cvelistv5 - cve-2018-7803

CVE-2018-7803 (GCVE-0-2018-7803)

Vulnerability from cvelistv5 – Published: 2019-05-22 20:08 – Updated: 2024-08-05 06:37

Summary

A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The emulator is used infrequently for application logic testing. It is susceptible to an attack only while running in off-line mode. This vulnerability does not exist in Triconex hardware products and therefore has no effect on the operating safety functions in a plant.

Severity ?

No CVSS data available.

CWE

Improper Check for Unusual or Exceptional Conditions

Assigner

schneider

References

URL

Tags

https://www.schneider-electric.com/ww/en/download…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Triconex TriStation Emulator V1.2.0	Affected: Triconex TriStation Emulator V1.2.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:37:59.619Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-03"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Triconex TriStation Emulator V1.2.0",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Triconex TriStation Emulator V1.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The emulator is used infrequently for application logic testing. It is susceptible to an attack only while running in off-line mode. This vulnerability does not exist in Triconex hardware products and therefore has no effect on the operating safety functions in a plant."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-22T20:08:29",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-03"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2018-7803",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Triconex TriStation Emulator V1.2.0",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Triconex TriStation Emulator V1.2.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The emulator is used infrequently for application logic testing. It is susceptible to an attack only while running in off-line mode. This vulnerability does not exist in Triconex hardware products and therefore has no effect on the operating safety functions in a plant."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Check for Unusual or Exceptional Conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-03",
              "refsource": "MISC",
              "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-03"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2018-7803",
    "datePublished": "2019-05-22T20:08:29",
    "dateReserved": "2018-03-08T00:00:00",
    "dateUpdated": "2024-08-05T06:37:59.619Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:schneider-electric:triconex_tristation_emulator:1.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB9CF5BE-97F7-4585-B9DF-B42D5EFE914D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The emulator is used infrequently for application logic testing. It is susceptible to an attack only while running in off-line mode. This vulnerability does not exist in Triconex hardware products and therefore has no effect on the operating safety functions in a plant.\"}, {\"lang\": \"es\", \"value\": \"Una CWE-754: Existe una vulnerabilidad de Comprobaci\\u00f3n Inapropiada  para condiciones inusuales o excepcionales en Triconex TriStation Emulator V1.2.0, que podr\\u00eda hacer que el emulador se bloquee al enviar un paquete creado especialmente. El emulador se utiliza con poca frecuencia para pruebas l\\u00f3gica de aplicaci\\u00f3n. Es susceptible a un ataque solo mientras se ejecuta en modo Off-Line. Esta vulnerabilidad no existe en los productos de hardware de Triconex y por lo tanto no tiene efectos en las funciones de seguridad operativa en una planta.\"}]",
      "id": "CVE-2018-7803",
      "lastModified": "2024-11-21T04:12:45.917",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:P\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-05-22T21:29:00.277",
      "references": "[{\"url\": \"https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-03\", \"source\": \"cybersecurity@se.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-03\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cybersecurity@se.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-754\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-7803\",\"sourceIdentifier\":\"cybersecurity@se.com\",\"published\":\"2019-05-22T21:29:00.277\",\"lastModified\":\"2024-11-21T04:12:45.917\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The emulator is used infrequently for application logic testing. It is susceptible to an attack only while running in off-line mode. This vulnerability does not exist in Triconex hardware products and therefore has no effect on the operating safety functions in a plant.\"},{\"lang\":\"es\",\"value\":\"Una CWE-754: Existe una vulnerabilidad de Comprobaci\u00f3n Inapropiada  para condiciones inusuales o excepcionales en Triconex TriStation Emulator V1.2.0, que podr\u00eda hacer que el emulador se bloquee al enviar un paquete creado especialmente. El emulador se utiliza con poca frecuencia para pruebas l\u00f3gica de aplicaci\u00f3n. Es susceptible a un ataque solo mientras se ejecuta en modo Off-Line. Esta vulnerabilidad no existe en los productos de hardware de Triconex y por lo tanto no tiene efectos en las funciones de seguridad operativa en una planta.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-754\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:triconex_tristation_emulator:1.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB9CF5BE-97F7-4585-B9DF-B42D5EFE914D\"}]}]}],\"references\":[{\"url\":\"https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-03\",\"source\":\"cybersecurity@se.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GSD-2018-7803

