cvelistv5 - cve-2018-7824

CVE-2018-7824 (GCVE-0-2018-7824)

Vulnerability from cvelistv5 – Published: 2019-05-22 19:27 – Updated: 2024-08-05 06:37

Summary

Severity ?

No CVSS data available.

CWE

CWE-610 - Externally Controlled Reference to a Resource (CWE-610)

Assigner

schneider

References

URL

Tags

https://www.schneider-electric.com/en/download/do…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Schneider	Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior)	Affected: Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior Affected: For 32-bit Windows OS:V2.17 IE 27 and prior Affected: and as part of the Driver Suite version:V14.12 and prior)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:37:59.163Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-099-01/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior)",
          "vendor": "Schneider",
          "versions": [
            {
              "status": "affected",
              "version": "Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior"
            },
            {
              "status": "affected",
              "version": "For 32-bit Windows OS:V2.17 IE 27 and prior"
            },
            {
              "status": "affected",
              "version": "and as part of the Driver Suite version:V14.12 and prior)"
            }
          ]
        }
      ],
      "datePublic": "2019-04-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An Externally Controlled Reference to a Resource (CWE-610) vulnerability exists in Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior) which could allow write access to system files available only to users with SYSTEM privilege or other important user files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-610",
              "description": "Externally Controlled Reference to a Resource (CWE-610)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-22T19:27:44",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-099-01/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2018-7824",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior"
                          },
                          {
                            "version_value": "For 32-bit Windows OS:V2.17 IE 27 and prior"
                          },
                          {
                            "version_value": "and as part of the Driver Suite version:V14.12 and prior)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Schneider"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An Externally Controlled Reference to a Resource (CWE-610) vulnerability exists in Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior) which could allow write access to system files available only to users with SYSTEM privilege or other important user files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Externally Controlled Reference to a Resource (CWE-610)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-099-01/",
              "refsource": "CONFIRM",
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-099-01/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2018-7824",
    "datePublished": "2019-05-22T19:27:44",
    "dateReserved": "2018-03-08T00:00:00",
    "dateUpdated": "2024-08-05T06:37:59.163Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:schneider-electric:modbus_serial_driver:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.17\", \"matchCriteriaId\": \"D7535403-6248-47E9-A381-65680E269E6B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x64:*\", \"matchCriteriaId\": \"82132539-3C34-4B63-BE2A-F51077D8BC5A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:schneider-electric:modbus_serial_driver:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.17\", \"matchCriteriaId\": \"203AD4F6-98F6-421B-8037-547FD7882228\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x86:*\", \"matchCriteriaId\": \"60366048-32FE-4081-A852-04319FD7A52C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:schneider-electric:driver_suite:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"14.12\", \"matchCriteriaId\": \"4FE70BFB-F058-4D31-9558-B96DC0B8EFAB\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An Externally Controlled Reference to a Resource (CWE-610) vulnerability exists in Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior) which could allow write access to system files available only to users with SYSTEM privilege or other important user files.\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad de tipo referencias a recurso controlado externamente (CWE-610) en Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 y anterior, para Windows 32-bit OS:V2.17 IE 27 y anterior, y como parte del Driver Suite versi\\u00f3n:V14.12 y anterior), que podr\\u00eda permitir el acceso de escritura a los archivos del sistema disponibles solo para usuarios con privilegio SYSTEM u otros archivos de usuarios importantes.\"}]",
      "id": "CVE-2018-7824",
      "lastModified": "2024-11-21T04:12:47.890",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 4.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:C/A:N\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-05-22T20:29:01.150",
      "references": "[{\"url\": \"https://www.schneider-electric.com/en/download/document/SEVD-2019-099-01/\", \"source\": \"cybersecurity@se.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://www.schneider-electric.com/en/download/document/SEVD-2019-099-01/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "cybersecurity@se.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cybersecurity@se.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-610\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-610\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-7824\",\"sourceIdentifier\":\"cybersecurity@se.com\",\"published\":\"2019-05-22T20:29:01.150\",\"lastModified\":\"2024-11-21T04:12:47.890\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Externally Controlled Reference to a Resource (CWE-610) vulnerability exists in Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior) which could allow write access to system files available only to users with SYSTEM privilege or other important user files.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de tipo referencias a recurso controlado externamente (CWE-610) en Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 y anterior, para Windows 32-bit OS:V2.17 IE 27 y anterior, y como parte del Driver Suite versi\u00f3n:V14.12 y anterior), que podr\u00eda permitir el acceso de escritura a los archivos del sistema disponibles solo para usuarios con privilegio SYSTEM u otros archivos de usuarios importantes.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":4.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:C/A:N\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cybersecurity@se.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-610\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-610\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:modbus_serial_driver:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.17\",\"matchCriteriaId\":\"D7535403-6248-47E9-A381-65680E269E6B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"82132539-3C34-4B63-BE2A-F51077D8BC5A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:modbus_serial_driver:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.17\",\"matchCriteriaId\":\"203AD4F6-98F6-421B-8037-547FD7882228\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"60366048-32FE-4081-A852-04319FD7A52C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:schneider-electric:driver_suite:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"14.12\",\"matchCriteriaId\":\"4FE70BFB-F058-4D31-9558-B96DC0B8EFAB\"}]}]}],\"references\":[{\"url\":\"https://www.schneider-electric.com/en/download/document/SEVD-2019-099-01/\",\"source\":\"cybersecurity@se.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.schneider-electric.com/en/download/document/SEVD-2019-099-01/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

