Search criteria
8 vulnerabilities found for TELEM GW6 by Martem
VAR-201807-0338
Vulnerability from variot - Updated: 2023-12-18 13:13Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel. Martem TELEM GW6 and GWM The device firmware contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Martem specializes in providing distribution network monitoring remote control systems, and its customers include distribution companies and industrial and transportation companies with their own power grids. Multiple Martem Products are prone to the following security vulnerabilities. 1. An security bypass vulnerability. 2. A denial-of-service vulnerability. 3. An cross-site scripting vulnerability. Attackers can exploit these issues to bypass certain security restrictions to perform unauthorized actions, steal cookie-based authentication credentials, to execute arbitrary scripts in the context of the web browser. Failed exploit attempts will result in a denial-of-service condition. The following products are affected: GW6 Version 2018.04.18-linux_4-01-601cb47 and prior. GWM Version 2018.04.18-linux_4-01-601cb47 and prior. Both Martem GW6 and GWM are data processor products of Estonian Martem Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-0338",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "telem-gwm",
"scope": "lte",
"trust": 1.0,
"vendor": "martem",
"version": "2018.04.18-linux_4-01-601cb47"
},
{
"model": "telem-gw6",
"scope": "lte",
"trust": 1.0,
"vendor": "martem",
"version": "2018.04.18-linux_4-01-601cb47"
},
{
"model": "telem gw6",
"scope": "lte",
"trust": 0.8,
"vendor": "martem",
"version": "2018.04.18-linux_4-01-601cb47"
},
{
"model": "telem gwm",
"scope": "lte",
"trust": 0.8,
"vendor": "martem",
"version": "2018.04.18-linux_4-01-601cb47"
},
{
"model": "gw6 \u003c=2018.04.18-linux 4-01-601cb47",
"scope": null,
"trust": 0.6,
"vendor": "martem",
"version": null
},
{
"model": "gwm \u003c=2018.04.18-linux 4-01-601cb47",
"scope": null,
"trust": 0.6,
"vendor": "martem",
"version": null
},
{
"model": "telem gw6",
"scope": "eq",
"trust": 0.6,
"vendor": "martem",
"version": "2018.04.18-linux_4-01-601cb47"
},
{
"model": "telem gwm",
"scope": "eq",
"trust": 0.6,
"vendor": "martem",
"version": "2018.04.18-linux_4-01-601cb47"
},
{
"model": "gwm 2018.04.18-linux 4-0",
"scope": null,
"trust": 0.3,
"vendor": "martem",
"version": null
},
{
"model": "gw6 2018.04.18-linux 4-0",
"scope": null,
"trust": 0.3,
"vendor": "martem",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "telem gwm",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "telem gw6",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2f09800-39ab-11e9-bd1b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10590"
},
{
"db": "BID",
"id": "104286"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008779"
},
{
"db": "NVD",
"id": "CVE-2018-10607"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-1161"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:martem:telem-gwm_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2018.04.18-linux_4-01-601cb47",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:martem:telem-gwm:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:martem:telem-gw6_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2018.04.18-linux_4-01-601cb47",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:martem:telem-gw6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10607"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Latvia,Bernhards Blumbergs and Arturs Danilevics of CERT.LV",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-1161"
}
],
"trust": 0.6
},
"cve": "CVE-2018-10607",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-10607",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-10590",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "e2f09800-39ab-11e9-bd1b-000c29342cb1",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-120383",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-10607",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-10607",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-10590",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-1161",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2f09800-39ab-11e9-bd1b-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-120383",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f09800-39ab-11e9-bd1b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10590"
},
{
"db": "VULHUB",
"id": "VHN-120383"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008779"
},
{
"db": "NVD",
"id": "CVE-2018-10607"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-1161"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel. Martem TELEM GW6 and GWM The device firmware contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Martem specializes in providing distribution network monitoring remote control systems, and its customers include distribution companies and industrial and transportation companies with their own power grids. Multiple Martem Products are prone to the following security vulnerabilities. \n1. An security bypass vulnerability. \n2. A denial-of-service vulnerability. \n3. An cross-site scripting vulnerability. \nAttackers can exploit these issues to bypass certain security restrictions to perform unauthorized actions, steal cookie-based authentication credentials, to execute arbitrary scripts in the context of the web browser. Failed exploit attempts will result in a denial-of-service condition. \nThe following products are affected:\nGW6 Version 2018.04.18-linux_4-01-601cb47 and prior. \nGWM Version 2018.04.18-linux_4-01-601cb47 and prior. Both Martem GW6 and GWM are data processor products of Estonian Martem Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10607"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008779"
