Sign-up

ID

VAR-201805-0944


CVE

CVE-2018-8865


TITLE

Lantech IDS 2102 Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-004582 // CNNVD: CNNVD-201805-177

DESCRIPTION

In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow vulnerability has been identified which may allow remote code execution. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Lantech IDS 2102 Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Lantech IDS 2102 is an Ethernet device server. A remote attacker could exploit the vulnerability to execute code. Lantech IDS 2102 is prone to the following multiple security vulnerabilities: 1. A stack-based buffer-overflow vulnerability 2. Failed exploit attempts will likely cause a denial-of-service condition

Trust: 2.79

sources: NVD: CVE-2018-8865 // JVNDB: JVNDB-2018-004582 // CNVD: CNVD-2018-09215 // BID: 104098 // IVD: e2eec340-39ab-11e9-b9f1-000c29342cb1 // VULHUB: VHN-138897 // VULMON: CVE-2018-8865

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2eec340-39ab-11e9-b9f1-000c29342cb1 // CNVD: CNVD-2018-09215

AFFECTED PRODUCTS

vendor:lantechmodel:ids 2102scope:eqversion: -

Trust: 1.6

vendor:lantechmodel:ids-2102ascope:lteversion:2.0

Trust: 0.8

vendor:lantechmodel:idsscope:eqversion:2102<=2.0

Trust: 0.6

vendor:lantechmodel:idsscope:eqversion:21022.0

Trust: 0.3

vendor:ids 2102model: - scope:eqversion: -

Trust: 0.2

sources: IVD: e2eec340-39ab-11e9-b9f1-000c29342cb1 // CNVD: CNVD-2018-09215 // BID: 104098 // JVNDB: JVNDB-2018-004582 // CNNVD: CNNVD-201805-177 // NVD: CVE-2018-8865

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-8865
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-8865
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-09215
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201805-177
value: CRITICAL

Trust: 0.6

IVD: e2eec340-39ab-11e9-b9f1-000c29342cb1
value: CRITICAL

Trust: 0.2

VULHUB: VHN-138897
value: HIGH

Trust: 0.1

VULMON: CVE-2018-8865
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-8865
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-09215
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2eec340-39ab-11e9-b9f1-000c29342cb1
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-138897
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-8865
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-8865
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: e2eec340-39ab-11e9-b9f1-000c29342cb1 // CNVD: CNVD-2018-09215 // VULHUB: VHN-138897 // VULMON: CVE-2018-8865 // JVNDB: JVNDB-2018-004582 // CNNVD: CNNVD-201805-177 // NVD: CVE-2018-8865

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-138897 // JVNDB: JVNDB-2018-004582 // NVD: CVE-2018-8865

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-177

TYPE

Buffer error

Trust: 0.8

sources: IVD: e2eec340-39ab-11e9-b9f1-000c29342cb1 // CNNVD: CNNVD-201805-177

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004582

PATCH
title:IDS-2102Aurl:http://www.lantechcom.tw/global/eng/industrial-serial-devices.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-004582

EXTERNAL IDS
db:NVDid:CVE-2018-8865
Trust: 3.7
db:ICS CERTid:ICSA-18-123-01
Trust: 3.5
db:BIDid:104098
Trust: 2.1
db:CNNVDid:CNNVD-201805-177
Trust: 0.9
db:CNVDid:CNVD-2018-09215
Trust: 0.8
db:JVNDBid:JVNDB-2018-004582
Trust: 0.8
db:IVDid:E2EEC340-39AB-11E9-B9F1-000C29342CB1
Trust: 0.2
db:VULHUBid:VHN-138897
Trust: 0.1
db:VULMONid:CVE-2018-8865
Trust: 0.1
sources:
            
            
            IVD: e2eec340-39ab-11e9-b9f1-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-09215 // 
            
            
            
            VULHUB: VHN-138897 // 
            
            
            
            VULMON: CVE-2018-8865 // 
            
            
            
            BID: 104098 // 
            
            
            
            JVNDB: JVNDB-2018-004582 // 
            
            
            
            CNNVD: CNNVD-201805-177 // 
            
            
            
            NVD: CVE-2018-8865

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-123-01
Trust: 3.6
url:http://www.securityfocus.com/bid/104098
Trust: 1.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8865
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-8865
Trust: 0.8
url:https://www.lantech.com/?region=1
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/787.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-09215 // 
            
            
            
            VULHUB: VHN-138897 // 
            
            
            
            VULMON: CVE-2018-8865 // 
            
            
            
            BID: 104098 // 
            
            
            
            JVNDB: JVNDB-2018-004582 // 
            
            
            
            CNNVD: CNNVD-201805-177 // 
            
            
            
            NVD: CVE-2018-8865

CREDITS
Florian Adamsky
Trust: 0.3
sources:
            
            
            BID: 104098

SOURCES
db:IVDid:e2eec340-39ab-11e9-b9f1-000c29342cb1
db:CNVDid:CNVD-2018-09215
db:VULHUBid:VHN-138897
db:VULMONid:CVE-2018-8865
db:BIDid:104098
db:JVNDBid:JVNDB-2018-004582
db:CNNVDid:CNNVD-201805-177
db:NVDid:CVE-2018-8865

LAST UPDATE DATE
2024-11-23T22:26:23.209000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-09215date:2018-05-10T00:00:00
db:VULHUBid:VHN-138897date:2020-09-29T00:00:00
db:VULMONid:CVE-2018-8865date:2020-09-29T00:00:00
db:BIDid:104098date:2018-05-03T00:00:00
db:JVNDBid:JVNDB-2018-004582date:2018-06-25T00:00:00
db:CNNVDid:CNNVD-201805-177date:2020-09-30T00:00:00
db:NVDid:CVE-2018-8865date:2024-11-21T04:14:29.003

SOURCES RELEASE DATE
db:IVDid:e2eec340-39ab-11e9-b9f1-000c29342cb1date:2018-05-10T00:00:00
db:CNVDid:CNVD-2018-09215date:2018-05-10T00:00:00
db:VULHUBid:VHN-138897date:2018-05-04T00:00:00
db:VULMONid:CVE-2018-8865date:2018-05-04T00:00:00
db:BIDid:104098date:2018-05-03T00:00:00
db:JVNDBid:JVNDB-2018-004582date:2018-06-25T00:00:00
db:CNNVDid:CNNVD-201805-177date:2018-05-07T00:00:00
db:NVDid:CVE-2018-8865date:2018-05-04T17:29:00.630