GHSA-R578-GC8Q-V9WW

Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2022-05-24 16:46

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-7824"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-22T20:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An Externally Controlled Reference to a Resource (CWE-610) vulnerability exists in Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior) which could allow write access to system files available only to users with SYSTEM privilege or other important user files.",
  "id": "GHSA-r578-gc8q-v9ww",
  "modified": "2022-05-24T16:46:12Z",
  "published": "2022-05-24T16:46:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7824"
    },
    {
      "type": "WEB",
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-099-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-201905-1026

Vulnerability from variot - Updated: 2023-12-18 12:43

An Externally Controlled Reference to a Resource (CWE-610) vulnerability exists in Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior) which could allow write access to system files available only to users with SYSTEM privilege or other important user files. Schneider Electric Modbus Serial Driver Contains a resource exhaustion vulnerability.Information may be tampered with. An attacker could exploit this vulnerability to perform write operations to system files or other important user files

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201905-1026",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "modbus serial driver",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "2.17"
      },
      {
        "model": "modbus serial driver",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "3.17"
      },
      {
        "model": "driver suite",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "schneider electric",
        "version": "14.12"
      },
      {
        "model": "driver suite",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": "v14.12"
      },
      {
        "model": "modbus serial driver",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": "2.17 ie 27   (32-bit windows os)"
      },
      {
        "model": "modbus serial driver",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "schneider electric",
        "version": "3.17 ie 37   (64-bit windows os)"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015517"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7824"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:schneider-electric:modbus_serial_driver:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.17",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:schneider-electric:modbus_serial_driver:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.17",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x86:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:driver_suite:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.12",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-7824"
      }
    ]
  },
  "cve": "CVE-2018-7824",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "impactScore": 6.9,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-7824",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "VHN-137856",
            "impactScore": 6.9,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:N/I:C/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 1.2,
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.9,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-7824",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-7824",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201905-908",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-137856",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-137856"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015517"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7824"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-908"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An Externally Controlled Reference to a Resource (CWE-610) vulnerability exists in Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior) which could allow write access to system files available only to users with SYSTEM privilege or other important user files. Schneider Electric Modbus Serial Driver Contains a resource exhaustion vulnerability.Information may be tampered with. An attacker could exploit this vulnerability to perform write operations to system files or other important user files",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-7824"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015517"
      },
      {
        "db": "VULHUB",
        "id": "VHN-137856"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-7824",
        "trust": 2.5
      },
      {
        "db": "SCHNEIDER",
        "id": "SEVD-2019-099-01",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015517",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-908",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-137856",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-137856"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015517"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7824"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-908"
      }
    ]
  },
  "id": "VAR-201905-1026",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-137856"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:43:28.334000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SEVD-2019-099-01",
        "trust": 0.8,
        "url": "https://www.schneider-electric.com/en/download/document/sevd-2019-099-01/"
      },
      {
        "title": "Schneider Electric Modbus Serial Driver Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92886"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015517"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-908"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-610",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-400",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-137856"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015517"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7824"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://www.schneider-electric.com/en/download/document/sevd-2019-099-01/"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7824"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7824"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-137856"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015517"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7824"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-908"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-137856"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015517"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-7824"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-908"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-05-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-137856"
      },
      {
        "date": "2019-06-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-015517"
      },
      {
        "date": "2019-05-22T20:29:01.150000",
        "db": "NVD",
        "id": "CVE-2018-7824"
      },
      {
        "date": "2019-05-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-908"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-09-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-137856"
      },
      {
        "date": "2019-06-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-015517"
      },
      {
        "date": "2020-09-29T00:31:09.333000",
        "db": "NVD",
        "id": "CVE-2018-7824"
      },
      {
        "date": "2020-09-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201905-908"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-908"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Schneider Electric Modbus Serial Driver Vulnerable to resource exhaustion",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015517"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201905-908"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2018-7824