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-7803

Aliases

CVE-2018-7803

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-7803",
    "description": "A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The emulator is used infrequently for application logic testing. It is susceptible to an attack only while running in off-line mode. This vulnerability does not exist in Triconex hardware products and therefore has no effect on the operating safety functions in a plant.",
    "id": "GSD-2018-7803"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-7803"
      ],
      "details": "A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The emulator is used infrequently for application logic testing. It is susceptible to an attack only while running in off-line mode. This vulnerability does not exist in Triconex hardware products and therefore has no effect on the operating safety functions in a plant.",
      "id": "GSD-2018-7803",
      "modified": "2023-12-13T01:22:32.380781Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cybersecurity@schneider-electric.com",
        "ID": "CVE-2018-7803",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Triconex TriStation Emulator V1.2.0",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Triconex TriStation Emulator V1.2.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The emulator is used infrequently for application logic testing. It is susceptible to an attack only while running in off-line mode. This vulnerability does not exist in Triconex hardware products and therefore has no effect on the operating safety functions in a plant."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Improper Check for Unusual or Exceptional Conditions"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-03",
            "refsource": "MISC",
            "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-03"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:triconex_tristation_emulator:1.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2018-7803"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The emulator is used infrequently for application logic testing. It is susceptible to an attack only while running in off-line mode. This vulnerability does not exist in Triconex hardware products and therefore has no effect on the operating safety functions in a plant."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-754"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-03",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-03"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-05-22T21:29Z"
    }
  }
}

CNVD-2019-15890

Vulnerability from cnvd - Published: 2019-05-30

Title

Schneider Electric Triconex TriStation Emulator拒绝服务漏洞

Description

Schneider Electric Triconex TriStation Emulator是一款Triconex仿真模拟器。 Schneider Electric Triconex TriStation Emulator处理特殊报文漏洞，允许远程攻击者利用漏洞提交特殊的请求，可进行拒绝服务攻击。

Severity

中

Patch Name

Schneider Electric Triconex TriStation Emulator拒绝服务漏洞的补丁

Patch Description

Schneider Electric Triconex TriStation Emulator是一款Triconex仿真模拟器。 Schneider Electric Triconex TriStation Emulator处理特殊报文漏洞，允许远程攻击者利用漏洞提交特殊的请求，可进行拒绝服务攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://www.schneider-electric.com/

Reference

https://web.nvd.nist.gov//vuln/detail/CVE-2018-7803

Impacted products

Name
Schneider Electric Triconex TriStation Emulator V1.2.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-7803",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7803"
    }
  },
  "description": "Schneider Electric Triconex TriStation Emulator\u662f\u4e00\u6b3eTriconex\u4eff\u771f\u6a21\u62df\u5668\u3002\n\nSchneider Electric Triconex TriStation Emulator\u5904\u7406\u7279\u6b8a\u62a5\u6587\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u53ef\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002",
  "discovererName": "Schneider Electric",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://www.schneider-electric.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-15890",
  "openTime": "2019-05-30",
  "patchDescription": "Schneider Electric Triconex TriStation Emulator\u662f\u4e00\u6b3eTriconex\u4eff\u771f\u6a21\u62df\u5668\u3002\r\n\r\nSchneider Electric Triconex TriStation Emulator\u5904\u7406\u7279\u6b8a\u62a5\u6587\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u53ef\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Schneider Electric Triconex TriStation Emulator\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e \u7684\u8865\u4e01",
  "products": {
    "product": "Schneider Electric Triconex TriStation Emulator V1.2.0"
  },
  "referenceLink": "https://web.nvd.nist.gov//vuln/detail/CVE-2018-7803",
  "serverity": "\u4e2d",
  "submitTime": "2019-05-22",
  "title": "Schneider Electric Triconex TriStation Emulator\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