},
{
"db": "CNVD",
"id": "CNVD-2018-10590"
},
{
"db": "BID",
"id": "104286"
},
{
"db": "IVD",
"id": "e2f09800-39ab-11e9-bd1b-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-120383"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10607",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-142-01",
"trust": 3.4
},
{
"db": "BID",
"id": "104286",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201805-1161",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-10590",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008779",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F09800-39AB-11E9-BD1B-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-120383",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2f09800-39ab-11e9-bd1b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10590"
},
{
"db": "VULHUB",
"id": "VHN-120383"
},
{
"db": "BID",
"id": "104286"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008779"
},
{
"db": "NVD",
"id": "CVE-2018-10607"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-1161"
}
]
},
"id": "VAR-201807-0338",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f09800-39ab-11e9-bd1b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10590"
},
{
"db": "VULHUB",
"id": "VHN-120383"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f09800-39ab-11e9-bd1b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10590"
}
]
},
"last_update_date": "2023-12-18T13:13:47.719000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SA1805184",
"trust": 0.8,
"url": "https://martem.eu/csa/martem_csa_telem_1805184.pdf"
},
{
"title": "Martem GW6 and GWM Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=80638"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008779"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-1161"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-120383"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008779"
},
{
"db": "NVD",
"id": "CVE-2018-10607"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-142-01"
},
{
"trust": 2.0,
"url": "http://martem.eu/csa/martem_csa_telem_1805184.pdf"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/104286"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10607"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10607"
},
{
"trust": 0.3,
"url": "http://martem.ee/"
},
{
"trust": 0.3,
"url": "http://martem.eu/csa/martem_csa_telem_1805182.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-10590"
},
{
"db": "VULHUB",
"id": "VHN-120383"
},
{
"db": "BID",
"id": "104286"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008779"
},
{
"db": "NVD",
"id": "CVE-2018-10607"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-1161"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f09800-39ab-11e9-bd1b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10590"
},
{
"db": "VULHUB",
"id": "VHN-120383"
},
{
"db": "BID",
"id": "104286"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008779"
},
{
"db": "NVD",
"id": "CVE-2018-10607"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-1161"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-30T00:00:00",
"db": "IVD",
"id": "e2f09800-39ab-11e9-bd1b-000c29342cb1"
},
{
"date": "2018-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-10590"
},
{
"date": "2018-07-31T00:00:00",
"db": "VULHUB",
"id": "VHN-120383"
},
{
"date": "2018-05-22T00:00:00",
"db": "BID",
"id": "104286"
},
{
"date": "2018-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008779"
},
{
"date": "2018-07-31T17:29:00.327000",
"db": "NVD",
"id": "CVE-2018-10607"
},
{
"date": "2018-06-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-1161"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-10590"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-120383"
},
{
"date": "2018-05-22T00:00:00",
"db": "BID",
"id": "104286"
},
{
"date": "2018-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008779"
},
{
"date": "2021-06-23T14:21:44.137000",
"db": "NVD",
"id": "CVE-2018-10607"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-1161"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-1161"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Martem TELEM-GW6/GWM Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2f09800-39ab-11e9-bd1b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10590"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "e2f09800-39ab-11e9-bd1b-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-1161"
}
],
"trust": 0.8
}
}
VAR-201810-0086
Vulnerability from variot - Updated: 2023-12-18 13:13Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow unprivileged users to modify/upload a new system configuration or take the full control over the RTU using default credentials to connect to the RTU. Martem TELEM GW6/GWM Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MartemTELEMGW6/GWM are data processor products from Martem, Estonia. A security vulnerability exists in versions prior to MartemTELEMGW6/GWM2.0.87-4018403-k4
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0086",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "telem-gwm",
"scope": "lt",
"trust": 1.0,
"vendor": "martem",
"version": "2.0.87-4018403-k4"
},
{
"model": "telem-gw6",
"scope": "lt",
"trust": 1.0,
"vendor": "martem",
"version": "2.0.87-4018403-k4"
},
{
"model": "telem gw6",
"scope": "lt",
"trust": 0.8,
"vendor": "martem",
"version": "2.0.87-4018403-k4"
},
{
"model": "telem gwm",
"scope": "lt",
"trust": 0.8,
"vendor": "martem",
"version": "2.0.87-4018403-k4"
},
{
"model": "telem gw6/gwm \u003c2.0.87-4018403-k4",
"scope": null,
"trust": 0.6,