Vulnerability from fkie_nvd - Published: 2019-05-22 20:29 - Updated: 2024-11-21 04:12

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Summary

References

	URL	Tags
	cybersecurity@se.com	https://www.schneider-electric.com/en/download/document/SEVD-2019-099-01/	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.schneider-electric.com/en/download/document/SEVD-2019-099-01/	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
schneider-electric	modbus_serial_driver	*
microsoft	windows	-
schneider-electric	modbus_serial_driver	*
microsoft	windows	-
schneider-electric	driver_suite	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:modbus_serial_driver:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7535403-6248-47E9-A381-65680E269E6B",
              "versionEndIncluding": "3.17",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "82132539-3C34-4B63-BE2A-F51077D8BC5A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:modbus_serial_driver:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "203AD4F6-98F6-421B-8037-547FD7882228",
              "versionEndIncluding": "2.17",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x86:*",
              "matchCriteriaId": "60366048-32FE-4081-A852-04319FD7A52C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:schneider-electric:driver_suite:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FE70BFB-F058-4D31-9558-B96DC0B8EFAB",
              "versionEndIncluding": "14.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An Externally Controlled Reference to a Resource (CWE-610) vulnerability exists in Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior) which could allow write access to system files available only to users with SYSTEM privilege or other important user files."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de tipo referencias a recurso controlado externamente (CWE-610) en Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 y anterior, para Windows 32-bit OS:V2.17 IE 27 y anterior, y como parte del Driver Suite versi\u00f3n:V14.12 y anterior), que podr\u00eda permitir el acceso de escritura a los archivos del sistema disponibles solo para usuarios con privilegio SYSTEM u otros archivos de usuarios importantes."
    }
  ],
  "id": "CVE-2018-7824",
  "lastModified": "2024-11-21T04:12:47.890",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-05-22T20:29:01.150",
  "references": [
    {
      "source": "cybersecurity@se.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-099-01/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-099-01/"
    }
  ],
  "sourceIdentifier": "cybersecurity@se.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-610"
        }
      ],
      "source": "cybersecurity@se.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-610"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2019-43049

Vulnerability from cnvd - Published: 2019-11-29

Title

Schneider Electric Modbus Serial Driver资源管理错误漏洞

Description

Schneider Electric Modbus Serial Driver是法国施耐德电气（Schneider Electric）公司的一款串行驱动器。 Schneider Electric Modbus Serial Driver存在资源管理错误漏洞。攻击者可利用该漏洞对系统文件或其他重要的用户文件执行写入操作。

Severity

中

Patch Name

Schneider Electric Modbus Serial Driver资源管理错误漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.schneider-electric.com/en/download/document/SEVD-2019-099-01/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-7824

Impacted products

Name
['Schneider Electric Modbus Serial Driver <=V3.17 IE 37（Windows OS 64位）', 'Schneider Electric Modbus Serial Driver <V2.17 IE 27（Windows OS 32位）', 'Schneider Electric Modbus Serial Driver <=V14.12（Driver Suite）']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-7824",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7824"
    }
  },
  "description": "Schneider Electric Modbus Serial Driver\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u4e32\u884c\u9a71\u52a8\u5668\u3002\n\nSchneider Electric Modbus Serial Driver\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bf9\u7cfb\u7edf\u6587\u4ef6\u6216\u5176\u4ed6\u91cd\u8981\u7684\u7528\u6237\u6587\u4ef6\u6267\u884c\u5199\u5165\u64cd\u4f5c\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.schneider-electric.com/en/download/document/SEVD-2019-099-01/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-43049",
  "openTime": "2019-11-29",
  "patchDescription": "Schneider Electric Modbus Serial Driver\u662f\u6cd5\u56fd\u65bd\u8010\u5fb7\u7535\u6c14\uff08Schneider Electric\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u4e32\u884c\u9a71\u52a8\u5668\u3002\r\n\r\nSchneider Electric Modbus Serial Driver\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bf9\u7cfb\u7edf\u6587\u4ef6\u6216\u5176\u4ed6\u91cd\u8981\u7684\u7528\u6237\u6587\u4ef6\u6267\u884c\u5199\u5165\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Schneider Electric Modbus Serial Driver\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Schneider Electric Modbus Serial Driver \u003c=V3.17 IE 37\uff08Windows OS 64\u4f4d\uff09",
      "Schneider Electric Modbus Serial Driver \u003cV2.17 IE 27\uff08Windows OS 32\u4f4d\uff09",
      "Schneider Electric Modbus Serial Driver \u003c=V14.12\uff08Driver Suite\uff09"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-7824",
  "serverity": "\u4e2d",
  "submitTime": "2019-05-24",
  "title": "Schneider Electric Modbus Serial Driver\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e"
}