FKIE_CVE-2018-7803

Vulnerability from fkie_nvd - Published: 2019-05-22 21:29 - Updated: 2024-11-21 04:12

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	cybersecurity@se.com	https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-03	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-03	Vendor Advisory

Impacted products

	Vendor	Product	Version
	schneider-electric	triconex_tristation_emulator	1.2.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:triconex_tristation_emulator:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB9CF5BE-97F7-4585-B9DF-B42D5EFE914D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The emulator is used infrequently for application logic testing. It is susceptible to an attack only while running in off-line mode. This vulnerability does not exist in Triconex hardware products and therefore has no effect on the operating safety functions in a plant."
    },
    {
      "lang": "es",
      "value": "Una CWE-754: Existe una vulnerabilidad de Comprobaci\u00f3n Inapropiada  para condiciones inusuales o excepcionales en Triconex TriStation Emulator V1.2.0, que podr\u00eda hacer que el emulador se bloquee al enviar un paquete creado especialmente. El emulador se utiliza con poca frecuencia para pruebas l\u00f3gica de aplicaci\u00f3n. Es susceptible a un ataque solo mientras se ejecuta en modo Off-Line. Esta vulnerabilidad no existe en los productos de hardware de Triconex y por lo tanto no tiene efectos en las funciones de seguridad operativa en una planta."
    }
  ],
  "id": "CVE-2018-7803",
  "lastModified": "2024-11-21T04:12:45.917",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-05-22T21:29:00.277",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-03"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-754"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-GXXV-QG6G-737Q

Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2024-04-04 00:43

Details

Severity ?

5.9 (Medium)


                  
                    CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-7803"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-754"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-22T21:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The emulator is used infrequently for application logic testing. It is susceptible to an attack only while running in off-line mode. This vulnerability does not exist in Triconex hardware products and therefore has no effect on the operating safety functions in a plant.",
  "id": "GHSA-gxxv-qg6g-737q",
  "modified": "2024-04-04T00:43:17Z",
  "published": "2022-05-24T16:46:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7803"
    },
    {
      "type": "WEB",
      "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-03"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2019-AVI-553

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Conext Control toutes versions
EcoStruxure Substation Operation Gateway, anciennement PACiS Gateway, versions antérieures à 3.606.100.600.1
Triconex TriStation Emulator Version 1.2.0
Toutes les variantes de EGX100:
- EGX100SD
- EGX100MG
- EGX100SQD
- EGX100SDR
- EGX100M
- EGX100MGAA
- EGX100MGBA
- EGX100MGBB
- EGX100MGBC
Toutes les variantes de ECI850:
- ECI850
- ECI850MG
ConneXium Industrial Firewall/Router:
- TCSEFEC2CF3F21 (MM/TX) versions antérieures à V5.33
- TCSEFEC23FCF21 (TX/MM) versions antérieures à V5.33
- TCSEFEC23F3F21 (TX/TX) versions antérieures à V5.33
- Easergy Micom C264 versions antérieures à D5.24 – C264 D5.X, 1.79 – C264 D1.X et D4.25 – C264 D4.X
Modicon X80 modules d'I/O:
- Modicon M580 IEC 61850 module
- Modicon Network Option Switch
- Modicon X80 - I/O Drop Adapters
- Modicon X80 - BMEAHI0812 HART Analog Input Module
Modicon Momentum Unity
Modicon Quantum 140 CRA
Modicon Quantum Head 140 CRP
Modicon Quantum 140 NOP Communications Module

