Search criteria
7 vulnerabilities found for AMS Device Manager by Emerson
VAR-201505-0070
Vulnerability from variot - Updated: 2023-12-18 13:09SQL injection vulnerability in Emerson AMS Device Manager before 13 allows remote authenticated users to gain privileges via malformed input. Emerson Electric AMS Device Manager is a set of fixed asset management software. The software provides predictive diagnostics, device configuration management and more. The attacker can submit the malformed input to the affected software. This vulnerability can be used to access the application and its data files with administrator privileges. An authenticated attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201505-0070",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ams device manager",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "12.5"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "12.5"
},
{
"model": "ams device manager",
"scope": "lt",
"trust": 0.8,
"vendor": "emerson",
"version": "13"
},
{
"model": "ams device manager",
"scope": "lte",
"trust": 0.6,
"vendor": "emerson",
"version": "\u003c=12.5"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "12.4"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "12.3"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "12.2"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "12.1"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "12.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "ams device manager",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "8eaadd14-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-03472"
},
{
"db": "BID",
"id": "74774"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002810"
},
{
"db": "NVD",
"id": "CVE-2015-1008"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-505"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:emerson:ams_device_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1008"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson Process Management",
"sources": [
{
"db": "BID",
"id": "74774"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-505"
}
],
"trust": 0.9
},
"cve": "CVE-2015-1008",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-1008",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.1,
"id": "CNVD-2015-03472",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.1,
"id": "8eaadd14-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-1008",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-03472",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201505-505",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "8eaadd14-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "8eaadd14-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-03472"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002810"
},
{
"db": "NVD",
"id": "CVE-2015-1008"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-505"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in Emerson AMS Device Manager before 13 allows remote authenticated users to gain privileges via malformed input. Emerson Electric AMS Device Manager is a set of fixed asset management software. The software provides predictive diagnostics, device configuration management and more. The attacker can submit the malformed input to the affected software. This vulnerability can be used to access the application and its data files with administrator privileges. \nAn authenticated attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1008"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002810"
},
{
"db": "CNVD",
"id": "CNVD-2015-03472"
},
{
"db": "BID",
"id": "74774"
},
{
"db": "IVD",
"id": "8eaadd14-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-1008",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-15-111-01",
"trust": 3.3
},
{
"db": "BID",
"id": "74774",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2015-03472",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201505-505",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002810",
"trust": 0.8
},
{
"db": "IVD",
"id": "8EAADD14-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "8eaadd14-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-03472"
},
{
"db": "BID",
"id": "74774"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002810"
},
{
"db": "NVD",
"id": "CVE-2015-1008"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-505"
}
]
},
"id": "VAR-201505-0070",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "8eaadd14-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-03472"
}
],
"trust": 1.21025642
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "8eaadd14-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-03472"
}
]
},
"last_update_date": "2023-12-18T13:09:11.330000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSN15003-2 AMS Device Manager SQL Injection Vulnerability",
"trust": 0.8,
"url": "http://community.emerson.com/process/emerson-exchange/operateandmanage/deltav/deltav_security/b/securitynotificationblog/archive/2015/04/16/dsn15003-2-ams-device-management-sql-injection-vulnerability"
},
{
"title": "Emerson AMS Device Manager patch for local SQL injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/59067"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03472"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002810"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002810"
},
{
"db": "NVD",
"id": "CVE-2015-1008"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-111-01"
},
{
"trust": 1.6,
"url": "http://community.emerson.com/process/emerson-exchange/operateandmanage/deltav/deltav_security/b/securitynotificationblog/archive/2015/04/16/dsn15003-2-ams-device-management-sql-injection-vulnerability"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/74774"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1008"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1008"
},
{
"trust": 0.3,
"url": "http://www2.emersonprocess.com/en-us/brands/amssuite/amsdevicemanager/pages/amsdevicemanager.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03472"
},
{
"db": "BID",
"id": "74774"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002810"
},
{
"db": "NVD",
"id": "CVE-2015-1008"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-505"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "8eaadd14-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-03472"
},
{
"db": "BID",
"id": "74774"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002810"
},
{
"db": "NVD",
"id": "CVE-2015-1008"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-505"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-05-29T00:00:00",
"db": "IVD",
"id": "8eaadd14-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-05-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-03472"
},
