VAR-201810-0464
Vulnerability from variot - Updated: 2023-12-18 13:52Multiple instances of this vulnerability (Unsafe ActiveX Control Marked Safe For Scripting) have been identified in the third-party ActiveX object provided to GE iFIX versions 2.0 - 5.8 by Gigasoft. Only the independent use of the Gigasoft charting package outside the iFIX product may expose users to the reported vulnerability. The reported method shown to impact Internet Explorer is not exposed in the iFIX product, nor is the core functionality of the iFIX product known to be impacted. GE iFIX Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. iFIX is an intelligent hardware and software solution from GE Intelligent Platforms (GE-IP). There is a security hole in the Gigasoft component in GEiFix. An attacker could exploit the vulnerability to perform unauthorized operations. General Electric iFix is prone to an unspecified local security vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0464",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ifix",
"scope": "gte",
"trust": 1.0,
"vendor": "ge",
"version": "2.0"
},
{
"model": "ifix",
"scope": "lte",
"trust": 1.0,
"vendor": "ge",
"version": "5.8"
},
{
"model": "ifix",
"scope": "eq",
"trust": 0.8,
"vendor": "ge",
"version": "5.8"
},
{
"model": "ifix",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": "2.0 to 5.8"
},
{
"model": "ifix",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "5.5"
},
{
"model": "ifix",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "2.0"
},
{
"model": "ifix",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "5.0"
},
{
"model": "ifix",
"scope": "eq",
"trust": 0.6,
"vendor": "ge",
"version": "5.1"
},
{
"model": "electric ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "5.8"
},
{
"model": "electric ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "5.5"
},
{
"model": "electric ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "5.1"
},
{
"model": "electric ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "5.0"
},
{
"model": "electric ifix",
"scope": "eq",
"trust": 0.3,
"vendor": "general",
"version": "2.0"
},
{
"model": "electric ifix",
"scope": "ne",
"trust": 0.3,
"vendor": "general",
"version": "5.9"
},
{
"model": "ifix",
"scope": "eq",
"trust": 0.2,
"vendor": "ge",
"version": "5.5*"
},
{
"model": "ifix",
"scope": "eq",
"trust": 0.2,
"vendor": "ge",
"version": "2.0*"
},
{
"model": "ifix",
"scope": "eq",
"trust": 0.2,
"vendor": "ge",
"version": "5.0*"
},
{
"model": "ifix",
"scope": "eq",
"trust": 0.2,
"vendor": "ge",
"version": "5.1*"
}
],
"sources": [
{
"db": "IVD",
"id": "7d85694f-463f-11e9-a62b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-21170"
},
{
"db": "BID",
"id": "105540"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011235"
},
{
"db": "NVD",
"id": "CVE-2018-17925"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ge:ifix:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.8",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17925"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LiMingzheng of 360 aegis.",
"sources": [
{
"db": "BID",
"id": "105540"
}
],
"trust": 0.3
},
"cve": "CVE-2018-17925",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-17925",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-21170",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "7d85694f-463f-11e9-a62b-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.3,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 4.8,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-17925",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-17925",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-21170",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-510",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d85694f-463f-11e9-a62b-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d85694f-463f-11e9-a62b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-21170"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011235"
},
{
"db": "NVD",
"id": "CVE-2018-17925"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-510"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple instances of this vulnerability (Unsafe ActiveX Control Marked Safe For Scripting) have been identified in the third-party ActiveX object provided to GE iFIX versions 2.0 - 5.8 by Gigasoft. Only the independent use of the Gigasoft charting package outside the iFIX product may expose users to the reported vulnerability. The reported method shown to impact Internet Explorer is not exposed in the iFIX product, nor is the core functionality of the iFIX product known to be impacted. GE iFIX Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. iFIX is an intelligent hardware and software solution from GE Intelligent Platforms (GE-IP). There is a security hole in the Gigasoft component in GEiFix. An attacker could exploit the vulnerability to perform unauthorized operations. General Electric iFix is prone to an unspecified local security vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17925"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011235"
},
{
"db": "CNVD",
"id": "CNVD-2018-21170"
},
{
"db": "BID",
"id": "105540"
},
{
"db": "IVD",
"id": "7d85694f-463f-11e9-a62b-000c29342cb1"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-17925",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-18-282-01",
"trust": 2.7
},
{
"db": "BID",
"id": "105540",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2018-21170",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-510",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011235",
"trust": 0.8
},
{
"db": "IVD",
"id": "7D85694F-463F-11E9-A62B-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d85694f-463f-11e9-a62b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-21170"
},
{
"db": "BID",
"id": "105540"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011235"
},
{
"db": "NVD",
"id": "CVE-2018-17925"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-510"
}
]
},
"id": "VAR-201810-0464",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d85694f-463f-11e9-a62b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-21170"
}
],
"trust": 1.34761904
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d85694f-463f-11e9-a62b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-21170"
}
]
},
"last_update_date": "2023-12-18T13:52:32.202000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://digitalsupport.ge.com/communities/cc_home"
},
{
"title": "GEiFix does not authorize patches for operating vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/142387"
},
{
"title": "GE iFIX Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86165"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21170"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011235"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-510"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-254",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011235"
},
{
"db": "NVD",
"id": "CVE-2018-17925"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-282-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/105540"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17925"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17925"
},
{
"trust": 0.3,
"url": "https://www.ge.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-21170"
},
{
"db": "BID",
"id": "105540"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011235"
},
{
"db": "NVD",
"id": "CVE-2018-17925"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-510"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d85694f-463f-11e9-a62b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-21170"
},
{
"db": "BID",
"id": "105540"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-011235"
},
{
"db": "NVD",
"id": "CVE-2018-17925"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-510"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-18T00:00:00",
"db": "IVD",
"id": "7d85694f-463f-11e9-a62b-000c29342cb1"
},
{
"date": "2018-10-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-21170"
},
{
"date": "2018-10-09T00:00:00",
"db": "BID",
"id": "105540"
},
{
"date": "2019-01-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011235"
},
{
"date": "2018-10-10T17:29:04.297000",
"db": "NVD",
"id": "CVE-2018-17925"
},
{
"date": "2018-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-510"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-21170"
},
{
"date": "2018-10-09T00:00:00",
"db": "BID",
"id": "105540"
},
{
"date": "2019-01-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-011235"
},
{
"date": "2019-10-09T23:37:04.537000",
"db": "NVD",
"id": "CVE-2018-17925"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-510"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "105540"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-510"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GE iFIX Cryptographic vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-011235"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-510"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…