Unrated severityNVD Advisory· Published Sep 18, 2015· Updated May 6, 2026

CVE-2015-6459

Description

Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary files via a full pathname.

Affected products

Ge/Mds Pulsenet2 versions
cpe:2.3:a:ge:mds_pulsenet:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:ge:mds_pulsenet:*:*:*:*:*:*:*:*range: <=3.1.3
- cpe:2.3:a:ge:mds_pulsenet:*:*:*:*:enterprise:*:*:*range: <=3.1.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.gedigitalenergy.com/app/resources.aspxnvdVendor Advisory
ics-cert.us-cert.gov/advisories/ICSA-15-258-03nvdThird Party AdvisoryUS Government Resource
zerodayinitiative.com/advisories/ZDI-15-439/nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000