Details of VAR-201805-0940

ID

VAR-201805-0940

CVE

CVE-2018-8860

TITLE

Vecna VGo Robot Information Disclosure Vulnerability

Trust: 1.4

sources: IVD: e2ed8ac1-39ab-11e9-a96b-000c29342cb1 // CNVD: CNVD-2018-08451 // CNNVD: CNNVD-201805-232

DESCRIPTION

In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker may be able to capture firmware updates through the adjacent network. Vecna VGo Robot Contains an information disclosure vulnerability.Information may be obtained. VGo is a new productivity improvement solution that allows individuals to replicate themselves in remote locations and move freely as if they were there. Vecna VGo Robot is prone to an information-disclosure vulnerability and an OS command execution vulnerability. Attackers may exploit these issues to obtain sensitive information or execute arbitrary OS commands

Trust: 2.61

sources: NVD: CVE-2018-8860 // JVNDB: JVNDB-2018-004823 // CNVD: CNVD-2018-08451 // BID: 103966 // IVD: e2ed8ac1-39ab-11e9-a96b-000c29342cb1

IOT TAXONOMY

category:	['ICS']	sub_category:	-	Trust: 0.8
category:	['industrial device']	sub_category:	robot	Trust: 0.1

sources: OTHER: None // IVD: e2ed8ac1-39ab-11e9-a96b-000c29342cb1 // CNVD: CNVD-2018-08451

AFFECTED PRODUCTS

vendor:	vecna	model:	vgo	scope:	lt	version:	3.0.3.52164	Trust: 1.8
vendor:	vecna	model:	technologies inc vgo robot	scope:	lt	version:	3.0.3.52164	Trust: 0.6
vendor:	vecna	model:	vgo robot	scope:	eq	version:	3.0.2	Trust: 0.3
vendor:	vecna	model:	vgo robot	scope:	eq	version:	2.1.0	Trust: 0.3
vendor:	vecna	model:	vgo robot	scope:	eq	version:	2.0.0	Trust: 0.3
vendor:	vecna	model:	vgo robot	scope:	eq	version:	1.5.5	Trust: 0.3
vendor:	vecna	model:	vgo robot	scope:	eq	version:	1.5.0	Trust: 0.3
vendor:	vecna	model:	vgo robot	scope:	eq	version:	1.4.2	Trust: 0.3
vendor:	vecna	model:	vgo robot	scope:	ne	version:	3.0.3.52164	Trust: 0.3
vendor:	vgo	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2ed8ac1-39ab-11e9-a96b-000c29342cb1 // CNVD: CNVD-2018-08451 // BID: 103966 // JVNDB: JVNDB-2018-004823 // NVD: CVE-2018-8860

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-8860
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-8860
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-08451
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201805-232
value:	LOW
Trust: 0.6
IVD:	e2ed8ac1-39ab-11e9-a96b-000c29342cb1
value:	LOW
Trust: 0.2

nvd@nist.gov:	CVE-2018-8860
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-08451
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:C/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2ed8ac1-39ab-11e9-a96b-000c29342cb1
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:C/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2018-8860
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: IVD: e2ed8ac1-39ab-11e9-a96b-000c29342cb1 // CNVD: CNVD-2018-08451 // JVNDB: JVNDB-2018-004823 // CNNVD: CNNVD-201805-232 // NVD: CVE-2018-8860

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2018-004823 // NVD: CVE-2018-8860

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201805-232

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201805-232

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004823

PATCH

title:	Top Page	url:	https://www.vecna.com/	Trust: 0.8
title:	Patch for Vecna VGo Robot Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/127511	Trust: 0.6
title:	Vecna VGo Robot Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79911	Trust: 0.6

sources: CNVD: CNVD-2018-08451 // JVNDB: JVNDB-2018-004823 // CNNVD: CNNVD-201805-232

EXTERNAL IDS

db:	NVD	id:	CVE-2018-8860	Trust: 3.6
db:	ICS CERT	id:	ICSA-18-114-01	Trust: 3.3
db:	BID	id:	103966	Trust: 1.3
db:	CNVD	id:	CNVD-2018-08451	Trust: 0.8
db:	CNNVD	id:	CNNVD-201805-232	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-004823	Trust: 0.8
db:	IVD	id:	E2ED8AC1-39AB-11E9-A96B-000C29342CB1	Trust: 0.2
db:	OTHER	id:	NONE	Trust: 0.1

sources: OTHER: None // IVD: e2ed8ac1-39ab-11e9-a96b-000c29342cb1 // CNVD: CNVD-2018-08451 // BID: 103966 // JVNDB: JVNDB-2018-004823 // CNNVD: CNNVD-201805-232 // NVD: CVE-2018-8860

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-114-01	Trust: 3.3
url:	http://www.securityfocus.com/bid/103966	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8860	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-8860	Trust: 0.8
url:	https://www.vecna.com/	Trust: 0.3
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2018-08451 // BID: 103966 // JVNDB: JVNDB-2018-004823 // CNNVD: CNNVD-201805-232 // NVD: CVE-2018-8860

CREDITS

Dan Regalado from Zingbox

Trust: 0.3

sources: BID: 103966

SOURCES

db:	OTHER	id:	-
db:	IVD	id:	e2ed8ac1-39ab-11e9-a96b-000c29342cb1
db:	CNVD	id:	CNVD-2018-08451
db:	BID	id:	103966
db:	JVNDB	id:	JVNDB-2018-004823
db:	CNNVD	id:	CNNVD-201805-232
db:	NVD	id:	CVE-2018-8860

LAST UPDATE DATE

2025-01-30T21:44:28.558000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-08451	date:	2018-04-26T00:00:00
db:	BID	id:	103966	date:	2018-04-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-004823	date:	2018-06-28T00:00:00
db:	CNNVD	id:	CNNVD-201805-232	date:	2018-05-15T00:00:00
db:	NVD	id:	CVE-2018-8860	date:	2024-11-21T04:14:28.320

SOURCES RELEASE DATE

db:	IVD	id:	e2ed8ac1-39ab-11e9-a96b-000c29342cb1	date:	2018-04-26T00:00:00
db:	CNVD	id:	CNVD-2018-08451	date:	2018-04-26T00:00:00
db:	BID	id:	103966	date:	2018-04-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-004823	date:	2018-06-28T00:00:00
db:	CNNVD	id:	CNNVD-201805-232	date:	2018-05-10T00:00:00
db:	NVD	id:	CVE-2018-8860	date:	2018-05-09T21:29:00.323