Details of VAR-201802-0934

ID

VAR-201802-0934

CVE

CVE-2018-5473

TITLE

GE D60 Line Distance Relay Device firmware buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-002425

DESCRIPTION

An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. The SSH functions of the device are vulnerable to buffer overflow conditions that may allow a remote attacker to execute arbitrary code on the device. GeneralElectricCompany is a manufacturer of electrical equipment, electrical and electronic equipment. General Electric (GE) D60 Line Distance Relay is prone to multiple buffer-overflow vulnerabilities because the application fails to handle exceptions properly. Failed exploits will result in denial-of-service condition. D60 devices running firmware Version 7.11 and prior are vulnerable. The product is used to protect transmission lines and cables, supports double circuit breaker applications, and can be used in single-pole or three-pole tripping applications. The vulnerability is caused by the program not properly restricting operations within the boundaries of the memory buffer

Trust: 2.61

sources: NVD: CVE-2018-5473 // JVNDB: JVNDB-2018-002425 // CNVD: CNVD-2018-03479 // BID: 103054 // VULHUB: VHN-135504 // VULMON: CVE-2018-5473

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-03479

AFFECTED PRODUCTS

vendor:	ge	model:	d60 line distance relay	scope:	lte	version:	7.11	Trust: 1.0
vendor:	general	model:	electric d60 line distance relay	scope:	eq	version:	7.11	Trust: 0.9
vendor:	general electric	model:	d60 line distance relay	scope:	lte	version:	7.11	Trust: 0.8
vendor:	gegridsolutions	model:	d60 line distance relay	scope:	eq	version:	7.11	Trust: 0.6

sources: CNVD: CNVD-2018-03479 // BID: 103054 // JVNDB: JVNDB-2018-002425 // CNNVD: CNNVD-201802-813 // NVD: CVE-2018-5473

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-5473
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-5473
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2018-03479
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201802-813
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-135504
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-5473
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-5473
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2018-03479
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-135504
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-5473
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2018-5473
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2018-03479 // VULHUB: VHN-135504 // VULMON: CVE-2018-5473 // JVNDB: JVNDB-2018-002425 // CNNVD: CNNVD-201802-813 // NVD: CVE-2018-5473

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-135504 // JVNDB: JVNDB-2018-002425 // NVD: CVE-2018-5473

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-813

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201802-813

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-002425

PATCH

title:	Top Page	url:	https://www.gegridsolutions.com/	Trust: 0.8
title:	GeneralElectricD60LineDistanceRelay Patch for Buffer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/117909	Trust: 0.6
title:	GE D60 Line Distance Relay devices Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100260	Trust: 0.6

sources: CNVD: CNVD-2018-03479 // JVNDB: JVNDB-2018-002425 // CNNVD: CNNVD-201802-813

EXTERNAL IDS

db:	ICS CERT	id:	ICSA-18-046-02	Trust: 3.5
db:	NVD	id:	CVE-2018-5473	Trust: 3.5
db:	BID	id:	103054	Trust: 2.1
db:	JVNDB	id:	JVNDB-2018-002425	Trust: 0.8
db:	CNNVD	id:	CNNVD-201802-813	Trust: 0.7
db:	BID	id:	103054103054	Trust: 0.6
db:	CNVD	id:	CNVD-2018-03479	Trust: 0.6
db:	VULHUB	id:	VHN-135504	Trust: 0.1
db:	VULMON	id:	CVE-2018-5473	Trust: 0.1

sources: CNVD: CNVD-2018-03479 // VULHUB: VHN-135504 // VULMON: CVE-2018-5473 // BID: 103054 // JVNDB: JVNDB-2018-002425 // CNNVD: CNNVD-201802-813 // NVD: CVE-2018-5473

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-046-02	Trust: 3.6
url:	http://www.securityfocus.com/bid/103054	Trust: 1.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5473	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-5473	Trust: 0.8
url:	https://www.gegridsolutions.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2018-03479 // VULHUB: VHN-135504 // VULMON: CVE-2018-5473 // BID: 103054 // JVNDB: JVNDB-2018-002425 // CNNVD: CNNVD-201802-813 // NVD: CVE-2018-5473

CREDITS

Kirill Nesterov of Kaspersky Labs

Trust: 0.3

sources: BID: 103054

SOURCES

db:	CNVD	id:	CNVD-2018-03479
db:	VULHUB	id:	VHN-135504
db:	VULMON	id:	CVE-2018-5473
db:	BID	id:	103054
db:	JVNDB	id:	JVNDB-2018-002425
db:	CNNVD	id:	CNNVD-201802-813
db:	NVD	id:	CVE-2018-5473

LAST UPDATE DATE

2024-11-23T22:17:39.088000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-03479	date:	2018-02-26T00:00:00
db:	VULHUB	id:	VHN-135504	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2018-5473	date:	2021-08-18T00:00:00
db:	BID	id:	103054	date:	2018-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2018-002425	date:	2018-04-11T00:00:00
db:	CNNVD	id:	CNNVD-201802-813	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-5473	date:	2024-11-21T04:08:52.313

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-03479	date:	2018-02-26T00:00:00
db:	VULHUB	id:	VHN-135504	date:	2018-02-19T00:00:00
db:	VULMON	id:	CVE-2018-5473	date:	2018-02-19T00:00:00
db:	BID	id:	103054	date:	2018-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2018-002425	date:	2018-04-11T00:00:00
db:	CNNVD	id:	CNNVD-201802-813	date:	2018-02-19T00:00:00
db:	NVD	id:	CVE-2018-5473	date:	2018-02-19T18:29:00.257