"vendor": "martem",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "telem gw6",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "telem gwm",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "1bbcf237-5eda-443e-ad18-33424687df2c"
},
{
"db": "CNVD",
"id": "CNVD-2019-07031"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010915"
},
{
"db": "NVD",
"id": "CVE-2018-10605"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:martem:telem-gw6_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.87-4018403-k4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:martem:telem-gw6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:martem:telem-gwm_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.0.87-4018403-k4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:martem:telem-gwm:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10605"
}
]
},
"cve": "CVE-2018-10605",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-10605",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-07031",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "1bbcf237-5eda-443e-ad18-33424687df2c",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-10605",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-10605",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-07031",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-020",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "1bbcf237-5eda-443e-ad18-33424687df2c",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1bbcf237-5eda-443e-ad18-33424687df2c"
},
{
"db": "CNVD",
"id": "CNVD-2019-07031"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010915"
},
{
"db": "NVD",
"id": "CVE-2018-10605"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-020"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow unprivileged users to modify/upload a new system configuration or take the full control over the RTU using default credentials to connect to the RTU. Martem TELEM GW6/GWM Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MartemTELEMGW6/GWM are data processor products from Martem, Estonia. A security vulnerability exists in versions prior to MartemTELEMGW6/GWM2.0.87-4018403-k4",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10605"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010915"
},
{
"db": "CNVD",
"id": "CNVD-2019-07031"
},
{
"db": "IVD",
"id": "1bbcf237-5eda-443e-ad18-33424687df2c"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10605",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-18-142-01",
"trust": 2.4
},
{
"db": "CNVD",
"id": "CNVD-2019-07031",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-020",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010915",
"trust": 0.8
},
{
"db": "IVD",
"id": "1BBCF237-5EDA-443E-AD18-33424687DF2C",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "1bbcf237-5eda-443e-ad18-33424687df2c"
},
{
"db": "CNVD",
"id": "CNVD-2019-07031"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010915"
},
{
"db": "NVD",
"id": "CVE-2018-10605"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-020"
}
]
},
"id": "VAR-201810-0086",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1bbcf237-5eda-443e-ad18-33424687df2c"
},
{
"db": "CNVD",
"id": "CNVD-2019-07031"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "1bbcf237-5eda-443e-ad18-33424687df2c"
},
{
"db": "CNVD",
"id": "CNVD-2019-07031"
}
]
},
"last_update_date": "2023-12-18T13:13:47.797000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SA1805183",
"trust": 0.8,
"url": "https://martem.eu/csa/martem_csa_telem_1805183.pdf"
},
{
"title": "Patch for MartemTELEMGW6/GWM privilege vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/156129"
},
{
"title": "Martem TELEM GW6/GWM Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86118"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07031"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010915"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-020"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1188",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010915"
},
{
"db": "NVD",
"id": "CVE-2018-10605"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-142-01"
},
{
"trust": 1.6,
"url": "https://martem.eu/csa/martem_csa_telem_1805183.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10605"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10605"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-07031"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010915"
},
{
"db": "NVD",
"id": "CVE-2018-10605"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-020"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1bbcf237-5eda-443e-ad18-33424687df2c"
},
{
"db": "CNVD",
"id": "CNVD-2019-07031"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010915"
},
{
"db": "NVD",
"id": "CVE-2018-10605"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-020"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-14T00:00:00",
"db": "IVD",
"id": "1bbcf237-5eda-443e-ad18-33424687df2c"
},
{
"date": "2019-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-07031"
},
{
"date": "2018-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010915"
},
{
"date": "2018-10-01T16:29:00.440000",
"db": "NVD",
"id": "CVE-2018-10605"
},
{
"date": "2018-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-020"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-07031"
},
{
"date": "2018-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010915"
},
{
"date": "2019-10-09T23:32:54.133000",
"db": "NVD",
"id": "CVE-2018-10605"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-020"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-020"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Martem TELEM GW6/GWM Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010915"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-020"
