CVE-2018-14790 - OpenCVE

Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. A buffer over-read vulnerability may allow remote code execution on the device.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Fujielectric	Frenic Loader 3.3 Firmware Frenic-mini\(c2\) Frenic-eco Frenic-mega Frenic-mini\(c1\) Frenic-ace Frenic-multi

Configuration 1 [-]

AND

cpe:2.3:o:fujielectric:frenic_loader_3.3_firmware:7.3.4.1a:*:*:*:*:*:*:*

OR	cpe:2.3:h:fujielectric:frenic-ace:-:::::::*
	cpe:2.3:h:fujielectric:frenic-eco:-:::::::*
	cpe:2.3:h:fujielectric:frenic-mega:-:::::::*
	cpe:2.3:h:fujielectric:frenic-mini\(c1\):-:::::::*
	cpe:2.3:h:fujielectric:frenic-mini\(c2\):-:::::::*
	cpe:2.3:h:fujielectric:frenic-multi:-:::::::*

References

Link	Resource
http://www.securityfocus.com/bid/105408	VDB Entry Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-270-03	Mitigation Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2018-09-27T00:00:00

Updated: 2018-10-02T09:57:01

Reserved: 2018-08-01T00:00:00

Link: CVE-2018-14790

JSON object: View

NVD Information

Status : Modified

Published: 2018-10-01T13:29:00.440

Modified: 2019-10-09T23:35:12.717

Link: CVE-2018-14790

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "FRENIC LOADER of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace", "vendor": "Fuji Electric", "versions": [{"status": "affected", "version": "v3.3 v7.3.4.1a"}]}], "datePublic": "2018-09-27T00:00:00", "descriptions": [{"lang": "en", "value": "Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. A buffer over-read vulnerability may allow remote code execution on the device."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-126", "description": "BUFFER OVER-READ CWE-126", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-10-02T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"name": "105408", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105408"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-03"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-09-27T00:00:00", "ID": "CVE-2018-14790", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "FRENIC LOADER of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace", "version": {"version_data": [{"version_value": "v3.3 v7.3.4.1a"}]}}]}, "vendor_name": "Fuji Electric"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. A buffer over-read vulnerability may allow remote code execution on the device."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "BUFFER OVER-READ CWE-126"}]}]}, "references": {"reference_data": [{"name": "105408", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105408"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-03", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-03"}]}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-14790", "datePublished": "2018-09-27T00:00:00", "dateReserved": "2018-08-01T00:00:00", "dateUpdated": "2018-10-02T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fujielectric:frenic_loader_3.3_firmware:7.3.4.1a:*:*:*:*:*:*:*", "matchCriteriaId": "047DAA36-D21F-4563-8C57-9829048BBAA3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fujielectric:frenic-ace:-:*:*:*:*:*:*:*", "matchCriteriaId": "E9D4C166-2E13-45FF-A2FD-410D36DE3DAF", "vulnerable": false}, {"criteria": "cpe:2.3:h:fujielectric:frenic-eco:-:*:*:*:*:*:*:*", "matchCriteriaId": "ECB1557C-2F2E-41BF-B288-02694D7170CB", "vulnerable": false}, {"criteria": "cpe:2.3:h:fujielectric:frenic-mega:-:*:*:*:*:*:*:*", "matchCriteriaId": "B895CAB3-FE3A-4B4C-BC57-764D153461DF", "vulnerable": false}, {"criteria": "cpe:2.3:h:fujielectric:frenic-mini\\(c1\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "E4E0156F-6435-4DE6-97E0-E7E9D85621DD", "vulnerable": false}, {"criteria": "cpe:2.3:h:fujielectric:frenic-mini\\(c2\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "858682FA-3073-410B-9BE7-FFA77D9753C0", "vulnerable": false}, {"criteria": "cpe:2.3:h:fujielectric:frenic-multi:-:*:*:*:*:*:*:*", "matchCriteriaId": "FA31A696-5425-47CB-84EB-527FEEA86CC9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. A buffer over-read vulnerability may allow remote code execution on the device."}, {"lang": "es", "value": "Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a de FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA y FRENIC-Ace. Una vulnerabilidad de sobrelectura de b\u00fafer podr\u00eda permitir la ejecuci\u00f3n remota de c\u00f3digo en el dispositivo."}], "id": "CVE-2018-14790", "lastModified": "2019-10-09T23:35:12.717", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-01T13:29:00.440", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["VDB Entry", "Third Party Advisory"], "url": "http://www.securityfocus.com/bid/105408"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-03"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-126"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}