{
"date": "2015-05-21T00:00:00",
"db": "BID",
"id": "74774"
},
{
"date": "2015-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002810"
},
{
"date": "2015-05-26T01:59:00.180000",
"db": "NVD",
"id": "CVE-2015-1008"
},
{
"date": "2015-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-505"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-05-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-03472"
},
{
"date": "2015-05-21T00:00:00",
"db": "BID",
"id": "74774"
},
{
"date": "2015-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002810"
},
{
"date": "2016-04-06T12:47:24.647000",
"db": "NVD",
"id": "CVE-2015-1008"
},
{
"date": "2015-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-505"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-505"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson AMS Device Manager In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002810"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "8eaadd14-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-505"
}
],
"trust": 0.8
}
}
VAR-201810-0393
Vulnerability from variot - Updated: 2023-12-18 12:43Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable and library files on the affected products. An attacker can exploit these issues to gain elevated privileges, bypass certain security restrictions and perform unauthorized actions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0393",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ams device manager",
"scope": "gte",
"trust": 1.0,
"vendor": "emerson",
"version": "12.0"
},
{
"model": "ams device manager",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "13.5"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "13.5"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "13.0"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "12.5"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "12.0"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "12.0 to 13.5"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "13.1.1"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "12.4"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "12.3"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "12.2"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "12.1"
}
],
"sources": [
{
"db": "BID",
"id": "105406"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010968"
},
{
"db": "NVD",
"id": "CVE-2018-14808"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1250"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:emerson:ams_device_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.5",
"versionStartIncluding": "12.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14808"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sergey Temnikov of Kaspersky Lab and Emerson",
"sources": [
{
"db": "BID",
"id": "105406"
}
],
"trust": 0.3
},
"cve": "CVE-2018-14808",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-14808",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-14808",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-14808",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-1250",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010968"
},
{
"db": "NVD",
"id": "CVE-2018-14808"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1250"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable and library files on the affected products. \nAn attacker can exploit these issues to gain elevated privileges, bypass certain security restrictions and perform unauthorized actions",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14808"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010968"
},
{
"db": "BID",
"id": "105406"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-18-270-01",
"trust": 2.7
},
{
"db": "NVD",
"id": "CVE-2018-14808",
"trust": 2.7
},
{
"db": "BID",
"id": "105406",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010968",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1250",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "105406"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010968"
},
{
"db": "NVD",
"id": "CVE-2018-14808"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1250"
}
]
},
"id": "VAR-201810-0393",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.41025642
},
"last_update_date": "2023-12-18T12:43:51.091000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AMS Device Manager",
"trust": 0.8,
"url": "https://www.emerson.com/en-us/catalog/ams-ams-device-manager"
},
{
"title": "Emerson Electric AMS Device Manager Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=85259"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010968"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1250"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010968"
},
{
"db": "NVD",
"id": "CVE-2018-14808"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-270-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/105406"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14808"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14808"
},
{
"trust": 0.3,
"url": "http://www2.emersonprocess.com/en-us/brands/amssuite/amsdevicemanager/pages/amsdevicemanager.aspx"
}
],
"sources": [
{
"db": "BID",
"id": "105406"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010968"
},
{
"db": "NVD",
"id": "CVE-2018-14808"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1250"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "105406"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010968"
},
{
"db": "NVD",
"id": "CVE-2018-14808"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1250"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-27T00:00:00",
"db": "BID",
"id": "105406"
},
{
"date": "2018-12-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010968"
},
{
"date": "2018-10-01T15:29:00.573000",
"db": "NVD",
"id": "CVE-2018-14808"
},
{
"date": "2018-09-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1250"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-27T00:00:00",
"db": "BID",
"id": "105406"
},
{
"date": "2018-12-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010968"
},
{
"date": "2019-10-09T23:35:15.327000",
"db": "NVD",
"id": "CVE-2018-14808"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1250"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1250"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson AMS Device Manager Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010968"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1250"
}
],
"trust": 0.6
}
}
VAR-201810-0390