}
],
"trust": 0.6
}
}
VAR-201807-0336
Vulnerability from variot - Updated: 2023-12-18 13:13Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process. Martem TELEM GW6 and GWM There is an authentication vulnerability in the device firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Martem specializes in providing distribution network monitoring remote control systems, and its customers include distribution companies and industrial and transportation companies with their own power grids. Multiple Martem Products are prone to the following security vulnerabilities. 1. An security bypass vulnerability. 2. A denial-of-service vulnerability. 3. An cross-site scripting vulnerability. Attackers can exploit these issues to bypass certain security restrictions to perform unauthorized actions, steal cookie-based authentication credentials, to execute arbitrary scripts in the context of the web browser. Failed exploit attempts will result in a denial-of-service condition. The following products are affected: GW6 Version 2018.04.18-linux_4-01-601cb47 and prior. GWM Version 2018.04.18-linux_4-01-601cb47 and prior. Both Martem GW6 and GWM are data processor products of Estonian Martem Company. Martem GW6 2018.04.18-linux_4-01-601cb47 and earlier versions and GWM 2018.04.18-linux_4-01-601cb47 and earlier versions have an authorization problem vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-0336",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "telem-gwm",
"scope": "lte",
"trust": 1.0,
"vendor": "martem",
"version": "2018.04.18-linux_4-01-601cb47"
},
{
"model": "telem-gw6",
"scope": "lte",
"trust": 1.0,
"vendor": "martem",
"version": "2018.04.18-linux_4-01-601cb47"
},
{
"model": "telem gw6",
"scope": "lte",
"trust": 0.8,
"vendor": "martem",
"version": "2018.04.18-linux_4-01-601cb47"
},
{
"model": "telem gwm",
"scope": "lte",
"trust": 0.8,
"vendor": "martem",
"version": "2018.04.18-linux_4-01-601cb47"
},
{
"model": "gw6 \u003c=2018.04.18-linux 4-01-601cb47",
"scope": null,
"trust": 0.6,
"vendor": "martem",
"version": null
},
{
"model": "gwm \u003c=2018.04.18-linux 4-01-601cb47",
"scope": null,
"trust": 0.6,
"vendor": "martem",
"version": null
},
{
"model": "telem gw6",
"scope": "eq",
"trust": 0.6,
"vendor": "martem",
"version": "2018.04.18-linux_4-01-601cb47"
},
{
"model": "telem gwm",
"scope": "eq",
"trust": 0.6,
"vendor": "martem",
"version": "2018.04.18-linux_4-01-601cb47"
},
{
"model": "gwm 2018.04.18-linux 4-0",
"scope": null,
"trust": 0.3,
"vendor": "martem",
"version": null
},
{
"model": "gw6 2018.04.18-linux 4-0",
"scope": null,
"trust": 0.3,
"vendor": "martem",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "telem gwm",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "telem gw6",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2f09801-39ab-11e9-8803-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10591"
},
{
"db": "BID",
"id": "104286"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008778"
},
{
"db": "NVD",
"id": "CVE-2018-10603"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-1160"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:martem:telem-gwm_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2018.04.18-linux_4-01-601cb47",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:martem:telem-gwm:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:martem:telem-gw6_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2018.04.18-linux_4-01-601cb47",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:martem:telem-gw6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10603"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Latvia,Bernhards Blumbergs and Arturs Danilevics of CERT.LV",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-1160"
}
],
"trust": 0.6
},
"cve": "CVE-2018-10603",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-10603",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 9.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-10591",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 9.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2f09801-39ab-11e9-8803-000c29342cb1",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-120379",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-10603",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-10603",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-10591",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-1160",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2f09801-39ab-11e9-8803-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-120379",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f09801-39ab-11e9-8803-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10591"
},
{
"db": "VULHUB",
"id": "VHN-120379"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008778"
},
{
"db": "NVD",
"id": "CVE-2018-10603"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-1160"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process. Martem TELEM GW6 and GWM There is an authentication vulnerability in the device firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Martem specializes in providing distribution network monitoring remote control systems, and its customers include distribution companies and industrial and transportation companies with their own power grids. Multiple Martem Products are prone to the following security vulnerabilities. \n1. An security bypass vulnerability. \n2. A denial-of-service vulnerability. \n3. An cross-site scripting vulnerability. \nAttackers can exploit these issues to bypass certain security restrictions to perform unauthorized actions, steal cookie-based authentication credentials, to execute arbitrary scripts in the context of the web browser. Failed exploit attempts will result in a denial-of-service condition. \nThe following products are affected:\nGW6 Version 2018.04.18-linux_4-01-601cb47 and prior. \nGWM Version 2018.04.18-linux_4-01-601cb47 and prior. Both Martem GW6 and GWM are data processor products of Estonian Martem Company. Martem GW6 2018.04.18-linux_4-01-601cb47 and earlier versions and GWM 2018.04.18-linux_4-01-601cb47 and earlier versions have an authorization problem vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10603"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008778"
