VAR-201810-0384
Vulnerability from variot - Updated: 2023-12-18 13:43Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. A buffer overflow information disclosure vulnerability occurs when parsing certain file types. FujiElectricAlpha5SmartLoader is a servo motor product of Fuji Electric of Japan. An attacker can exploit these issues to execute arbitrary code in the context of the application, or obtain sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0384",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "alpha5 smart loader",
"scope": "lte",
"trust": 1.0,
"vendor": "fujielectric",
"version": "3.7"
},
{
"model": "alpha5 smart loader",
"scope": "lte",
"trust": 0.8,
"vendor": "fuji electric",
"version": "3.7"
},
{
"model": "electric alpha5 smart loader",
"scope": "lte",
"trust": 0.6,
"vendor": "fuji",
"version": "\u003c=3.7"
},
{
"model": "alpha5 smart loader",
"scope": "eq",
"trust": 0.6,
"vendor": "fujielectric",
"version": "3.7"
},
{
"model": "electric alpha5 smart loader",
"scope": "eq",
"trust": 0.3,
"vendor": "fuji",
"version": "3.7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03307"
},
{
"db": "BID",
"id": "105411"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011285"
},
{
"db": "NVD",
"id": "CVE-2018-14788"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1247"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fujielectric:alpha5_smart_loader_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fujielectric:alpha5_smart_loader:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14788"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Michael Flanders and Ghirmay Desta working with Trend Micro??s Zero Day Initiative",
"sources": [
{
"db": "BID",
"id": "105411"
}
],
"trust": 0.3
},
"cve": "CVE-2018-14788",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-14788",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-03307",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-124982",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-14788",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-14788",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-03307",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-1247",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-124982",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03307"
},
{
"db": "VULHUB",
"id": "VHN-124982"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011285"
},
{
"db": "NVD",
"id": "CVE-2018-14788"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1247"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric Alpha5 Smart Loader Versions 3.7 and prior. A buffer overflow information disclosure vulnerability occurs when parsing certain file types. FujiElectricAlpha5SmartLoader is a servo motor product of Fuji Electric of Japan. \nAn attacker can exploit these issues to execute arbitrary code in the context of the application, or obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14788"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011285"
},
{
"db": "CNVD",
"id": "CNVD-2019-03307"
},
{
"db": "BID",
"id": "105411"
},
{
"db": "VULHUB",
"id": "VHN-124982"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14788",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-18-270-02",
"trust": 2.8
},
{
"db": "BID",
"id": "105411",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011285",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1247",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-03307",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-124982",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03307"
},
{
"db": "VULHUB",
"id": "VHN-124982"
},
{
"db": "BID",
"id": "105411"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011285"
},
{
"db": "NVD",
"id": "CVE-2018-14788"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1247"
}
]
},
"id": "VAR-201810-0384",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03307"
},
{
"db": "VULHUB",
"id": "VHN-124982"
}
],
"trust": 1.33333332
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03307"
}
]
},
"last_update_date": "2023-12-18T13:43:33.224000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ALPHA5 Smart",
"trust": 0.8,
"url": "https://www.fujielectric.co.jp/products/servo/alpha5smart/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011285"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-124982"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011285"
},
{
"db": "NVD",
"id": "CVE-2018-14788"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-270-02"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/105411"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14788"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14788"
},
{
"trust": 0.3,
"url": "http://www.fujielectric.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-03307"
},
{
"db": "VULHUB",
"id": "VHN-124982"
},
{
"db": "BID",
"id": "105411"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011285"
},
{
"db": "NVD",
"id": "CVE-2018-14788"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1247"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-03307"
},
{
"db": "VULHUB",
"id": "VHN-124982"
},
{
"db": "BID",
"id": "105411"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011285"
},
{
"db": "NVD",
"id": "CVE-2018-14788"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1247"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-03307"
},
{
"date": "2018-10-01T00:00:00",
"db": "VULHUB",
"id": "VHN-124982"
},
{
"date": "2018-09-27T00:00:00",
"db": "BID",
"id": "105411"
},
{
"date": "2019-01-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011285"
},
{
"date": "2018-10-01T13:29:00.317000",
"db": "NVD",
"id": "CVE-2018-14788"
},
{
"date": "2018-09-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1247"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-03307"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-124982"
},
{
"date": "2018-09-27T00:00:00",
"db": "BID",
"id": "105411"
},
{
"date": "2019-01-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011285"
},
{
"date": "2019-10-09T23:35:12.453000",
"db": "NVD",
"id": "CVE-2018-14788"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1247"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1247"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fuji Electric Alpha5 Smart Loader Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011285"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1247"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1247"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…