Vulnerability from variot - Updated: 2023-12-18 12:43Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution. Emerson AMS Device Manager Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The software provides predictive diagnostics, equipment configuration management, and more. An attacker can exploit these issues to gain elevated privileges, bypass certain security restrictions and perform unauthorized actions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0390",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ams device manager",
"scope": "gte",
"trust": 1.0,
"vendor": "emerson",
"version": "12.0"
},
{
"model": "ams device manager",
"scope": "lte",
"trust": 1.0,
"vendor": "emerson",
"version": "13.5"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "13.5"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "13.0"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "12.5"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.9,
"vendor": "emerson",
"version": "12.0"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.8,
"vendor": "emerson",
"version": "12.0 to 13.5"
},
{
"model": "electric emerson electric ams device manager",
"scope": "gte",
"trust": 0.6,
"vendor": "emerson",
"version": "12.0,\u003c=13.5"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.6,
"vendor": "emerson",
"version": "13.1.1"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "12.4"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "12.3"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "12.2"
},
{
"model": "ams device manager",
"scope": "eq",
"trust": 0.3,
"vendor": "emerson",
"version": "12.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20678"
},
{
"db": "BID",
"id": "105406"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010967"
},
{
"db": "NVD",
"id": "CVE-2018-14804"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1249"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:emerson:ams_device_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.5",
"versionStartIncluding": "12.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14804"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sergey Temnikov of Kaspersky Lab and Emerson",
"sources": [
{
"db": "BID",
"id": "105406"
}
],
"trust": 0.3
},
"cve": "CVE-2018-14804",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-14804",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-20678",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-14804",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-14804",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-20678",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-1249",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20678"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010967"
},
{
"db": "NVD",
"id": "CVE-2018-14804"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1249"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution. Emerson AMS Device Manager Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The software provides predictive diagnostics, equipment configuration management, and more. \nAn attacker can exploit these issues to gain elevated privileges, bypass certain security restrictions and perform unauthorized actions",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14804"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010967"
},
{
"db": "CNVD",
"id": "CNVD-2018-20678"
},
{
"db": "BID",
"id": "105406"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14804",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-18-270-01",
"trust": 2.7
},
{
"db": "BID",
"id": "105406",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010967",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-20678",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1249",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20678"
},
{
"db": "BID",
"id": "105406"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010967"
},
{
"db": "NVD",
"id": "CVE-2018-14804"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1249"
}
]
},
"id": "VAR-201810-0390",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20678"
}
],
"trust": 1.30512821
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20678"
}
]
},
"last_update_date": "2023-12-18T12:43:51.116000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AMS Device Manager",
"trust": 0.8,
"url": "https://www.emerson.com/en-us/catalog/ams-ams-device-manager"
},
{
"title": "Patch for Emerson AMS Device Manager Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/141837"
},
{
"title": "Emerson Electric AMS Device Manager Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=85258"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20678"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010967"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1249"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010967"
},
{
"db": "NVD",
"id": "CVE-2018-14804"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-270-01"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/105406"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14804"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14804"
},
{
"trust": 0.3,
"url": "http://www2.emersonprocess.com/en-us/brands/amssuite/amsdevicemanager/pages/amsdevicemanager.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20678"
},
{
"db": "BID",
"id": "105406"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010967"
},
{
"db": "NVD",
"id": "CVE-2018-14804"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1249"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-20678"
},
{
"db": "BID",
"id": "105406"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010967"
},
{
"db": "NVD",
"id": "CVE-2018-14804"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1249"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20678"
},
{
"date": "2018-09-27T00:00:00",
"db": "BID",
"id": "105406"
},
{
"date": "2018-12-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010967"
},
{
"date": "2018-10-01T15:29:00.463000",
"db": "NVD",
"id": "CVE-2018-14804"
},
{
"date": "2018-09-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1249"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20678"
},
{
"date": "2018-09-27T00:00:00",
"db": "BID",
"id": "105406"
},
{
"date": "2018-12-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010967"
},
{
"date": "2019-10-09T23:35:14.780000",
"db": "NVD",
"id": "CVE-2018-14804"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1249"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1249"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Emerson AMS Device Manager Code injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010967"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1249"
}
],
"trust": 0.6
}
}
CVE-2018-14808 (GCVE-0-2018-14808)
Vulnerability from cvelistv5 – Published: 2018-10-01 16:00 – Updated: 2024-09-17 03:54
VLAI?
Summary
Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable and library files on the affected products.
Severity ?
No CVSS data available.