},
{
"db": "CNVD",
"id": "CNVD-2018-10591"
},
{
"db": "BID",
"id": "104286"
},
{
"db": "IVD",
"id": "e2f09801-39ab-11e9-8803-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-120379"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10603",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-142-01",
"trust": 3.4
},
{
"db": "BID",
"id": "104286",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201805-1160",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-10591",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008778",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F09801-39AB-11E9-8803-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-120379",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2f09801-39ab-11e9-8803-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10591"
},
{
"db": "VULHUB",
"id": "VHN-120379"
},
{
"db": "BID",
"id": "104286"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008778"
},
{
"db": "NVD",
"id": "CVE-2018-10603"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-1160"
}
]
},
"id": "VAR-201807-0336",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f09801-39ab-11e9-8803-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10591"
},
{
"db": "VULHUB",
"id": "VHN-120379"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f09801-39ab-11e9-8803-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10591"
}
]
},
"last_update_date": "2023-12-18T13:13:47.682000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Telem-GW6",
"trust": 0.8,
"url": "https://www.martem.ee/telem-gw6/"
},
{
"title": "Martem GW6 and GWM Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=80637"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008778"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-1160"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-120379"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008778"
},
{
"db": "NVD",
"id": "CVE-2018-10603"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-142-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/104286"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10603"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10603"
},
{
"trust": 0.3,
"url": "http://martem.ee/"
},
{
"trust": 0.3,
"url": "http://martem.eu/csa/martem_csa_telem_1805182.pdf"
},
{
"trust": 0.3,
"url": "http://martem.eu/csa/martem_csa_telem_1805184.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-10591"
},
{
"db": "VULHUB",
"id": "VHN-120379"
},
{
"db": "BID",
"id": "104286"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008778"
},
{
"db": "NVD",
"id": "CVE-2018-10603"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-1160"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f09801-39ab-11e9-8803-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10591"
},
{
"db": "VULHUB",
"id": "VHN-120379"
},
{
"db": "BID",
"id": "104286"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008778"
},
{
"db": "NVD",
"id": "CVE-2018-10603"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-1160"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-30T00:00:00",
"db": "IVD",
"id": "e2f09801-39ab-11e9-8803-000c29342cb1"
},
{
"date": "2018-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-10591"
},
{
"date": "2018-07-31T00:00:00",
"db": "VULHUB",
"id": "VHN-120379"
},
{
"date": "2018-05-22T00:00:00",
"db": "BID",
"id": "104286"
},
{
"date": "2018-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008778"
},
{
"date": "2018-07-31T17:29:00.280000",
"db": "NVD",
"id": "CVE-2018-10603"
},
{
"date": "2018-06-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-1160"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-10591"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-120379"
},
{
"date": "2018-05-22T00:00:00",
"db": "BID",
"id": "104286"
},
{
"date": "2018-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008778"
},
{
"date": "2021-06-23T14:21:44.137000",
"db": "NVD",
"id": "CVE-2018-10603"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-1160"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-1160"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Martem TELEM GW6 and GWM Authentication vulnerabilities in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008778"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-1160"
}
],
"trust": 0.6
}
}
VAR-201807-0340
Vulnerability from variot - Updated: 2023-12-18 13:13Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges. Martem TELEM GW6 and GWM The device firmware contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Martem specializes in providing distribution network monitoring remote control systems, and its customers include distribution companies and industrial and transportation companies with their own power grids. Multiple Martem Products are prone to the following security vulnerabilities. 1. An security bypass vulnerability. 2. A denial-of-service vulnerability. 3. An cross-site scripting vulnerability. Attackers can exploit these issues to bypass certain security restrictions to perform unauthorized actions, steal cookie-based authentication credentials, to execute arbitrary scripts in the context of the web browser. Failed exploit attempts will result in a denial-of-service condition. The following products are affected: GW6 Version 2018.04.18-linux_4-01-601cb47 and prior. GWM Version 2018.04.18-linux_4-01-601cb47 and prior. Both Martem GW6 and GWM are data processor products of Estonian Martem Company. The vulnerability is caused by the program not filtering data correctly
