CVE-2018-19003 - OpenCVE

GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to 05.02.04C, EX2100e All versions prior to v04.09.00C, EX2100e_Reg All versions prior to v04.09.00C, and LS2100e All versions prior to v04.09.00C The affected versions of the application have a path traversal vulnerability that fails to restrict the ability of an attacker to gain access to restricted information.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ge	Ex2100e Ex2100e Firmware Ls2100e Ls2100e Firmware Mark Vle Mark Vle Firmware

Configuration 1 [-]

AND

cpe:2.3:o:ge:ex2100e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:o:ge:ex2100e:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:ge:ls2100e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:ls2100e:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:ge:ex2100e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:ex2100e:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:ge:ls2100e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:ls2100e:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:ge:mark_vle_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:mark_vle:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/106216
https://ics-cert.us-cert.gov/advisories/ICSA-18-347-04

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2018-12-14T15:00:00

Updated: 2024-08-05T11:23:08.535Z

Reserved: 2018-11-06T00:00:00

Link: CVE-2018-19003

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-12-14T15:29:00.747

Modified: 2019-10-09T23:37:34.943

Link: CVE-2018-19003

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e", "vendor": "n/a", "versions": [{"status": "affected", "version": "Mark VIe Versions 03.03.28C to 05.02.04C, EX2100e All versions prior to v04.09.00C, EX2100e_Reg All versions prior to v04.09.00C, and LS2100e All versions prior to v04.09.00C"}]}], "datePublic": "2018-12-14T00:00:00", "descriptions": [{"lang": "en", "value": "GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to 05.02.04C, EX2100e All versions prior to v04.09.00C, EX2100e_Reg All versions prior to v04.09.00C, and LS2100e All versions prior to v04.09.00C The affected versions of the application have a path traversal vulnerability that fails to restrict the ability of an attacker to gain access to restricted information."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-12-17T10:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-347-04"}, {"name": "106216", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106216"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2018-19003", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e", "version": {"version_data": [{"version_value": "Mark VIe Versions 03.03.28C to 05.02.04C, EX2100e All versions prior to v04.09.00C, EX2100e_Reg All versions prior to v04.09.00C, and LS2100e All versions prior to v04.09.00C"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to 05.02.04C, EX2100e All versions prior to v04.09.00C, EX2100e_Reg All versions prior to v04.09.00C, and LS2100e All versions prior to v04.09.00C The affected versions of the application have a path traversal vulnerability that fails to restrict the ability of an attacker to gain access to restricted information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-347-04", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-347-04"}, {"name": "106216", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106216"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T11:23:08.535Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-347-04"}, {"name": "106216", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/106216"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-19003", "datePublished": "2018-12-14T15:00:00", "dateReserved": "2018-11-06T00:00:00", "dateUpdated": "2024-08-05T11:23:08.535Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:ex2100e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "79EE486E-36EC-486C-8665-D8DF029F0553", "versionEndExcluding": "04.09.00c", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ge:ex2100e:-:*:*:*:*:*:*:*", "matchCriteriaId": "A84E36E9-F67D-4552-B2BC-B7F987D8B587", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:ls2100e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2C4D98A-6243-499D-BBE9-4AF54C2D3C6A", "versionEndExcluding": "04.09.00c", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ge:ls2100e:-:*:*:*:*:*:*:*", "matchCriteriaId": "E5FEC5E9-EE73-4112-AA65-0FA9AD346D2C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:ex2100e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC9144A3-E38D-48A1-95AA-E4EC124FB4FA", "versionEndIncluding": "05.02.04c", "versionStartIncluding": "03.03.28c", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ge:ex2100e:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7DD6059-E65B-4A12-8865-47C75D098149", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:ls2100e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "65939C9B-E564-481D-BAC0-AE7CFEA1D507", "versionEndIncluding": "05.02.04c", "versionStartIncluding": "03.03.28c", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ge:ls2100e:-:*:*:*:*:*:*:*", "matchCriteriaId": "E5FEC5E9-EE73-4112-AA65-0FA9AD346D2C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:mark_vle_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A5AB762-0A96-4959-B34F-DABAC207E6F7", "versionEndIncluding": "05.02.04c", "versionStartIncluding": "03.03.28c", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ge:mark_vle:-:*:*:*:*:*:*:*", "matchCriteriaId": "934BABDA-5F53-401F-9D25-00057B9E8689", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to 05.02.04C, EX2100e All versions prior to v04.09.00C, EX2100e_Reg All versions prior to v04.09.00C, and LS2100e All versions prior to v04.09.00C The affected versions of the application have a path traversal vulnerability that fails to restrict the ability of an attacker to gain access to restricted information."}, {"lang": "es", "value": "GE Mark VIe, EX2100e, EX2100e_Reg, y LS2100e desde la versi\u00f3n 03.03.28C hasta la 05.02.04C, EX2100e en todas las versiones anteriores a la v04.09.00C, EX2100e_Reg en todas las versiones anteriores a la v04.09.00C, y LS2100e en todas las versiones anteriores a la v04.09.00C. Las versiones afectadas de la aplicaci\u00f3n tienen una vulnerabilidad de salto de directorio que no restringe la capacidad de un atacante de obtener acceso a informaci\u00f3n restringida."}], "id": "CVE-2018-19003", "lastModified": "2019-10-09T23:37:34.943", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-12-14T15:29:00.747", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106216"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["US Government Resource", "Third Party Advisory"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-347-04"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}