Vulnerability-Lookup

CVE-2018-17923 (GCVE-0-2018-17923)

Vulnerability from cvelistv5 – Published: 2018-10-24 22:00 – Updated: 2024-09-16 16:27

Summary

SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it.

Severity

No CVSS data available.

CWE

CWE-287 - IMPROPER AUTHENTICATION CWE-287

Assigner

icscert

References

2 references

URL	Tags
https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02	x_refsource_MISC
http://www.securityfocus.com/bid/105729	vdb-entryx_refsource_BID

Impacted products

1 product

Vendor	Product	Version
GAIN Electronic Co. Ltd	SAGA1-L8B	Affected: All firmware versions prior to A0.10

Date Public

2018-10-23 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T11:01:14.763Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
          },
          {
            "name": "105729",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105729"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SAGA1-L8B",
          "vendor": "GAIN Electronic Co. Ltd",
          "versions": [
            {
              "status": "affected",
              "version": "All firmware versions prior to A0.10"
            }
          ]
        }
      ],
      "datePublic": "2018-10-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "IMPROPER AUTHENTICATION CWE-287",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-26T09:57:01.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
        },
        {
          "name": "105729",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105729"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "2018-10-23T00:00:00",
          "ID": "CVE-2018-17923",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SAGA1-L8B",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All firmware versions prior to A0.10"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "GAIN Electronic Co. Ltd"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "IMPROPER AUTHENTICATION CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
            },
            {
              "name": "105729",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105729"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2018-17923",
    "datePublished": "2018-10-24T22:00:00.000Z",
    "dateReserved": "2018-10-02T00:00:00.000Z",
    "dateUpdated": "2024-09-16T16:27:58.179Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2018-17923",
      "date": "2026-05-26",
      "epss": "0.00066",
      "percentile": "0.20382"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sagaradio:saga1-l8b_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"a0.10\", \"matchCriteriaId\": \"09F0FB47-A0F7-42F7-B7B4-AF1A7B2EB9D2\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sagaradio:saga1-l8b:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A1B937E7-9876-4EC6-8405-CA1A48458CFB\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it.\"}, {\"lang\": \"es\", \"value\": \"SAGA1-L8B con cualquier versi\\u00f3n de firmware anterior a la A0.10 es vulnerable a un ataque que podr\\u00eda permitir que un atacante con acceso f\\u00edsico al producto lo reprograme.\"}]",
      "id": "CVE-2018-17923",
      "lastModified": "2024-11-21T03:55:12.953",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 6.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"PHYSICAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 0.3, \"impactScore\": 6.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 6.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-10-24T22:29:01.150",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/105729\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/105729\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-17923\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2018-10-24T22:29:01.150\",\"lastModified\":\"2024-11-21T03:55:12.953\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it.\"},{\"lang\":\"es\",\"value\":\"SAGA1-L8B con cualquier versi\u00f3n de firmware anterior a la A0.10 es vulnerable a un ataque que podr\u00eda permitir que un atacante con acceso f\u00edsico al producto lo reprograme.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.3,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sagaradio:saga1-l8b_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"a0.10\",\"matchCriteriaId\":\"09F0FB47-A0F7-42F7-B7B4-AF1A7B2EB9D2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sagaradio:saga1-l8b:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1B937E7-9876-4EC6-8405-CA1A48458CFB\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105729\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/105729\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}

CNVD-2018-22092

Vulnerability from cnvd - Published: 2018-10-29

Title

GAIN Electronic Co. Ltd SAGA1-L Series不正确的认证漏洞

Description

GAIN SAGA1-L Series是GAIN Electronic公司的一款SAGA1-L系列的工业遥控器产品。使用A0.10之前版本固件的GAIN SAGA1-L Series产品中存在安全漏洞。物理位置接近的攻击者可利用该漏洞对产品重新编程。

Severity

中

Patch Name

GAIN Electronic Co. Ltd SAGA1-L Series不正确的认证漏洞的补丁

Patch Description

GAIN SAGA1-L Series是GAIN Electronic公司的一款SAGA1-L系列的工业遥控器产品。使用A0.10之前版本固件的GAIN SAGA1-L Series产品中存在安全漏洞。物理位置接近的攻击者可利用该漏洞对产品重新编程。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： http://www.sagaradio.com.tw/

