var-201801-1634
Vulnerability from variot
A vulnerability has been identified in Desigo PXC00-E.D V4.10 (All versions < V4.10.111), Desigo PXC00-E.D V5.00 (All versions < V5.0.171), Desigo PXC00-E.D V5.10 (All versions < V5.10.69), Desigo PXC00-E.D V6.00 (All versions < V6.0.204), Desigo PXC00/64/128-U V4.10 (All versions < V4.10.111 only with web module), Desigo PXC00/64/128-U V5.00 (All versions < V5.0.171 only with web module), Desigo PXC00/64/128-U V5.10 (All versions < V5.10.69 only with web module), Desigo PXC00/64/128-U V6.00 (All versions < V6.0.204 only with web module), Desigo PXC001-E.D V4.10 (All versions < V4.10.111), Desigo PXC001-E.D V5.00 (All versions < V5.0.171), Desigo PXC001-E.D V5.10 (All versions < V5.10.69), Desigo PXC001-E.D V6.00 (All versions < V6.0.204), Desigo PXC100-E.D V4.10 (All versions < V4.10.111), Desigo PXC100-E.D V5.00 (All versions < V5.0.171), Desigo PXC100-E.D V5.10 (All versions < V5.10.69), Desigo PXC100-E.D V6.00 (All versions < V6.0.204), Desigo PXC12-E.D V4.10 (All versions < V4.10.111), Desigo PXC12-E.D V5.00 (All versions < V5.0.171), Desigo PXC12-E.D V5.10 (All versions < V5.10.69), Desigo PXC12-E.D V6.00 (All versions < V6.0.204), Desigo PXC200-E.D V4.10 (All versions < V4.10.111), Desigo PXC200-E.D V5.00 (All versions < V5.0.171), Desigo PXC200-E.D V5.10 (All versions < V5.10.69), Desigo PXC200-E.D V6.00 (All versions < V6.0.204), Desigo PXC22-E.D V4.10 (All versions < V4.10.111), Desigo PXC22-E.D V5.00 (All versions < V5.0.171), Desigo PXC22-E.D V5.10 (All versions < V5.10.69), Desigo PXC22-E.D V6.00 (All versions < V6.0.204), Desigo PXC22.1-E.D V4.10 (All versions < V4.10.111), Desigo PXC22.1-E.D V5.00 (All versions < V5.0.171), Desigo PXC22.1-E.D V5.10 (All versions < V5.10.69), Desigo PXC22.1-E.D V6.00 (All versions < V6.0.204), Desigo PXC36.1-E.D V4.10 (All versions < V4.10.111), Desigo PXC36.1-E.D V5.00 (All versions < V5.0.171), Desigo PXC36.1-E.D V5.10 (All versions < V5.10.69), Desigo PXC36.1-E.D V6.00 (All versions < V6.0.204), Desigo PXC50-E.D V4.10 (All versions < V4.10.111), Desigo PXC50-E.D V5.00 (All versions < V5.0.171), Desigo PXC50-E.D V5.10 (All versions < V5.10.69), Desigo PXC50-E.D V6.00 (All versions < V6.0.204), Desigo PXM20-E V4.10 (All versions < V4.10.111), Desigo PXM20-E V5.00 (All versions < V5.0.171), Desigo PXM20-E V5.10 (All versions < V5.10.69), Desigo PXM20-E V6.00 (All versions < V6.0.204). A remote attacker with network access to the device could potentially upload a new firmware image to the devices without prior authentication. plural Desigo Automation Controller and Desigo Operator Unit Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The SIEMENS building automation system Desigo PX programmable automation station offers a flexible solution for alarm signals, time-based logging and trends, which can be modified or expanded at any time. A file upload vulnerability exists in the Siemens DESIGO PX firmware, which is used by unauthenticated remote attackers to upload malicious firmware. Multiple Siemens Desigo Automation Controllers are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. The following products and versions are vulnerable: Versions prior to Desigo Automation Controllers Compact PXC12/22/36-E.D 6.00.204 Versions prior to Desigo Automation Controllers Modular PXC00/50/100/200-E.D 6.00.204 Versions prior to Desigo Automation Controllers PXC00/64/128-U with Web module 6.00.204 Versions prior to Desigo Automation Controllers for Integration PXC001-E.D 6.00.204, and Versions prior to Desigo Operator Unit PXM20-E 6.00.204
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-1634",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pxc001-e.d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.204"
},
{
"model": "pxc00\\/50\\/100\\/200-e.d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.204"
},
{
"model": "pxm20-e",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.204"
},
{
"model": "pxc00\\/64\\/128-u",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.204"
},
{
"model": "pxc12\\/22\\/36-e.d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.00.204"
},
{
"model": "pxc00/50/100/200-e.d",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "pxc00/64/128-u",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "pxc001-e.d",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "pxc12/22/36-e.d",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "pxm20-e",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "desigo automation controllers compact pxc12/22/36-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.204"