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-0340",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "telem-gwm",
"scope": "lte",
"trust": 1.0,
"vendor": "martem",
"version": "2018.04.18-linux_4-01-601cb47"
},
{
"model": "telem-gw6",
"scope": "lte",
"trust": 1.0,
"vendor": "martem",
"version": "2018.04.18-linux_4-01-601cb47"
},
{
"model": "telem gw6",
"scope": "lte",
"trust": 0.8,
"vendor": "martem",
"version": "2018.04.18-linux_4-01-601cb47"
},
{
"model": "telem gwm",
"scope": "lte",
"trust": 0.8,
"vendor": "martem",
"version": "2018.04.18-linux_4-01-601cb47"
},
{
"model": "gw6 \u003c=2018.04.18-linux 4-01-601cb47",
"scope": null,
"trust": 0.6,
"vendor": "martem",
"version": null
},
{
"model": "gwm \u003c=2018.04.18-linux 4-01-601cb47",
"scope": null,
"trust": 0.6,
"vendor": "martem",
"version": null
},
{
"model": "telem gw6",
"scope": "eq",
"trust": 0.6,
"vendor": "martem",
"version": "2018.04.18-linux_4-01-601cb47"
},
{
"model": "telem gwm",
"scope": "eq",
"trust": 0.6,
"vendor": "martem",
"version": "2018.04.18-linux_4-01-601cb47"
},
{
"model": "gwm 2018.04.18-linux 4-0",
"scope": null,
"trust": 0.3,
"vendor": "martem",
"version": null
},
{
"model": "gw6 2018.04.18-linux 4-0",
"scope": null,
"trust": 0.3,
"vendor": "martem",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "telem gwm",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "telem gw6",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2f070f0-39ab-11e9-841a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10589"
},
{
"db": "BID",
"id": "104286"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008780"
},
{
"db": "NVD",
"id": "CVE-2018-10609"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-1162"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:martem:telem-gwm_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2018.04.18-linux_4-01-601cb47",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:martem:telem-gwm:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:martem:telem-gw6_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2018.04.18-linux_4-01-601cb47",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:martem:telem-gw6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10609"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Latvia,Bernhards Blumbergs and Arturs Danilevics of CERT.LV",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-1162"
}
],
"trust": 0.6
},
"cve": "CVE-2018-10609",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-10609",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-10589",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "e2f070f0-39ab-11e9-841a-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-120385",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-10609",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-10609",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-10589",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-1162",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2f070f0-39ab-11e9-841a-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-120385",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f070f0-39ab-11e9-841a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10589"
},
{
"db": "VULHUB",
"id": "VHN-120385"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008780"
},
{
"db": "NVD",
"id": "CVE-2018-10609"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-1162"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges. Martem TELEM GW6 and GWM The device firmware contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Martem specializes in providing distribution network monitoring remote control systems, and its customers include distribution companies and industrial and transportation companies with their own power grids. Multiple Martem Products are prone to the following security vulnerabilities. \n1. An security bypass vulnerability. \n2. A denial-of-service vulnerability. \n3. An cross-site scripting vulnerability. \nAttackers can exploit these issues to bypass certain security restrictions to perform unauthorized actions, steal cookie-based authentication credentials, to execute arbitrary scripts in the context of the web browser. Failed exploit attempts will result in a denial-of-service condition. \nThe following products are affected:\nGW6 Version 2018.04.18-linux_4-01-601cb47 and prior. \nGWM Version 2018.04.18-linux_4-01-601cb47 and prior. Both Martem GW6 and GWM are data processor products of Estonian Martem Company. The vulnerability is caused by the program not filtering data correctly",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10609"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008780"
},
{
"db": "CNVD",
"id": "CNVD-2018-10589"
},
{
"db": "BID",
"id": "104286"
},
{
"db": "IVD",
"id": "e2f070f0-39ab-11e9-841a-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-120385"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10609",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-142-01",
"trust": 3.4
},
{
"db": "BID",
"id": "104286",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201805-1162",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-10589",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008780",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F070F0-39AB-11E9-841A-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-120385",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2f070f0-39ab-11e9-841a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10589"