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02

Impacted products

Name
GAIN Electronic SAGA1-L series <=A0.10

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-17923"
    }
  },
  "description": "GAIN SAGA1-L Series\u662fGAIN Electronic\u516c\u53f8\u7684\u4e00\u6b3eSAGA1-L\u7cfb\u5217\u7684\u5de5\u4e1a\u9065\u63a7\u5668\u4ea7\u54c1\u3002\r\n\r\n\u4f7f\u7528A0.10\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u7684GAIN SAGA1-L Series\u4ea7\u54c1\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u7269\u7406\u4f4d\u7f6e\u63a5\u8fd1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bf9\u4ea7\u54c1\u91cd\u65b0\u7f16\u7a0b\u3002",
  "discovererName": "Marco Balduzzi\uff0cPhilippe Z Lin\uff0cFederico Maggi\uff0cJonathan Andersson\uff0cUrano Akira\uff0cStephen Hilt\u548cRainer Vosseler\u4e0e\u8d8b\u52bf\u79d1\u6280\u7684Zero Day Initiative",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttp://www.sagaradio.com.tw/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-22092",
  "openTime": "2018-10-29",
  "patchDescription": "GAIN SAGA1-L Series\u662fGAIN Electronic\u516c\u53f8\u7684\u4e00\u6b3eSAGA1-L\u7cfb\u5217\u7684\u5de5\u4e1a\u9065\u63a7\u5668\u4ea7\u54c1\u3002\r\n\r\n\u4f7f\u7528A0.10\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u7684GAIN SAGA1-L Series\u4ea7\u54c1\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u7269\u7406\u4f4d\u7f6e\u63a5\u8fd1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bf9\u4ea7\u54c1\u91cd\u65b0\u7f16\u7a0b\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "GAIN Electronic Co. Ltd SAGA1-L Series\u4e0d\u6b63\u786e\u7684\u8ba4\u8bc1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "GAIN Electronic SAGA1-L series \u003c=A0.10"
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02",
  "serverity": "\u4e2d",
  "submitTime": "2018-10-24",
  "title": "GAIN Electronic Co. Ltd SAGA1-L Series\u4e0d\u6b63\u786e\u7684\u8ba4\u8bc1\u6f0f\u6d1e"
}

FKIE_CVE-2018-17923

Vulnerability from fkie_nvd - Published: 2018-10-24 22:29 - Updated: 2024-11-21 03:55

Severity

6.9 (Medium) - CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Summary

SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it.

References

URL	Tags
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/105729	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105729	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	sagaradio	saga1-l8b_firmware	*
	sagaradio	saga1-l8b	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sagaradio:saga1-l8b_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "09F0FB47-A0F7-42F7-B7B4-AF1A7B2EB9D2",
              "versionEndExcluding": "a0.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sagaradio:saga1-l8b:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1B937E7-9876-4EC6-8405-CA1A48458CFB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it."
    },
    {
      "lang": "es",
      "value": "SAGA1-L8B con cualquier versi\u00f3n de firmware anterior a la A0.10 es vulnerable a un ataque que podr\u00eda permitir que un atacante con acceso f\u00edsico al producto lo reprograme."
    }
  ],
  "id": "CVE-2018-17923",
  "lastModified": "2024-11-21T03:55:12.953",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.3,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-10-24T22:29:01.150",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105729"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105729"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-JQXV-HGP2-XF9P

Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33

Details

SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it.

Severity

6.9 (Medium)


                  
                    CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-17923"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-10-24T22:29:00Z",
    "severity": "MODERATE"
  },
  "details": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it.",
  "id": "GHSA-jqxv-hgp2-xf9p",
  "modified": "2022-05-13T01:33:46Z",
  "published": "2022-05-13T01:33:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17923"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105729"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2018-17923

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it.