},
{
"model": "desigo automation controllers modular pxc00/50/100/200-e.d",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.204"
},
{
"model": "desigo automation controllers pxc00/64/128-u with web module",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.204"
},
{
"model": "desigo operator unit pxm20-e",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "6.00.204"
},
{
"model": "desigo operator unit pxm20-e",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "desigo automation controllers pxc00/64/128-u with web module",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "desigo automation controllers modular pxc00/50/100/200-e.d",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "desigo automation controllers for integration pxc001-e.d",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "desigo automation controllers compact pxc12/22/36-e.d",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "6.0"
},
{
"model": "desigo operator unit pxm20-e",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "6.0.204"
},
{
"model": "desigo automation controllers pxc00/64/128-u with web module",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "6.0.204"
},
{
"model": "desigo automation controllers modular pxc00/50/100/200-e.d",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "6.0.204"
},
{
"model": "desigo automation controllers for integration pxc001-e.d",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "6.0.204"
},
{
"model": "desigo automation controllers compact pxc12/22/36-e.d",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "6.0.204"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxc12 22 36 e d",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxc00 50 100 200 e d",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxc00 64 128 u",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxc001 e d",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pxm20 e",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e2dc61-39ab-11e9-b10a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-01794"
},
{
"db": "BID",
"id": "102850"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001742"
},
{
"db": "NVD",
"id": "CVE-2018-4834"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:siemens:pxc00%2f50%2f100%2f200-e.d_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:pxc00%2f64%2f128-u_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:pxc001-e.d_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:pxc12%2f22%2f36-e.d_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:siemens:pxm20-e_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001742"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Can Demirel and Melih Berk Eksioglu from Biznet Bilisim",
"sources": [
{
"db": "BID",
"id": "102850"
}
],
"trust": 0.3
},
"cve": "CVE-2018-4834",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-4834",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-01794",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2e2dc61-39ab-11e9-b10a-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "productcert@siemens.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-4834",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-4834",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-4834",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "productcert@siemens.com",
"id": "CVE-2018-4834",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-4834",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-01794",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-911",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2e2dc61-39ab-11e9-b10a-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2018-4834",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e2dc61-39ab-11e9-b10a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-01794"
},
{
"db": "VULMON",
"id": "CVE-2018-4834"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001742"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-911"
},
{
"db": "NVD",
"id": "CVE-2018-4834"
},
{
"db": "NVD",