},
{
"db": "VULHUB",
"id": "VHN-120385"
},
{
"db": "BID",
"id": "104286"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008780"
},
{
"db": "NVD",
"id": "CVE-2018-10609"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-1162"
}
]
},
"id": "VAR-201807-0340",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f070f0-39ab-11e9-841a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10589"
},
{
"db": "VULHUB",
"id": "VHN-120385"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f070f0-39ab-11e9-841a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10589"
}
]
},
"last_update_date": "2023-12-18T13:13:47.760000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SA1805181",
"trust": 0.8,
"url": "https://martem.eu/csa/martem_csa_telem_1805181.pdf"
},
{
"title": "Martem GW6 and GWM Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=80639"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008780"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-1162"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-120385"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008780"
},
{
"db": "NVD",
"id": "CVE-2018-10609"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-142-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/104286"
},
{
"trust": 1.7,
"url": "http://martem.eu/csa/martem_csa_telem_1805181.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10609"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10609"
},
{
"trust": 0.3,
"url": "http://martem.ee/"
},
{
"trust": 0.3,
"url": "http://martem.eu/csa/martem_csa_telem_1805182.pdf"
},
{
"trust": 0.3,
"url": "http://martem.eu/csa/martem_csa_telem_1805184.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-10589"
},
{
"db": "VULHUB",
"id": "VHN-120385"
},
{
"db": "BID",
"id": "104286"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008780"
},
{
"db": "NVD",
"id": "CVE-2018-10609"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-1162"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f070f0-39ab-11e9-841a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10589"
},
{
"db": "VULHUB",
"id": "VHN-120385"
},
{
"db": "BID",
"id": "104286"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008780"
},
{
"db": "NVD",
"id": "CVE-2018-10609"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-1162"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-30T00:00:00",
"db": "IVD",
"id": "e2f070f0-39ab-11e9-841a-000c29342cb1"
},
{
"date": "2018-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-10589"
},
{
"date": "2018-07-31T00:00:00",
"db": "VULHUB",
"id": "VHN-120385"
},
{
"date": "2018-05-22T00:00:00",
"db": "BID",
"id": "104286"
},
{
"date": "2018-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008780"
},
{
"date": "2018-07-31T17:29:00.373000",
"db": "NVD",
"id": "CVE-2018-10609"
},
{
"date": "2018-06-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-1162"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-10589"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-120385"
},
{
"date": "2018-05-22T00:00:00",
"db": "BID",
"id": "104286"
},
{
"date": "2018-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008780"
},
{
"date": "2021-06-23T14:21:44.137000",
"db": "NVD",
"id": "CVE-2018-10609"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-1162"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-1162"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Martem TELEM-GW6/GWM Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2f070f0-39ab-11e9-841a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10589"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-1162"
}
],
"trust": 0.6
}
}
CVE-2018-10603 (GCVE-0-2018-10603)
Vulnerability from cvelistv5 – Published: 2018-07-31 17:00 – Updated: 2024-09-17 00:21
VLAI?
Summary
Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process.
Severity ?
No CVSS data available.
CWE
- CWE-306 - MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:08.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
},
{
"name": "104286",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104286"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TELEM GW6",
"vendor": "Martem",
"versions": [
{
"status": "affected",
"version": "2018.04.18-linux_4-01-601cb47 and prior"
}
]
},
{
"product": "TELEM GWM",
"vendor": "Martem",
"versions": [
{
"status": "affected",
"version": "2018.04.18-linux_4-01-601cb47 and prior"
}
]
}
],
"datePublic": "2018-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-01T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
},
{
"name": "104286",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104286"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-05-22T00:00:00",
"ID": "CVE-2018-10603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TELEM GW6",
"version": {
"version_data": [
{
"version_value": "2018.04.18-linux_4-01-601cb47 and prior"
}
]
}
},
{
"product_name": "TELEM GWM",
"version": {
"version_data": [
{
"version_value": "2018.04.18-linux_4-01-601cb47 and prior"
}
]
}
}
]
},
"vendor_name": "Martem"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
},
{
"name": "104286",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104286"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10603",
"datePublished": "2018-07-31T17:00:00Z",
"dateReserved": "2018-05-01T00:00:00",
"dateUpdated": "2024-09-17T00:21:23.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10607 (GCVE-0-2018-10607)
Vulnerability from cvelistv5 – Published: 2018-07-31 17:00 – Updated: 2024-09-16 21:57
VLAI?
Summary
Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel.
Severity ?
No CVSS data available.