Aliases

CVE-2018-17923

Aliases

CVE-2018-17923

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-17923",
    "description": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it.",
    "id": "GSD-2018-17923"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-17923"
      ],
      "details": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it.",
      "id": "GSD-2018-17923",
      "modified": "2023-12-13T01:22:30.965953Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "DATE_PUBLIC": "2018-10-23T00:00:00",
        "ID": "CVE-2018-17923",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SAGA1-L8B",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All firmware versions prior to A0.10"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "GAIN Electronic Co. Ltd"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "IMPROPER AUTHENTICATION CWE-287"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
          },
          {
            "name": "105729",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/105729"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sagaradio:saga1-l8b_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "a0.10",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sagaradio:saga1-l8b:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2018-17923"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
            },
            {
              "name": "105729",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/105729"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 0.3,
          "impactScore": 6.0
        }
      },
      "lastModifiedDate": "2019-10-09T23:37Z",
      "publishedDate": "2018-10-24T22:29Z"
    }
  }
}

ICSA-18-296-02

Vulnerability from csaf_cisa - Published: 2018-10-23 00:00 - Updated: 2018-10-23 00:00

Summary

GAIN Electronic Co. Ltd SAGA1-L Series

Notes

CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation: Successful exploitation of these vulnerabilities could allow remote code execution and potentially delete the product 's firmware.

Critical infrastructure sectors: Communications

Countries/areas deployed: United States

Company headquarters location: Taiwan

Recommended Practices: NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should ensure the product is in a physically secure area.

Recommended Practices: NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices: NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.

Exploitability: No known public exploits specifically target these vulnerabilities.

CVE-2018-17903

8.3 (High)


                        
                          CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

CWE-294 - Authentication Bypass by Capture-replay

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SAGA1-L8B: all versions prior to A0.10 GAIN Electronic Co. Ltd / SAGA1-L8B		< A0.10	Mitigation

CVE-2018-17921

7.5 (High)


                        
                          CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-284 - Improper Access Control

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SAGA1-L8B: all versions prior to A0.10 GAIN Electronic Co. Ltd / SAGA1-L8B		< A0.10	Mitigation

CVE-2018-17923

6.1 (Medium)


                        
                          CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-287 - Improper Authentication

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
SAGA1-L8B: all versions prior to A0.10 GAIN Electronic Co. Ltd / SAGA1-L8B		< A0.10	Mitigation

References

11 references

URL	Category
https://raw.githubusercontent.com/cisagov/CSAF/de…	self
https://www.cisa.gov/news-events/ics-advisories/i…	self
https://www.cisa.gov/news-events/ics-advisories/i…	external
https://www.cisa.gov/uscert/sites/default/files/r…	external
https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B	external
http://web.nvd.nist.gov/view/vuln/detail?vulnId=C…	external
https://www.first.org/cvss/calculator/3.0#CVSS:3.…	external
http://web.nvd.nist.gov/view/vuln/detail?vulnId=C…	external
https://www.first.org/cvss/calculator/3.0#CVSS:3.…	external
http://web.nvd.nist.gov/view/vuln/detail?vulnId=C…	external
https://www.first.org/cvss/calculator/3.0#CVSS:3.…	external

Acknowledgments

Trend Micro 's Zero Day Initiative Marco Balduzzi Philippe Z Lin Federico Maggi Jonathan Andersson Urano Akira Stephen Hilt Rainer Vosseler