"id": "CVE-2018-4834"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in Desigo PXC00-E.D V4.10 (All versions \u003c V4.10.111), Desigo PXC00-E.D V5.00 (All versions \u003c V5.0.171), Desigo PXC00-E.D V5.10 (All versions \u003c V5.10.69), Desigo PXC00-E.D V6.00 (All versions \u003c V6.0.204), Desigo PXC00/64/128-U V4.10 (All versions \u003c V4.10.111 only with web module), Desigo PXC00/64/128-U V5.00 (All versions \u003c V5.0.171 only with web module), Desigo PXC00/64/128-U V5.10 (All versions \u003c V5.10.69 only with web module), Desigo PXC00/64/128-U V6.00 (All versions \u003c V6.0.204 only with web module), Desigo PXC001-E.D V4.10 (All versions \u003c V4.10.111), Desigo PXC001-E.D V5.00 (All versions \u003c V5.0.171), Desigo PXC001-E.D V5.10 (All versions \u003c V5.10.69), Desigo PXC001-E.D V6.00 (All versions \u003c V6.0.204), Desigo PXC100-E.D V4.10 (All versions \u003c V4.10.111), Desigo PXC100-E.D V5.00 (All versions \u003c V5.0.171), Desigo PXC100-E.D V5.10 (All versions \u003c V5.10.69), Desigo PXC100-E.D V6.00 (All versions \u003c V6.0.204), Desigo PXC12-E.D V4.10 (All versions \u003c V4.10.111), Desigo PXC12-E.D V5.00 (All versions \u003c V5.0.171), Desigo PXC12-E.D V5.10 (All versions \u003c V5.10.69), Desigo PXC12-E.D V6.00 (All versions \u003c V6.0.204), Desigo PXC200-E.D V4.10 (All versions \u003c V4.10.111), Desigo PXC200-E.D V5.00 (All versions \u003c V5.0.171), Desigo PXC200-E.D V5.10 (All versions \u003c V5.10.69), Desigo PXC200-E.D V6.00 (All versions \u003c V6.0.204), Desigo PXC22-E.D V4.10 (All versions \u003c V4.10.111), Desigo PXC22-E.D V5.00 (All versions \u003c V5.0.171), Desigo PXC22-E.D V5.10 (All versions \u003c V5.10.69), Desigo PXC22-E.D V6.00 (All versions \u003c V6.0.204), Desigo PXC22.1-E.D V4.10 (All versions \u003c V4.10.111), Desigo PXC22.1-E.D V5.00 (All versions \u003c V5.0.171), Desigo PXC22.1-E.D V5.10 (All versions \u003c V5.10.69), Desigo PXC22.1-E.D V6.00 (All versions \u003c V6.0.204), Desigo PXC36.1-E.D V4.10 (All versions \u003c V4.10.111), Desigo PXC36.1-E.D V5.00 (All versions \u003c V5.0.171), Desigo PXC36.1-E.D V5.10 (All versions \u003c V5.10.69), Desigo PXC36.1-E.D V6.00 (All versions \u003c V6.0.204), Desigo PXC50-E.D V4.10 (All versions \u003c V4.10.111), Desigo PXC50-E.D V5.00 (All versions \u003c V5.0.171), Desigo PXC50-E.D V5.10 (All versions \u003c V5.10.69), Desigo PXC50-E.D V6.00 (All versions \u003c V6.0.204), Desigo PXM20-E V4.10 (All versions \u003c V4.10.111), Desigo PXM20-E V5.00 (All versions \u003c V5.0.171), Desigo PXM20-E V5.10 (All versions \u003c V5.10.69), Desigo PXM20-E V6.00 (All versions \u003c V6.0.204). A remote attacker with network access to the device could potentially upload a new firmware image to the devices without prior authentication. plural Desigo Automation Controller and Desigo Operator Unit Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The SIEMENS building automation system Desigo PX programmable automation station offers a flexible solution for alarm signals, time-based logging and trends, which can be modified or expanded at any time. A file upload vulnerability exists in the Siemens DESIGO PX firmware, which is used by unauthenticated remote attackers to upload malicious firmware. Multiple Siemens Desigo Automation Controllers are prone to an authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. \nThe following products and versions are vulnerable:\nVersions prior to Desigo Automation Controllers Compact PXC12/22/36-E.D 6.00.204\nVersions prior to Desigo Automation Controllers Modular PXC00/50/100/200-E.D 6.00.204\nVersions prior to Desigo Automation Controllers PXC00/64/128-U with Web module 6.00.204\nVersions prior to Desigo Automation Controllers for Integration PXC001-E.D 6.00.204, and\nVersions prior to Desigo Operator Unit PXM20-E 6.00.204",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4834"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001742"
},
{
"db": "CNVD",
"id": "CNVD-2018-01794"
},
{
"db": "BID",
"id": "102850"
},
{
"db": "IVD",
"id": "e2e2dc61-39ab-11e9-b10a-000c29342cb1"
},
{
"db": "VULMON",
"id": "CVE-2018-4834"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-4834",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-824231",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-025-02",
"trust": 1.0
},
{
"db": "BID",
"id": "102850",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2018-01794",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201801-911",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-18-025-02B",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001742",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E2DC61-39AB-11E9-B10A-000C29342CB1",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2018-4834",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e2dc61-39ab-11e9-b10a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-01794"
