability from variot - Updated: 2022-05-04 08:54XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0. GE Proficy Cimplicity GDS Is XML An external entity vulnerability exists.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. Attackers can exploit this issue to gain access to sensitive information or cause denial-of-service conditions. Versions prior to Global Discovery Server 2.1 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201812-0243",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cimplicity",
"scope": "eq",
"trust": 1.3,
"vendor": "ge",
"version": "9.5"
},
{
"model": "cimplicity",
"scope": "eq",
"trust": 1.3,
"vendor": "ge",
"version": "10.0"
},
{
"model": "cimplicity",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": "9.0_r2"
},
{
"model": "cimplicity",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": "10.0"
},
{
"model": "cimplicity",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": "9.0 r2"
},
{
"model": "cimplicity",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": "9.5"
},
{
"model": "global discovery server",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "2.0"
},
{
"model": "global discovery server",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "1.1"
},
{
"model": "global discovery server",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "1.0"
},
{
"model": "cimplicity r2",
"scope": "eq",
"trust": 0.3,
"vendor": "ge",
"version": "9.0"
},
{
"model": "global discovery server",
"scope": "ne",
"trust": 0.3,
"vendor": "ge",
"version": "2.1"
}
],
"sources": [
{
"db": "BID",
"id": "106133"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014363"
},
{
"db": "NVD",
"id": "CVE-2018-15362"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:9.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:cimplicity:9.0_r2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15362"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vladimir Dashchenko of Kaspersky Lab",
"sources": [
{
"db": "BID",
"id": "106133"
}
],
"trust": 0.3
},
"cve": "CVE-2018-15362",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-15362",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-15362",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 1.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-15362",
"trust": 1.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-278",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014363"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-278"
},
{
"db": "NVD",
"id": "CVE-2018-15362"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0. GE Proficy Cimplicity GDS Is XML An external entity vulnerability exists.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. \nAttackers can exploit this issue to gain access to sensitive information or cause denial-of-service conditions. \nVersions prior to Global Discovery Server 2.1 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15362"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014363"
},
{
"db": "BID",
"id": "106133"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-18-340-01",
"trust": 2.7
},
{
"db": "NVD",
"id": "CVE-2018-15362",
"trust": 2.7
},
{
"db": "BID",
"id": "106133",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014363",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201812-278",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "106133"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014363"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-278"
},
{
"db": "NVD",
"id": "CVE-2018-15362"
}
]
},
"id": "VAR-201812-0243",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.47142857
},
"last_update_date": "2022-05-04T08:54:39.630000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CIMPLICITY",
"trust": 0.8,
"url": "https://www.ge.com/digital/products/cimplicity"
},
{
"title": "GE Proficy CIMPLICITY Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87545"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014363"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-278"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-611",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014363"
},
{
"db": "NVD",
"id": "CVE-2018-15362"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-340-01"
},
{
"trust": 2.4,
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/07/klcert-18-025-general-electric-proficy-gds-xml-external-entity-xxe/"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/106133"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15362"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15362"
},
{
"trust": 0.3,
"url": "http://www.ge-ip.com/"
},
{
"trust": 0.3,
"url": "https://digitalsupport.ge.com/communities/en_us/article/ge-digital-security-advisory-ged-18-01"
}
],
"sources": [
{
"db": "BID",
"id": "106133"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014363"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-278"
},
{
"db": "NVD",
"id": "CVE-2018-15362"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "106133"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014363"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-278"
},
{
"db": "NVD",
"id": "CVE-2018-15362"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-06T00:00:00",
"db": "BID",
"id": "106133"
},
{
"date": "2019-03-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014363"
},
{
"date": "2018-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-278"
},
{
"date": "2018-12-07T15:29:00",
"db": "NVD",
"id": "CVE-2018-15362"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-06T00:00:00",
"db": "BID",
"id": "106133"
},
{
"date": "2019-03-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014363"
},
{
"date": "2019-02-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-278"
},
{
"date": "2019-02-06T13:28:00",
"db": "NVD",
"id": "CVE-2018-15362"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "106133"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE Proficy Cimplicity GDS In XML External entity vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014363"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-278"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…