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Marco Balduzzi",
          "Philippe Z Lin",
          "Federico Maggi",
          "Jonathan Andersson",
          "Urano Akira",
          "Stephen Hilt",
          "Rainer Vosseler"
        ],
        "organization": "Trend Micro \u0027s Zero Day Initiative",
        "summary": "reporting these vulnerabilities to NCCIC"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could allow remote code execution and potentially delete the product \u0027s firmware.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Communications",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "United States",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Taiwan",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should ensure the product is in a physically secure area.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-18-296-02 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsa-18-296-02.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-18-296-02 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-18-296-02"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-18-296-02"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "GAIN Electronic Co. Ltd SAGA1-L Series",
    "tracking": {
      "current_release_date": "2018-10-23T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-18-296-02",
      "initial_release_date": "2018-10-23T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2018-10-23T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-18-296-02 GAIN Electronic Co. Ltd SAGA1-L Series"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c A0.10",
                "product": {
                  "name": "SAGA1-L8B: all versions prior to A0.10",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "SAGA1-L8B"
          }
        ],
        "category": "vendor",
        "name": "GAIN Electronic Co. Ltd"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-17903",
      "cwe": {
        "id": "CWE-294",
        "name": "Authentication Bypass by Capture-replay"
      },
      "notes": [
        {
          "category": "summary",
          "text": "This product is vulnerable to a replay attack and command forgery.CVE-2018-17903 has been assigned to this vulnerability. A CVSS v3 base score of 8.3 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17903"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "GAIN Electronic Co. Ltd has recommended that users update to firmware version A0.10. The new firmware can be obtained through a distributor.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-17921",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "summary",
          "text": "This vulnerability may allow an attacker to force-pair the device without human interaction.CVE-2018-17921 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17921"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "GAIN Electronic Co. Ltd has recommended that users update to firmware version A0.10. The new firmware can be obtained through a distributor.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-17923",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An attacker with physical access to the product may able to reprogram it.CVE-2018-17923 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17923"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "GAIN Electronic Co. Ltd has recommended that users update to firmware version A0.10. The new firmware can be obtained through a distributor.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

VAR-201810-0463

Vulnerability from variot - Updated: 2023-12-18 12:01

SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it. SAGA1-L8B There are authentication vulnerabilities in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the device programming mechanism. The device is insufficiently protected from unauthorized firmware updates. An attacker can leverage this vulnerability to bypass authentication and install persistent malicious firmware on the device. GAINSAGA1-LSeries is a SAGA1-L series of industrial remote control products from GAINElectronic. A security hole exists in the GAINSAGA1-LSeries product that uses firmware prior to A0.10. GAIN Electronic SAGA1-L Series is prone to the following security vulnerabilities: 1. An local-authentication bypass vulnerability 3