CWE
- CWE-269 - IMPROPER PRIVILEGE MANAGEMENT CWE-269
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Emerson | AMS Device Manager |
Affected:
v12.0 to v13.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-01"
},
{
"name": "105406",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105406"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AMS Device Manager",
"vendor": "Emerson",
"versions": [
{
"status": "affected",
"version": "v12.0 to v13.5"
}
]
}
],
"datePublic": "2018-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable and library files on the affected products."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "IMPROPER PRIVILEGE MANAGEMENT CWE-269",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-02T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-01"
},
{
"name": "105406",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105406"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-27T00:00:00",
"ID": "CVE-2018-14808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AMS Device Manager",
"version": {
"version_data": [
{
"version_value": "v12.0 to v13.5"
}
]
}
}
]
},
"vendor_name": "Emerson"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable and library files on the affected products."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER PRIVILEGE MANAGEMENT CWE-269"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-01"
},
{
"name": "105406",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105406"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14808",
"datePublished": "2018-10-01T16:00:00Z",
"dateReserved": "2018-08-01T00:00:00",
"dateUpdated": "2024-09-17T03:54:18.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14804 (GCVE-0-2018-14804)
Vulnerability from cvelistv5 – Published: 2018-10-01 16:00 – Updated: 2024-09-17 00:16
VLAI?
Summary
Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution.
Severity ?
No CVSS data available.
CWE
- CWE-284 - IMPROPER ACCESS CONTROL CWE-284
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Emerson | AMS Device Manager |
Affected:
v12.0 to v13.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-01"
},
{
"name": "105406",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105406"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AMS Device Manager",
"vendor": "Emerson",
"versions": [
{
"status": "affected",
"version": "v12.0 to v13.5"
}
]
}
],
"datePublic": "2018-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "IMPROPER ACCESS CONTROL CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-02T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-01"
},
{
"name": "105406",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105406"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-27T00:00:00",
"ID": "CVE-2018-14804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AMS Device Manager",
"version": {
"version_data": [
{
"version_value": "v12.0 to v13.5"
}
]
}
}
]
},
"vendor_name": "Emerson"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER ACCESS CONTROL CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-01"
},
{
"name": "105406",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105406"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14804",
"datePublished": "2018-10-01T16:00:00Z",
"dateReserved": "2018-08-01T00:00:00",
"dateUpdated": "2024-09-17T00:16:05.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14808 (GCVE-0-2018-14808)
Vulnerability from nvd – Published: 2018-10-01 16:00 – Updated: 2024-09-17 03:54
VLAI?
Summary
Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable and library files on the affected products.
Severity ?
No CVSS data available.
CWE
- CWE-269 - IMPROPER PRIVILEGE MANAGEMENT CWE-269
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Emerson | AMS Device Manager |
Affected:
v12.0 to v13.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-01"
},
{
"name": "105406",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105406"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AMS Device Manager",
"vendor": "Emerson",
"versions": [
{
"status": "affected",
"version": "v12.0 to v13.5"
}
]
}
],
"datePublic": "2018-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable and library files on the affected products."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "IMPROPER PRIVILEGE MANAGEMENT CWE-269",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-02T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-01"
},
{
"name": "105406",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105406"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-27T00:00:00",
"ID": "CVE-2018-14808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AMS Device Manager",
"version": {
"version_data": [
{
"version_value": "v12.0 to v13.5"
}
]
}
}
]
},
"vendor_name": "Emerson"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable and library files on the affected products."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER PRIVILEGE MANAGEMENT CWE-269"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-01"
},
{
"name": "105406",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105406"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14808",
"datePublished": "2018-10-01T16:00:00Z",
"dateReserved": "2018-08-01T00:00:00",
"dateUpdated": "2024-09-17T03:54:18.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-14804 (GCVE-0-2018-14804)
Vulnerability from nvd – Published: 2018-10-01 16:00 – Updated: 2024-09-17 00:16
VLAI?
Summary
Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution.
Severity ?
No CVSS data available.
CWE
- CWE-284 - IMPROPER ACCESS CONTROL CWE-284
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Emerson | AMS Device Manager |
Affected:
v12.0 to v13.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:38:13.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-01"
},
{
"name": "105406",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105406"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AMS Device Manager",
"vendor": "Emerson",
"versions": [
{
"status": "affected",
"version": "v12.0 to v13.5"
}
]
}
],
"datePublic": "2018-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "IMPROPER ACCESS CONTROL CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-02T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-01"
},
{
"name": "105406",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105406"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-27T00:00:00",
"ID": "CVE-2018-14804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AMS Device Manager",
"version": {
"version_data": [
{
"version_value": "v12.0 to v13.5"
}
]
}
}
]
},
"vendor_name": "Emerson"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER ACCESS CONTROL CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-01"
},
{
"name": "105406",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105406"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-14804",
"datePublished": "2018-10-01T16:00:00Z",
"dateReserved": "2018-08-01T00:00:00",
"dateUpdated": "2024-09-17T00:16:05.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}