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider Electric SESB-2019-214-01 du 12 novembre 2019	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2019-134-07 du 12 novembre 2019	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2019-193-02 du 12 novembre 2019	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2019-071-03 du 12 novembre 2019	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2019-267-01 du 12 novembre 2019	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2019-193-01 du 12 novembre 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eConext Control toutes versions\u003c/li\u003e \u003cli\u003eEcoStruxure Substation Operation Gateway, anciennement PACiS Gateway, versions ant\u00e9rieures \u00e0 3.606.100.600.1\u003c/li\u003e \u003cli\u003eTriconex TriStation Emulator Version 1.2.0\u003c/li\u003e \u003cli\u003eToutes les variantes de EGX100: \u003cul\u003e \u003cli\u003eEGX100SD\u003c/li\u003e \u003cli\u003eEGX100MG\u003c/li\u003e \u003cli\u003eEGX100SQD\u003c/li\u003e \u003cli\u003eEGX100SDR\u003c/li\u003e \u003cli\u003eEGX100M\u003c/li\u003e \u003cli\u003eEGX100MGAA\u003c/li\u003e \u003cli\u003eEGX100MGBA\u003c/li\u003e \u003cli\u003eEGX100MGBB\u003c/li\u003e \u003cli\u003eEGX100MGBC\u003c/li\u003e \u003c/ul\u003e \u003c/li\u003e \u003cli\u003eToutes les variantes de ECI850: \u003cul\u003e \u003cli\u003eECI850\u003c/li\u003e \u003cli\u003eECI850MG\u003c/li\u003e \u003c/ul\u003e \u003c/li\u003e \u003cli\u003eConneXium Industrial Firewall/Router: \u003cul\u003e \u003cli\u003eTCSEFEC2CF3F21 (MM/TX) versions ant\u00e9rieures \u00e0 V5.33\u003c/li\u003e \u003cli\u003eTCSEFEC23FCF21 (TX/MM) versions ant\u00e9rieures \u00e0 V5.33\u003c/li\u003e \u003cli\u003eTCSEFEC23F3F21 (TX/TX) versions ant\u00e9rieures \u00e0 V5.33\u003c/li\u003e \u003cli\u003eEasergy Micom C264 versions ant\u00e9rieures \u00e0 D5.24 \u2013 C264 D5.X, 1.79 \u2013 C264 D1.X et D4.25 \u2013 C264 D4.X\u003c/li\u003e \u003c/ul\u003e \u003c/li\u003e \u003cli\u003eModicon X80 modules d\u0027I/O: \u003cul\u003e \u003cli\u003eModicon M580 IEC 61850 module\u003c/li\u003e \u003cli\u003eModicon Network Option Switch\u003c/li\u003e \u003cli\u003eModicon X80 - I/O Drop Adapters\u003c/li\u003e \u003cli\u003eModicon X80 - BMEAHI0812 HART Analog Input Module\u003c/li\u003e \u003c/ul\u003e \u003c/li\u003e \u003cli\u003eModicon Momentum Unity\u003c/li\u003e \u003cli\u003eModicon Quantum 140 CRA\u003c/li\u003e \u003cli\u003eModicon Quantum Head 140 CRP\u003c/li\u003e \u003cli\u003eModicon Quantum 140 NOP Communications Module\u003c/li\u003e \u003c/ul\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-11091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
    },
    {
      "name": "CVE-2018-7803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7803"
    },
    {
      "name": "CVE-2019-1182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1182"
    },
    {
      "name": "CVE-2019-1222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1222"
    },
    {
      "name": "CVE-2018-12127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
    },
    {
      "name": "CVE-2019-1224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1224"
    },
    {
      "name": "CVE-2018-12130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
    },
    {
      "name": "CVE-2019-1226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1226"
    },
    {
      "name": "CVE-2019-1223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1223"
    },
    {
      "name": "CVE-2019-1225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1225"
    },
    {
      "name": "CVE-2019-1181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1181"
    },
    {
      "name": "CVE-2018-12126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
    },
    {
      "name": "CVE-2018-7834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7834"
    },
    {
      "name": "CVE-2019-0708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0708"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-553",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-11-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SESB-2019-214-01 du 12 novembre 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SESB-2019-214-01-Wind_River_VxWorks_Security_Bulletin_V2.2.pdf\u0026p_Doc_Ref=SESB-2019-214-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-134-07 du 12 novembre 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-134-07_ConneXium_and_PowerLogic_Gateway_V2.pdf\u0026p_Doc_Ref=SEVD-2019-134-07"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-193-02 du 12 novembre 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-193-02_MicrosoftRDS-Product_InformationV1.4.pdf\u0026p_Doc_Ref=SEVD-2019-193-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-071-03 du 12 novembre 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-071-03-TriStation_Emulator_V2.pdf\u0026p_Doc_Ref=SEVD-2019-071-03"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-267-01 du 12 novembre 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-267-01_MicrosoftRDS-DejaBlue-Product_InformationV1.1.pdf\u0026p_Doc_Ref=SEVD-2019-267-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-193-01 du 12 novembre 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-193-01_IntelMDS-Product_InformationV1.3.pdf\u0026p_Doc_Ref=SEVD-2019-193-01"
    }
  ]
}

