VAR-201802-0934
Vulnerability from variot - Updated: 2023-12-18 13:38An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. The SSH functions of the device are vulnerable to buffer overflow conditions that may allow a remote attacker to execute arbitrary code on the device. GeneralElectricCompany is a manufacturer of electrical equipment, electrical and electronic equipment. General Electric (GE) D60 Line Distance Relay is prone to multiple buffer-overflow vulnerabilities because the application fails to handle exceptions properly. Failed exploits will result in denial-of-service condition. D60 devices running firmware Version 7.11 and prior are vulnerable. The product is used to protect transmission lines and cables, supports double circuit breaker applications, and can be used in single-pole or three-pole tripping applications. The vulnerability is caused by the program not properly restricting operations within the boundaries of the memory buffer
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201802-0934",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "d60 line distance relay",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "7.11"
},
{
"model": "electric d60 line distance relay",
"scope": "eq",
"trust": 0.9,
"vendor": "general",
"version": "7.11"
},
{
"model": "d60 line distance relay",
"scope": "lte",
"trust": 0.8,
"vendor": "general electric",
"version": "7.11"
},
{
"model": "d60 line distance relay",
"scope": "eq",
"trust": 0.6,
"vendor": "gegridsolutions",
"version": "7.11"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03479"
},
{
"db": "BID",
"id": "103054"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002425"
},
{
"db": "NVD",
"id": "CVE-2018-5473"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-813"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ge:d60_line_distance_relay_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ge:d60_line_distance_relay:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5473"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kirill Nesterov of Kaspersky Labs",
"sources": [
{
"db": "BID",
"id": "103054"
}
],
"trust": 0.3
},
"cve": "CVE-2018-5473",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-5473",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-03479",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-135504",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-5473",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-5473",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-03479",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201802-813",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-135504",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-5473",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03479"
},
{
"db": "VULHUB",
"id": "VHN-135504"
},
{
"db": "VULMON",
"id": "CVE-2018-5473"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002425"
},
{
"db": "NVD",
"id": "CVE-2018-5473"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-813"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. The SSH functions of the device are vulnerable to buffer overflow conditions that may allow a remote attacker to execute arbitrary code on the device. GeneralElectricCompany is a manufacturer of electrical equipment, electrical and electronic equipment. General Electric (GE) D60 Line Distance Relay is prone to multiple buffer-overflow vulnerabilities because the application fails to handle exceptions properly. Failed exploits will result in denial-of-service condition. \nD60 devices running firmware Version 7.11 and prior are vulnerable. The product is used to protect transmission lines and cables, supports double circuit breaker applications, and can be used in single-pole or three-pole tripping applications. The vulnerability is caused by the program not properly restricting operations within the boundaries of the memory buffer",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5473"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002425"
},
{
"db": "CNVD",
"id": "CNVD-2018-03479"
},
{
"db": "BID",
"id": "103054"
},
{
"db": "VULHUB",
"id": "VHN-135504"
},
{
"db": "VULMON",
"id": "CVE-2018-5473"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-18-046-02",
"trust": 3.5
},
{
"db": "NVD",
"id": "CVE-2018-5473",
"trust": 3.5
},
{
"db": "BID",
"id": "103054",
"trust": 2.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002425",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201802-813",
"trust": 0.7
},
{
"db": "BID",
"id": "103054103054",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2018-03479",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-135504",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-5473",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03479"
},
{
"db": "VULHUB",
"id": "VHN-135504"
},
{
"db": "VULMON",
"id": "CVE-2018-5473"
},
{
"db": "BID",
"id": "103054"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002425"
},
{
"db": "NVD",
"id": "CVE-2018-5473"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-813"
}
]
},
"id": "VAR-201802-0934",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03479"
},
{
"db": "VULHUB",
"id": "VHN-135504"
}
],
"trust": 1.42916665
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03479"
}
]
},
"last_update_date": "2023-12-18T13:38:43.833000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.gegridsolutions.com/"
},
{
"title": "GeneralElectricD60LineDistanceRelay Patch for Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/117909"
},
{
"title": "GE D60 Line Distance Relay devices Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=100260"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03479"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002425"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-813"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135504"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002425"
},
{
"db": "NVD",
"id": "CVE-2018-5473"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-046-02"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/103054"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5473"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5473"
},
{
"trust": 0.3,
"url": "https://www.gegridsolutions.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03479"
},
{
"db": "VULHUB",
"id": "VHN-135504"
},
{
"db": "VULMON",
"id": "CVE-2018-5473"
},
{
"db": "BID",
"id": "103054"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002425"
},
{
"db": "NVD",
"id": "CVE-2018-5473"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-813"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-03479"
},
{
"db": "VULHUB",
"id": "VHN-135504"
},
{
"db": "VULMON",
"id": "CVE-2018-5473"
},
{
"db": "BID",
"id": "103054"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002425"
},
{
"db": "NVD",
"id": "CVE-2018-5473"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-813"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-03479"
},
{
"date": "2018-02-19T00:00:00",
"db": "VULHUB",
"id": "VHN-135504"
},
{
"date": "2018-02-19T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5473"
},
{
"date": "2018-02-15T00:00:00",
"db": "BID",
"id": "103054"
},
{
"date": "2018-04-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002425"
},
{
"date": "2018-02-19T18:29:00.257000",
"db": "NVD",
"id": "CVE-2018-5473"
},
{
"date": "2018-02-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-813"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-03479"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-135504"
},
{
"date": "2021-08-18T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5473"
},
{
"date": "2018-02-15T00:00:00",
"db": "BID",
"id": "103054"
},
{
"date": "2018-04-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002425"
},
{
"date": "2022-04-19T16:06:55.230000",
"db": "NVD",
"id": "CVE-2018-5473"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-813"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-813"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE D60 Line Distance Relay Device firmware buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002425"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-813"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…