CERTFR-2019-AVI-164

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Schneider Electric Modbus Serial Driver. Elle permet à un attaquant de provoquer une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Schneider Electric	N/A	Modbus Serial Driver versions V3.17 IE 37 et antérieures pour Windows 64-bit
Schneider Electric	N/A	Modbus Serial Driver versions V14.12 et antérieures en tant que composant de la Driver Suite
Schneider Electric	N/A	Modbus Serial Driver versions V3.17 IE 37 et antérieures pour Windows 32-bit

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider Electric SEVD-2019-099-01 du 09 avril 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Modbus Serial Driver versions V3.17 IE 37 et ant\u00e9rieures pour Windows 64-bit",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Modbus Serial Driver versions V14.12 et ant\u00e9rieures en tant que composant de la Driver Suite",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Modbus Serial Driver versions V3.17 IE 37 et ant\u00e9rieures pour Windows 32-bit",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-7824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7824"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-164",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-04-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Schneider Electric Modbus Serial\nDriver. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "SCADA Vuln\u00e9rabilit\u00e9 dans Schneider Electric Modbus Serial Driver",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-099-01 du 09 avril 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-099-01-Modbus-Serial-Driver.pdf\u0026p_Doc_Ref=SEVD-2019-099-01"
    }
  ]
}

CERTFR-2019-AVI-164

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Schneider Electric Modbus Serial Driver. Elle permet à un attaquant de provoquer une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Schneider Electric	N/A	Modbus Serial Driver versions V3.17 IE 37 et antérieures pour Windows 64-bit
Schneider Electric	N/A	Modbus Serial Driver versions V14.12 et antérieures en tant que composant de la Driver Suite
Schneider Electric	N/A	Modbus Serial Driver versions V3.17 IE 37 et antérieures pour Windows 32-bit

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider Electric SEVD-2019-099-01 du 09 avril 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Modbus Serial Driver versions V3.17 IE 37 et ant\u00e9rieures pour Windows 64-bit",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Modbus Serial Driver versions V14.12 et ant\u00e9rieures en tant que composant de la Driver Suite",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Modbus Serial Driver versions V3.17 IE 37 et ant\u00e9rieures pour Windows 32-bit",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-7824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7824"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-164",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-04-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Schneider Electric Modbus Serial\nDriver. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "SCADA Vuln\u00e9rabilit\u00e9 dans Schneider Electric Modbus Serial Driver",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-099-01 du 09 avril 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-099-01-Modbus-Serial-Driver.pdf\u0026p_Doc_Ref=SEVD-2019-099-01"
    }
  ]
}

GSD-2018-7824

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-7824

Aliases

CVE-2018-7824

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-7824",
    "description": "An Externally Controlled Reference to a Resource (CWE-610) vulnerability exists in Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior) which could allow write access to system files available only to users with SYSTEM privilege or other important user files.",
    "id": "GSD-2018-7824"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-7824"
      ],
      "details": "An Externally Controlled Reference to a Resource (CWE-610) vulnerability exists in Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior) which could allow write access to system files available only to users with SYSTEM privilege or other important user files.",
      "id": "GSD-2018-7824",
      "modified": "2023-12-13T01:22:32.420128Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cybersecurity@schneider-electric.com",
        "ID": "CVE-2018-7824",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior"
                        },
                        {
                          "version_value": "For 32-bit Windows OS:V2.17 IE 27 and prior"
                        },
                        {
                          "version_value": "and as part of the Driver Suite version:V14.12 and prior)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Schneider"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An Externally Controlled Reference to a Resource (CWE-610) vulnerability exists in Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior) which could allow write access to system files available only to users with SYSTEM privilege or other important user files."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Externally Controlled Reference to a Resource (CWE-610)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-099-01/",
            "refsource": "CONFIRM",
            "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-099-01/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:schneider-electric:modbus_serial_driver:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.17",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:schneider-electric:modbus_serial_driver:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.17",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x86:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:schneider-electric:driver_suite:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.12",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2018-7824"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An Externally Controlled Reference to a Resource (CWE-610) vulnerability exists in Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior) which could allow write access to system files available only to users with SYSTEM privilege or other important user files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-610"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-099-01/",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-099-01/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-09-29T00:31Z",
      "publishedDate": "2019-05-22T20:29Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-7824 (GCVE-0-2018-7824)

GHSA-R578-GC8Q-V9WW

VAR-201905-1026

FKIE_CVE-2018-7824

CNVD-2019-43049

CERTFR-2019-AVI-164

Solution

CERTFR-2019-AVI-164

Solution

GSD-2018-7824

Tags

Sightings

Nomenclature