CVE-2018-19023 - OpenCVE

Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state.

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:A/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Hetronic	Es-can-hl Firmware Nova-m Firmware Bms-hl Bms-hl Firmware Dc Mobile Dc Mobile Firmware Mlc Firmware Mlc Es-can-hl Nova-m

Configuration 1 [-]

AND

cpe:2.3:o:hetronic:nova-m_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hetronic:nova-m:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:hetronic:es-can-hl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hetronic:es-can-hl:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:hetronic:bms-hl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hetronic:bms-hl:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:hetronic:mlc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hetronic:mlc:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:hetronic:dc_mobile_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:hetronic:dc_mobile:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/106448	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-19-003-03	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2019-01-03T00:00:00

Updated: 2019-02-01T00:57:01

Reserved: 2018-11-06T00:00:00

Link: CVE-2018-19023

JSON object: View

NVD Information

Status : Modified

Published: 2019-01-25T20:29:00.330

Modified: 2019-10-09T23:37:37.647

Link: CVE-2018-19023

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Hetronic Nova-M", "vendor": "Hetronic", "versions": [{"status": "affected", "version": "All versions prior to version r161"}]}], "datePublic": "2019-01-03T00:00:00", "descriptions": [{"lang": "en", "value": "Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent \"stop\" state."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-294", "description": "AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-02-01T00:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-003-03"}, {"name": "106448", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106448"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2019-01-03T00:00:00", "ID": "CVE-2018-19023", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Hetronic Nova-M", "version": {"version_data": [{"version_value": "All versions prior to version r161"}]}}]}, "vendor_name": "Hetronic"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent \"stop\" state."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-003-03", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-003-03"}, {"name": "106448", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106448"}]}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-19023", "datePublished": "2019-01-03T00:00:00", "dateReserved": "2018-11-06T00:00:00", "dateUpdated": "2019-02-01T00:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hetronic:nova-m_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A445383-F447-497B-8AC6-60B795F19686", "versionEndExcluding": "r161", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hetronic:nova-m:-:*:*:*:*:*:*:*", "matchCriteriaId": "6EF7F3AA-0E94-4E0C-9640-3DB565A334C5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hetronic:es-can-hl_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8175E41A-4B7C-43B5-A47D-EF0C1DD9E795", "versionEndExcluding": "main_r1864", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hetronic:es-can-hl:-:*:*:*:*:*:*:*", "matchCriteriaId": "7720655C-8D6B-4844-A882-FB9700BBC376", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hetronic:bms-hl_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "315F1990-69CF-4BA5-8B6A-C4DF6BE0E5E7", "versionEndExcluding": "main_r1175", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hetronic:bms-hl:-:*:*:*:*:*:*:*", "matchCriteriaId": "8588B38E-25D9-4C28-B99F-CA0A1C4A7E70", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hetronic:mlc_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "97F85EC8-E927-4D41-92F7-51DC3C8FF72F", "versionEndExcluding": "main_r1600", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hetronic:mlc:-:*:*:*:*:*:*:*", "matchCriteriaId": "96D1E7A8-31C7-40CE-B114-E1336EFFA27C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hetronic:dc_mobile_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "12945B5F-FF44-4B42-9FDE-98034B9342F1", "versionEndExcluding": "main_r515", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:hetronic:dc_mobile:-:*:*:*:*:*:*:*", "matchCriteriaId": "7D52574C-9899-4395-BDAC-DB3819067719", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent \"stop\" state."}, {"lang": "es", "value": "Hetronic Nova-M, en versiones anteriores a la r161, emplea c\u00f3digos fijos que pueden reproducirse mediante el rastreo y la retransmisi\u00f3n. Esto puede conducir a la reproducci\u00f3n no autorizada de un comando, la suplantaci\u00f3n de un mensaje arbitrario o al mantenimiento de la carga controlada en un estado de parada permanente."}], "id": "CVE-2018-19023", "lastModified": "2019-10-09T23:37:37.647", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-01-25T20:29:00.330", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106448"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-003-03"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-294"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}