CVE-2018-7793 - OpenCVE

A Credential Management vulnerability exists in FoxView HMI SCADA (All Foxboro DCS, Foxboro Evo, and IA Series versions prior to Foxboro DCS Control Core Services 9.4 (CCS 9.4) and FoxView 10.5.) which could cause unauthorized disclosure, modification, or disruption in service when the password is modified without permission.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Schneider-electric	Foxboro Evo Foxview Foxboro Dcs Ia Series

Configuration 1 [-]

OR	cpe:2.3:a:schneider-electric:foxboro_dcs::::::::
	cpe:2.3:a:schneider-electric:foxboro_evo::::::::
	cpe:2.3:a:schneider-electric:foxview:10.5:::::::*
	cpe:2.3:a:schneider-electric:ia_series::::::::

References

Link	Resource
https://www.schneider-electric.com/en/download/document/SEVD-2018-353-03/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: schneider

Published: 2018-12-24T16:00:00

Updated: 2018-12-24T15:57:01

Reserved: 2018-03-08T00:00:00

Link: CVE-2018-7793

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-12-24T16:29:00.640

Modified: 2020-08-24T17:37:01.140

Link: CVE-2018-7793

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "FoxView HMI SCADA (All Foxboro DCS, Foxboro Evo, and IA Series versions prior to Foxboro DCS Control Core Services 9.4 (CCS 9.4) and FoxView 10.5.)", "vendor": "Schneider Electric SE", "versions": [{"status": "affected", "version": "FoxView HMI SCADA (All Foxboro DCS, Foxboro Evo, and IA Series versions prior to Foxboro DCS Control Core Services 9.4 (CCS 9.4) and FoxView 10.5.)"}]}], "datePublic": "2018-12-24T00:00:00", "descriptions": [{"lang": "en", "value": "A Credential Management vulnerability exists in FoxView HMI SCADA (All Foxboro DCS, Foxboro Evo, and IA Series versions prior to Foxboro DCS Control Core Services 9.4 (CCS 9.4) and FoxView 10.5.) which could cause unauthorized disclosure, modification, or disruption in service when the password is modified without permission."}], "problemTypes": [{"descriptions": [{"description": "Credential Management", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-12-24T15:57:01", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-353-03/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2018-7793", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "FoxView HMI SCADA (All Foxboro DCS, Foxboro Evo, and IA Series versions prior to Foxboro DCS Control Core Services 9.4 (CCS 9.4) and FoxView 10.5.)", "version": {"version_data": [{"version_value": "FoxView HMI SCADA (All Foxboro DCS, Foxboro Evo, and IA Series versions prior to Foxboro DCS Control Core Services 9.4 (CCS 9.4) and FoxView 10.5.)"}]}}]}, "vendor_name": "Schneider Electric SE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Credential Management vulnerability exists in FoxView HMI SCADA (All Foxboro DCS, Foxboro Evo, and IA Series versions prior to Foxboro DCS Control Core Services 9.4 (CCS 9.4) and FoxView 10.5.) which could cause unauthorized disclosure, modification, or disruption in service when the password is modified without permission."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Credential Management"}]}]}, "references": {"reference_data": [{"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-353-03/", "refsource": "CONFIRM", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-353-03/"}]}}}}, "cveMetadata": {"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2018-7793", "datePublished": "2018-12-24T16:00:00", "dateReserved": "2018-03-08T00:00:00", "dateUpdated": "2018-12-24T15:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:foxboro_dcs:*:*:*:*:*:*:*:*", "matchCriteriaId": "DBD743B7-7CED-46B6-9ECD-0C082BD8F5DB", "versionEndExcluding": "ccs_9.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:schneider-electric:foxboro_evo:*:*:*:*:*:*:*:*", "matchCriteriaId": "FE0621CA-DEB5-46C6-8F6C-EABA5DA04DFE", "versionEndExcluding": "ccs_9.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:schneider-electric:foxview:10.5:*:*:*:*:*:*:*", "matchCriteriaId": "875225C7-6546-41BB-96DB-450F5C99494E", "vulnerable": true}, {"criteria": "cpe:2.3:a:schneider-electric:ia_series:*:*:*:*:*:*:*:*", "matchCriteriaId": "9EDC2A27-E072-4D61-9A35-714571A3E9A1", "versionEndExcluding": "ccs_9.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A Credential Management vulnerability exists in FoxView HMI SCADA (All Foxboro DCS, Foxboro Evo, and IA Series versions prior to Foxboro DCS Control Core Services 9.4 (CCS 9.4) and FoxView 10.5.) which could cause unauthorized disclosure, modification, or disruption in service when the password is modified without permission."}, {"lang": "es", "value": "Existe una vulnerabilidad de gesti\u00f3n de credenciales en FoxView HMI SCADA (todas las versiones de Foxboro DCS, Foxboro Evo e IA Series anteriores a Foxboro DCS Control Core Services 9.4 (CCS 9.4) y FoxView 10.5.) que podr\u00eda permitir la divulgaci\u00f3n, modificaci\u00f3n o interrupci\u00f3n no autorizada del servicio cuando se modifica la contrase\u00f1a sin permiso."}], "id": "CVE-2018-7793", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L", "version": "3.0"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-12-24T16:29:00.640", "references": [{"source": "cybersecurity@se.com", "tags": ["Vendor Advisory"], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-353-03/"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}