CERTFR-2019-AVI-553

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Conext Control toutes versions
EcoStruxure Substation Operation Gateway, anciennement PACiS Gateway, versions antérieures à 3.606.100.600.1
Triconex TriStation Emulator Version 1.2.0
Toutes les variantes de EGX100:
- EGX100SD
- EGX100MG
- EGX100SQD
- EGX100SDR
- EGX100M
- EGX100MGAA
- EGX100MGBA
- EGX100MGBB
- EGX100MGBC
Toutes les variantes de ECI850:
- ECI850
- ECI850MG
ConneXium Industrial Firewall/Router:
- TCSEFEC2CF3F21 (MM/TX) versions antérieures à V5.33
- TCSEFEC23FCF21 (TX/MM) versions antérieures à V5.33
- TCSEFEC23F3F21 (TX/TX) versions antérieures à V5.33
- Easergy Micom C264 versions antérieures à D5.24 – C264 D5.X, 1.79 – C264 D1.X et D4.25 – C264 D4.X
Modicon X80 modules d'I/O:
- Modicon M580 IEC 61850 module
- Modicon Network Option Switch
- Modicon X80 - I/O Drop Adapters
- Modicon X80 - BMEAHI0812 HART Analog Input Module
Modicon Momentum Unity
Modicon Quantum 140 CRA
Modicon Quantum Head 140 CRP
Modicon Quantum 140 NOP Communications Module