CWE
- CWE-400 - UNCONTROLLED RESOURCE CONSUMPTION ('RESOURCE EXHAUSTION') CWE-400
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:46.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://martem.eu/csa/Martem_CSA_Telem_1805184.pdf"
},
{
"name": "104286",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104286"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TELEM GW6",
"vendor": "Martem",
"versions": [
{
"status": "affected",
"version": "2018.04.18-linux_4-01-601cb47 and prior"
}
]
},
{
"product": "TELEM GWM",
"vendor": "Martem",
"versions": [
{
"status": "affected",
"version": "2018.04.18-linux_4-01-601cb47 and prior"
}
]
}
],
"datePublic": "2018-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "UNCONTROLLED RESOURCE CONSUMPTION (\u0027RESOURCE EXHAUSTION\u0027) CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-01T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://martem.eu/csa/Martem_CSA_Telem_1805184.pdf"
},
{
"name": "104286",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104286"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-05-22T00:00:00",
"ID": "CVE-2018-10607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TELEM GW6",
"version": {
"version_data": [
{
"version_value": "2018.04.18-linux_4-01-601cb47 and prior"
}
]
}
},
{
"product_name": "TELEM GWM",
"version": {
"version_data": [
{
"version_value": "2018.04.18-linux_4-01-601cb47 and prior"
}
]
}
}
]
},
"vendor_name": "Martem"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNCONTROLLED RESOURCE CONSUMPTION (\u0027RESOURCE EXHAUSTION\u0027) CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
},
{
"name": "http://martem.eu/csa/Martem_CSA_Telem_1805184.pdf",
"refsource": "CONFIRM",
"url": "http://martem.eu/csa/Martem_CSA_Telem_1805184.pdf"
},
{
"name": "104286",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104286"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10607",
"datePublished": "2018-07-31T17:00:00Z",
"dateReserved": "2018-05-01T00:00:00",
"dateUpdated": "2024-09-16T21:57:37.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10603 (GCVE-0-2018-10603)
Vulnerability from nvd – Published: 2018-07-31 17:00 – Updated: 2024-09-17 00:21
VLAI?
Summary
Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process.
Severity ?
No CVSS data available.
CWE
- CWE-306 - MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:08.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
},
{
"name": "104286",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104286"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TELEM GW6",
"vendor": "Martem",
"versions": [
{
"status": "affected",
"version": "2018.04.18-linux_4-01-601cb47 and prior"
}
]
},
{
"product": "TELEM GWM",
"vendor": "Martem",
"versions": [
{
"status": "affected",
"version": "2018.04.18-linux_4-01-601cb47 and prior"
}
]
}
],
"datePublic": "2018-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-01T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
},
{
"name": "104286",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104286"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-05-22T00:00:00",
"ID": "CVE-2018-10603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TELEM GW6",
"version": {
"version_data": [
{
"version_value": "2018.04.18-linux_4-01-601cb47 and prior"
}
]
}
},
{
"product_name": "TELEM GWM",
"version": {
"version_data": [
{
"version_value": "2018.04.18-linux_4-01-601cb47 and prior"
}
]
}
}
]
},
"vendor_name": "Martem"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
},
{
"name": "104286",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104286"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10603",
"datePublished": "2018-07-31T17:00:00Z",
"dateReserved": "2018-05-01T00:00:00",
"dateUpdated": "2024-09-17T00:21:23.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10607 (GCVE-0-2018-10607)
Vulnerability from nvd – Published: 2018-07-31 17:00 – Updated: 2024-09-16 21:57
VLAI?
Summary
Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel.
Severity ?
No CVSS data available.
CWE
- CWE-400 - UNCONTROLLED RESOURCE CONSUMPTION ('RESOURCE EXHAUSTION') CWE-400
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:46.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://martem.eu/csa/Martem_CSA_Telem_1805184.pdf"
},
{
"name": "104286",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104286"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TELEM GW6",
"vendor": "Martem",
"versions": [
{
"status": "affected",
"version": "2018.04.18-linux_4-01-601cb47 and prior"
}
]
},
{
"product": "TELEM GWM",
"vendor": "Martem",
"versions": [
{
"status": "affected",
"version": "2018.04.18-linux_4-01-601cb47 and prior"
}
]
}
],
"datePublic": "2018-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "UNCONTROLLED RESOURCE CONSUMPTION (\u0027RESOURCE EXHAUSTION\u0027) CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-01T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://martem.eu/csa/Martem_CSA_Telem_1805184.pdf"
},
{
"name": "104286",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104286"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-05-22T00:00:00",
"ID": "CVE-2018-10607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TELEM GW6",
"version": {
"version_data": [
{
"version_value": "2018.04.18-linux_4-01-601cb47 and prior"
}
]
}
},
{
"product_name": "TELEM GWM",
"version": {
"version_data": [
{
"version_value": "2018.04.18-linux_4-01-601cb47 and prior"
}
]
}
}
]
},
"vendor_name": "Martem"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNCONTROLLED RESOURCE CONSUMPTION (\u0027RESOURCE EXHAUSTION\u0027) CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
},
{
"name": "http://martem.eu/csa/Martem_CSA_Telem_1805184.pdf",
"refsource": "CONFIRM",
"url": "http://martem.eu/csa/Martem_CSA_Telem_1805184.pdf"
},
{
"name": "104286",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104286"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10607",
"datePublished": "2018-07-31T17:00:00Z",
"dateReserved": "2018-05-01T00:00:00",
"dateUpdated": "2024-09-16T21:57:37.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}