VAR-201810-0470
Vulnerability from variot - Updated: 2023-12-18 13:43All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state. Telecrane F25 Series Radio Controls Contains vulnerabilities related to security features.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to issue commands on vulnerable installations of Telecrane equipment. Authentication is not required to exploit this vulnerability.The specific flaw exists with the communication between the transmitter and receiver pair. By using a fixed control code an attacker can obtain and replay commands to the receiver. An attacker can leverage this vulnerability to issue commands to the physical equipment controlled by the device. The Telecrane F25Series is an industrial remote control device from Telecrane. A security vulnerability exists in previous versions of TelecraneF25Series00.0A. Telecrane F25 Series is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0470",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "f25-10d",
"scope": "lt",
"trust": 1.8,
"vendor": "telecrane",
"version": "00.0a"
},
{
"model": "f25-10s",
"scope": "lt",
"trust": 1.8,
"vendor": "telecrane",
"version": "00.0a"
},
{
"model": "f25-2d",
"scope": "lt",
"trust": 1.8,
"vendor": "telecrane",
"version": "00.0a"
},
{
"model": "f25-2s",
"scope": "lt",
"trust": 1.8,
"vendor": "telecrane",
"version": "00.0a"
},
{
"model": "f25-4d",
"scope": "lt",
"trust": 1.8,
"vendor": "telecrane",
"version": "00.0a"
},
{
"model": "f25-4s",
"scope": "lt",
"trust": 1.8,
"vendor": "telecrane",
"version": "00.0a"
},
{
"model": "f25-60",
"scope": "lt",
"trust": 1.8,
"vendor": "telecrane",
"version": "00.0a"
},
{
"model": "f25-6d",
"scope": "lt",
"trust": 1.8,
"vendor": "telecrane",
"version": "00.0a"
},
{
"model": "f25-6s",
"scope": "lt",
"trust": 1.8,
"vendor": "telecrane",
"version": "00.0a"
},
{
"model": "f25-8d",
"scope": "lt",
"trust": 1.8,
"vendor": "telecrane",
"version": "00.0a"
},
{
"model": "f25-8s",
"scope": "lt",
"trust": 1.8,
"vendor": "telecrane",
"version": "00.0a"
},
{
"model": "f25",
"scope": null,
"trust": 0.7,
"vendor": "telecrane",
"version": null
},
{
"model": "f25 series \u003c=00.0a",
"scope": null,
"trust": 0.6,
"vendor": "telecrane",
"version": null
},
{
"model": "f25 series",
"scope": "eq",
"trust": 0.3,
"vendor": "telecrane",
"version": "0"
},
{
"model": "f25 series 00.0a",
"scope": "ne",
"trust": 0.3,
"vendor": "telecrane",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "f25 2s",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "f25 10d",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "f25 60",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "f25 2d",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "f25 4s",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "f25 4d",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "f25 6s",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "f25 6d",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "f25 8s",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "f25 8d",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "f25 10s",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7d859061-463f-11e9-94bc-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1315"
},
{
"db": "CNVD",
"id": "CNVD-2018-21920"
},
{
"db": "BID",
"id": "105732"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013934"
},
{
"db": "NVD",
"id": "CVE-2018-17935"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:telecrane:f25-2s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "00.0a",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:telecrane:f25-2s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:telecrane:f25-2d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "00.0a",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:telecrane:f25-2d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:telecrane:f25-4s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "00.0a",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:telecrane:f25-4s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:telecrane:f25-4d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "00.0a",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:telecrane:f25-4d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:telecrane:f25-6s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "00.0a",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:telecrane:f25-6s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:telecrane:f25-6d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "00.0a",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:telecrane:f25-6d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:telecrane:f25-8s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "00.0a",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:telecrane:f25-8s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:telecrane:f25-8d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "00.0a",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:telecrane:f25-8d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:telecrane:f25-10s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "00.0a",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:telecrane:f25-10s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:telecrane:f25-10d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "00.0a",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:telecrane:f25-10d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:telecrane:f25-60_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "00.0a",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:telecrane:f25-60:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17935"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jonathan Andersson Philippe Z Lin Akira Urano Marco Balduzzi Federico Maggi Stephen Hilt Rainer Vosseler",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1315"
}
],
"trust": 0.7
},
"cve": "CVE-2018-17935",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-17935",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CVE-2018-17935",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2018-21920",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "7d859061-463f-11e9-94bc-000c29342cb1",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-17935",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-17935",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2018-17935",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-21920",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-1205",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d859061-463f-11e9-94bc-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d859061-463f-11e9-94bc-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1315"