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider Electric SESB-2019-214-01 du 12 novembre 2019	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2019-134-07 du 12 novembre 2019	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2019-193-02 du 12 novembre 2019	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2019-071-03 du 12 novembre 2019	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2019-267-01 du 12 novembre 2019	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2019-193-01 du 12 novembre 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eConext Control toutes versions\u003c/li\u003e \u003cli\u003eEcoStruxure Substation Operation Gateway, anciennement PACiS Gateway, versions ant\u00e9rieures \u00e0 3.606.100.600.1\u003c/li\u003e \u003cli\u003eTriconex TriStation Emulator Version 1.2.0\u003c/li\u003e \u003cli\u003eToutes les variantes de EGX100: \u003cul\u003e \u003cli\u003eEGX100SD\u003c/li\u003e \u003cli\u003eEGX100MG\u003c/li\u003e \u003cli\u003eEGX100SQD\u003c/li\u003e \u003cli\u003eEGX100SDR\u003c/li\u003e \u003cli\u003eEGX100M\u003c/li\u003e \u003cli\u003eEGX100MGAA\u003c/li\u003e \u003cli\u003eEGX100MGBA\u003c/li\u003e \u003cli\u003eEGX100MGBB\u003c/li\u003e \u003cli\u003eEGX100MGBC\u003c/li\u003e \u003c/ul\u003e \u003c/li\u003e \u003cli\u003eToutes les variantes de ECI850: \u003cul\u003e \u003cli\u003eECI850\u003c/li\u003e \u003cli\u003eECI850MG\u003c/li\u003e \u003c/ul\u003e \u003c/li\u003e \u003cli\u003eConneXium Industrial Firewall/Router: \u003cul\u003e \u003cli\u003eTCSEFEC2CF3F21 (MM/TX) versions ant\u00e9rieures \u00e0 V5.33\u003c/li\u003e \u003cli\u003eTCSEFEC23FCF21 (TX/MM) versions ant\u00e9rieures \u00e0 V5.33\u003c/li\u003e \u003cli\u003eTCSEFEC23F3F21 (TX/TX) versions ant\u00e9rieures \u00e0 V5.33\u003c/li\u003e \u003cli\u003eEasergy Micom C264 versions ant\u00e9rieures \u00e0 D5.24 \u2013 C264 D5.X, 1.79 \u2013 C264 D1.X et D4.25 \u2013 C264 D4.X\u003c/li\u003e \u003c/ul\u003e \u003c/li\u003e \u003cli\u003eModicon X80 modules d\u0027I/O: \u003cul\u003e \u003cli\u003eModicon M580 IEC 61850 module\u003c/li\u003e \u003cli\u003eModicon Network Option Switch\u003c/li\u003e \u003cli\u003eModicon X80 - I/O Drop Adapters\u003c/li\u003e \u003cli\u003eModicon X80 - BMEAHI0812 HART Analog Input Module\u003c/li\u003e \u003c/ul\u003e \u003c/li\u003e \u003cli\u003eModicon Momentum Unity\u003c/li\u003e \u003cli\u003eModicon Quantum 140 CRA\u003c/li\u003e \u003cli\u003eModicon Quantum Head 140 CRP\u003c/li\u003e \u003cli\u003eModicon Quantum 140 NOP Communications Module\u003c/li\u003e \u003c/ul\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-11091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
    },
    {
      "name": "CVE-2018-7803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7803"
    },
    {
      "name": "CVE-2019-1182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1182"
    },
    {
      "name": "CVE-2019-1222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1222"
    },
    {
      "name": "CVE-2018-12127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
    },
    {
      "name": "CVE-2019-1224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1224"
    },
    {
      "name": "CVE-2018-12130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
    },
    {
      "name": "CVE-2019-1226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1226"
    },
    {
      "name": "CVE-2019-1223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1223"
    },
    {
      "name": "CVE-2019-1225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1225"
    },
    {
      "name": "CVE-2019-1181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1181"
    },
    {
      "name": "CVE-2018-12126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
    },
    {
      "name": "CVE-2018-7834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7834"
    },
    {
      "name": "CVE-2019-0708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0708"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-553",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-11-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SESB-2019-214-01 du 12 novembre 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SESB-2019-214-01-Wind_River_VxWorks_Security_Bulletin_V2.2.pdf\u0026p_Doc_Ref=SESB-2019-214-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-134-07 du 12 novembre 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-134-07_ConneXium_and_PowerLogic_Gateway_V2.pdf\u0026p_Doc_Ref=SEVD-2019-134-07"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-193-02 du 12 novembre 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-193-02_MicrosoftRDS-Product_InformationV1.4.pdf\u0026p_Doc_Ref=SEVD-2019-193-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-071-03 du 12 novembre 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-071-03-TriStation_Emulator_V2.pdf\u0026p_Doc_Ref=SEVD-2019-071-03"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-267-01 du 12 novembre 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-267-01_MicrosoftRDS-DejaBlue-Product_InformationV1.1.pdf\u0026p_Doc_Ref=SEVD-2019-267-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-193-01 du 12 novembre 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-193-01_IntelMDS-Product_InformationV1.3.pdf\u0026p_Doc_Ref=SEVD-2019-193-01"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-7803 (GCVE-0-2018-7803)

GSD-2018-7803

CNVD-2019-15890

FKIE_CVE-2018-7803

GHSA-GXXV-QG6G-737Q

CERTFR-2019-AVI-553

Solution

CERTFR-2019-AVI-553

Solution

Tags

Sightings

Nomenclature