CVE-2018-19003

GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to 05.02.04C, EX2100e All versions prior to v04.09.00C, EX2100e_Reg All versions prior to v04.09.00C, and LS2100e All versions prior to v04.09.00C The affected versions of the application have a path traversal vulnerability that fails to restrict the ability of an attacker to gain access to restricted information.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
icscertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
VendorProductVersion
geex2100e_firmware
𝑥
< 04.09.00c
gels2100e_firmware
𝑥
< 04.09.00c
geex2100e_firmware
03.03.28c ≤
𝑥
≤ 05.02.04c
gels2100e_firmware
03.03.28c ≤
𝑥
≤ 05.02.04c
gemark_vle_firmware
03.03.28c ≤
𝑥
≤ 05.02.04c
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/106216
https://ics-cert.us-cert.gov/advisories/ICSA-18-347-04
http://www.securityfocus.com/bid/106216
https://ics-cert.us-cert.gov/advisories/ICSA-18-347-04