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0463",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "saga1-l8b",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "sagaradio",
        "version": "a0.10"
      },
      {
        "model": "saga1-l8b",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "gain electronic",
        "version": "a0.10"
      },
      {
        "model": "saga1-l8b",
        "scope": null,
        "trust": 0.7,
        "vendor": "saga",
        "version": null
      },
      {
        "model": "electronic saga1-l series \u003c=a0.10",
        "scope": null,
        "trust": 0.6,
        "vendor": "gain",
        "version": null
      },
      {
        "model": "electronic saga1-l series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gain",
        "version": "0"
      },
      {
        "model": "electronic saga1-l series a0.10",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "gain",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "saga1 l8b",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d825c10-463f-11e9-b3f6-000c29342cb1"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-1318"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-22092"
      },
      {
        "db": "BID",
        "id": "105729"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013642"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-17923"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sagaradio:saga1-l8b_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "a0.10",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sagaradio:saga1-l8b:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-17923"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Philippe Lin, Jonathan Andersson, Rainer Vosseler, Federico Maggi, Urano Akira, Stephen Hilt, Marco Balduzzi",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-18-1318"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2018-17923",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 6.9,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2018-17923",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.2,
            "id": "CNVD-2018-22092",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.2,
            "id": "7d825c10-463f-11e9-b3f6-000c29342cb1",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.3,
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Physical",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.9,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-17923",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "author": "ZDI",
            "availabilityImpact": "HIGH",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.2,
            "id": "CVE-2018-17923",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 0.7,
            "userInteraction": "NONE",
            "vectorString": "AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-17923",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "ZDI",
            "id": "CVE-2018-17923",
            "trust": 0.7,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-22092",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201810-1208",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "7d825c10-463f-11e9-b3f6-000c29342cb1",
            "trust": 0.2,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d825c10-463f-11e9-b3f6-000c29342cb1"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-1318"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-22092"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013642"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-17923"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1208"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it. SAGA1-L8B There are authentication vulnerabilities in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the device programming mechanism. The device is insufficiently protected from unauthorized firmware updates. An attacker can leverage this vulnerability to bypass authentication and install persistent malicious firmware on the device. GAINSAGA1-LSeries is a SAGA1-L series of industrial remote control products from GAINElectronic. A security hole exists in the GAINSAGA1-LSeries product that uses firmware prior to A0.10. GAIN Electronic SAGA1-L Series is prone to the following security vulnerabilities:\n1. An local-authentication bypass vulnerability\n3",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-17923"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013642"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-1318"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-22092"
      },
      {
        "db": "BID",
        "id": "105729"
      },
      {
        "db": "IVD",
        "id": "7d825c10-463f-11e9-b3f6-000c29342cb1"
      }
    ],
    "trust": 3.24
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-17923",
        "trust": 4.2
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-18-296-02",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "105729",
        "trust": 1.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-22092",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1208",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013642",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-6542",
        "trust": 0.7
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-1318",
        "trust": 0.7
      },
      {
        "db": "IVD",
        "id": "7D825C10-463F-11E9-B3F6-000C29342CB1",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d825c10-463f-11e9-b3f6-000c29342cb1"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-1318"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-22092"
      },
      {
        "db": "BID",
        "id": "105729"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013642"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-17923"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1208"
      }
    ]
  },
  "id": "VAR-201810-0463",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "7d825c10-463f-11e9-b3f6-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-22092"
      }
    ],
    "trust": 1.675
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS",
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      },
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "7d825c10-463f-11e9-b3f6-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-22092"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:01:12.776000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SAGA1-L6B \u0026 L8B",
        "trust": 0.8,
        "url": "http://www.sagaradio.com.tw/saga1-l6b.html"
      },
      {
        "title": "SAGA has issued an update to correct this vulnerability.",
        "trust": 0.7,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-296-02"
      },
      {
        "title": "GAINElectronicCo.LtdSAGA1-LSeries patch for incorrect authentication vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/143425"
      },
      {
        "title": "GAIN SAGA1-L Series Product Authorization Issue Vulnerability Fixing Measures",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86296"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-18-1318"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-22092"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013642"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1208"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013642"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-17923"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 4.0,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-296-02"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/105729"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17923"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17923"
      },
      {
        "trust": 0.3,
        "url": "http://www.sagaradio.com.tw/about.html"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-18-1318"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-22092"
      },
      {
        "db": "BID",
        "id": "105729"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013642"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-17923"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1208"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "7d825c10-463f-11e9-b3f6-000c29342cb1"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-1318"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-22092"
      },
      {
        "db": "BID",
        "id": "105729"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013642"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-17923"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1208"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-29T00:00:00",
        "db": "IVD",
        "id": "7d825c10-463f-11e9-b3f6-000c29342cb1"
      },
      {
        "date": "2018-10-25T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-1318"
      },
      {
        "date": "2018-10-29T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-22092"
      },
      {
        "date": "2018-10-23T00:00:00",
        "db": "BID",
        "id": "105729"
      },
      {
        "date": "2019-02-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013642"
      },
      {
        "date": "2018-10-24T22:29:01.150000",
        "db": "NVD",
        "id": "CVE-2018-17923"
      },
      {
        "date": "2018-10-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201810-1208"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-25T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-1318"
      },
      {
        "date": "2018-12-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-22092"
      },
      {
        "date": "2018-10-23T00:00:00",
        "db": "BID",
        "id": "105729"
      },
      {
        "date": "2019-02-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013642"
      },
      {
        "date": "2019-10-09T23:37:04.113000",
        "db": "NVD",
        "id": "CVE-2018-17923"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201810-1208"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1208"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "GAIN Electronic Co. Ltd SAGA1-L Series Incorrect authentication vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "7d825c10-463f-11e9-b3f6-000c29342cb1"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-22092"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201810-1208"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-17923 (GCVE-0-2018-17923)

CNVD-2018-22092

FKIE_CVE-2018-17923

GHSA-JQXV-HGP2-XF9P

GSD-2018-17923

ICSA-18-296-02

VAR-201810-0463

Tags

Sightings

Nomenclature