},
{
"db": "VULMON",
"id": "CVE-2018-4834"
},
{
"db": "BID",
"id": "102850"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001742"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-911"
},
{
"db": "NVD",
"id": "CVE-2018-4834"
}
]
},
"id": "VAR-201801-1634",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e2dc61-39ab-11e9-b10a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-01794"
}
],
"trust": 1.24476795
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2e2dc61-39ab-11e9-b10a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-01794"
}
]
},
"last_update_date": "2024-11-23T22:00:42.005000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-824231",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-824231.pdf"
},
{
"title": "Siemens DESIGO PX firmware file upload vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/114337"
},
{
"title": "Multiple Siemens Product security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=78050"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ad565e4187fa42b73d7b4e67bd2ff770"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01794"
},
{
"db": "VULMON",
"id": "CVE-2018-4834"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001742"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-911"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-434",
"trust": 1.8
},
{
"problemtype": "CWE-306",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001742"
},
{
"db": "NVD",
"id": "CVE-2018-4834"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-824231.pdf"
},
{
"trust": 1.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-824231.pdf"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/102850"
},
{
"trust": 1.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-025-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4834"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-025-02b"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4834"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/434.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=56580"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01794"
},
{
"db": "VULMON",
"id": "CVE-2018-4834"
},
{
"db": "BID",
"id": "102850"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001742"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-911"
},
{
"db": "NVD",
"id": "CVE-2018-4834"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e2dc61-39ab-11e9-b10a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-01794"
},
{
"db": "VULMON",
"id": "CVE-2018-4834"
},
{
"db": "BID",
"id": "102850"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001742"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-911"
},
{
"db": "NVD",
"id": "CVE-2018-4834"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-25T00:00:00",
"db": "IVD",
"id": "e2e2dc61-39ab-11e9-b10a-000c29342cb1"
},
{
"date": "2018-01-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01794"
},
{
"date": "2018-01-24T00:00:00",
"db": "VULMON",
"id": "CVE-2018-4834"
},
{
"date": "2018-01-25T00:00:00",
"db": "BID",
"id": "102850"
},
{
"date": "2018-03-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001742"
},
{
"date": "2018-01-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-911"
},
{
"date": "2018-01-24T16:29:00.233000",
"db": "NVD",
"id": "CVE-2018-4834"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01794"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-4834"
},
{
"date": "2018-01-25T00:00:00",
"db": "BID",
"id": "102850"
},
{
"date": "2018-03-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001742"
},
{
"date": "2023-06-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-911"
},
{
"date": "2024-11-21T04:07:32.887000",
"db": "NVD",
"id": "CVE-2018-4834"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-911"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens DESIGO PX Firmware file upload vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2e2dc61-39ab-11e9-b10a-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-01794"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "e2e2dc61-39ab-11e9-b10a-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-911"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…