},
{
"db": "CNVD",
"id": "CNVD-2018-21920"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013934"
},
{
"db": "NVD",
"id": "CVE-2018-17935"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1205"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent \"stop\" state. Telecrane F25 Series Radio Controls Contains vulnerabilities related to security features.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to issue commands on vulnerable installations of Telecrane equipment. Authentication is not required to exploit this vulnerability.The specific flaw exists with the communication between the transmitter and receiver pair. By using a fixed control code an attacker can obtain and replay commands to the receiver. An attacker can leverage this vulnerability to issue commands to the physical equipment controlled by the device. The Telecrane F25Series is an industrial remote control device from Telecrane. A security vulnerability exists in previous versions of TelecraneF25Series00.0A. Telecrane F25 Series is prone to an authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17935"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013934"
},
{
"db": "ZDI",
"id": "ZDI-18-1315"
},
{
"db": "CNVD",
"id": "CNVD-2018-21920"
},
{
"db": "BID",
"id": "105732"
},
{
"db": "IVD",
"id": "7d859061-463f-11e9-94bc-000c29342cb1"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-17935",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-18-296-03",
"trust": 2.7
},
{
"db": "BID",
"id": "105732",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2018-21920",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1205",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013934",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6188",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1315",
"trust": 0.7
},
{
"db": "IVD",
"id": "7D859061-463F-11E9-94BC-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d859061-463f-11e9-94bc-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1315"
},
{
"db": "CNVD",
"id": "CNVD-2018-21920"
},
{
"db": "BID",
"id": "105732"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013934"
},
{
"db": "NVD",
"id": "CVE-2018-17935"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1205"
}
]
},
"id": "VAR-201810-0470",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d859061-463f-11e9-94bc-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-21920"
}
],
"trust": 1.55
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d859061-463f-11e9-94bc-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-21920"
}
]
},
"last_update_date": "2023-12-18T13:43:33.115000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "F25 Series",
"trust": 0.8,
"url": "https://telecrane-usa.biz/index.php/en/products/remote-controls/f25-series"
},
{
"title": "Telecrane has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-296-03"
},
{
"title": "TelecraneF25Series unlicensed patch for operating vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/143335"
},
{
"title": "Telecrane F25 Series Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86293"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1315"
},
{
"db": "CNVD",
"id": "CNVD-2018-21920"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013934"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1205"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-294",
"trust": 1.0
},
{
"problemtype": "CWE-254",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013934"
},
{
"db": "NVD",
"id": "CVE-2018-17935"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-296-03"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/105732"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17935"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17935"
},
{
"trust": 0.3,
"url": "https://telecrane.mobi/index.php/en/products/remote-controls/f25-series"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1315"
},
{
"db": "CNVD",
"id": "CNVD-2018-21920"
},
{
"db": "BID",
"id": "105732"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013934"
},
{
"db": "NVD",
"id": "CVE-2018-17935"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1205"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d859061-463f-11e9-94bc-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1315"
},
{
"db": "CNVD",
"id": "CNVD-2018-21920"
},
{
"db": "BID",
"id": "105732"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013934"
},
{
"db": "NVD",
"id": "CVE-2018-17935"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1205"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-26T00:00:00",
"db": "IVD",
"id": "7d859061-463f-11e9-94bc-000c29342cb1"
},
{
"date": "2018-10-24T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1315"
},
{
"date": "2018-10-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-21920"
},
{
"date": "2018-10-23T00:00:00",
"db": "BID",
"id": "105732"
},
{
"date": "2019-03-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013934"
},
{
"date": "2018-10-24T13:29:00.430000",
"db": "NVD",
"id": "CVE-2018-17935"
},
{
"date": "2018-10-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1205"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-24T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1315"
},
{
"date": "2019-01-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-21920"
},
{
"date": "2018-10-23T00:00:00",
"db": "BID",
"id": "105732"
},
{
"date": "2019-03-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013934"
},
{
"date": "2020-09-18T17:23:45.250000",
"db": "NVD",
"id": "CVE-2018-17935"
},
{
"date": "2020-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1205"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1205"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Telecrane F25 Series Command execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d859061-463f-11e9-94bc-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-21920"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "security feature problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1205"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…