Sign-up

ID

VAR-201805-1045


CVE

CVE-2018-6021


TITLE

Silex SD-320AN and GE MobileLink In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-004825

DESCRIPTION

Silex SD-320AN version 2.01 and prior and GE MobileLink(GEH-SD-320AN) version GEH-1.1 and prior have a system call parameter that is not properly sanitized, which may allow remote code execution. Silex SD-320AN and GE MobileLink (GEH-SD-320AN) Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Silex SD-320AN is a serial device server from Japan's Silex Technology Corporation. GE MobileLink (GEH-SD-320AN) is a set of electrocardiogram analysis system of General Electric (GE). A remote attacker could use this vulnerability to execute code. The vulnerability stems from the fact that the program does not have correct filtering system call parameters

Trust: 2.25

sources: NVD: CVE-2018-6021 // JVNDB: JVNDB-2018-004825 // CNVD: CNVD-2018-09554 // VULHUB: VHN-136053

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-09554

AFFECTED PRODUCTS

vendor:silextechnologymodel:geh-sd-320anscope:lteversion:geh-1.1

Trust: 1.0

vendor:silextechnologymodel:sd-320anscope:lteversion:2.01

Trust: 1.0

vendor:silexmodel:geh-sd-320anscope:lteversion:1.1

Trust: 0.8

vendor:silexmodel:sd-320anscope:lteversion:2.01

Trust: 0.8

vendor:silexmodel:sd-320anscope:lteversion:<=2.01

Trust: 0.6

vendor:gemodel:mobilelink <=geh-1.1scope: - version: -

Trust: 0.6

vendor:silextechnologymodel:sd-320anscope:eqversion:2.01

Trust: 0.6

vendor:silextechnologymodel:geh-sd-320anscope:eqversion:geh-1.1

Trust: 0.6

sources: CNVD: CNVD-2018-09554 // JVNDB: JVNDB-2018-004825 // CNNVD: CNNVD-201805-233 // NVD: CVE-2018-6021

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-6021
value: HIGH

Trust: 1.0

NVD: CVE-2018-6021
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-09554
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201805-233
value: MEDIUM

Trust: 0.6

VULHUB: VHN-136053
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-6021
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-09554
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-136053
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-6021
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.1
impactScore: 3.7
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-09554 // VULHUB: VHN-136053 // JVNDB: JVNDB-2018-004825 // CNNVD: CNNVD-201805-233 // NVD: CVE-2018-6021

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-136053 // JVNDB: JVNDB-2018-004825 // NVD: CVE-2018-6021

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-233

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201805-233

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004825

PATCH
title:トップページurl:http://www.silex.jp/
Trust: 0.8
title:Patch for Silex SD-320AN and GE MobileLink Remote Code Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/129203
Trust: 0.6
title:Silex SD-320AN  and GE MobileLink Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79912
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-09554 // 
            
            
            
            JVNDB: JVNDB-2018-004825 // 
            
            
            
            CNNVD: CNNVD-201805-233

EXTERNAL IDS
db:ICS CERTid:ICSMA-18-128-01
Trust: 3.1
db:NVDid:CVE-2018-6021
Trust: 3.1
db:JVNDBid:JVNDB-2018-004825
Trust: 0.8
db:CNNVDid:CNNVD-201805-233
Trust: 0.7
db:CNVDid:CNVD-2018-09554
Trust: 0.6
db:VULHUBid:VHN-136053
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-09554 // 
            
            
            
            VULHUB: VHN-136053 // 
            
            
            
            JVNDB: JVNDB-2018-004825 // 
            
            
            
            CNNVD: CNNVD-201805-233 // 
            
            
            
            NVD: CVE-2018-6021

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsma-18-128-01
Trust: 3.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6021
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-6021
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-09554 // 
            
            
            
            VULHUB: VHN-136053 // 
            
            
            
            JVNDB: JVNDB-2018-004825 // 
            
            
            
            CNNVD: CNNVD-201805-233 // 
            
            
            
            NVD: CVE-2018-6021

SOURCES
db:CNVDid:CNVD-2018-09554
db:VULHUBid:VHN-136053
db:JVNDBid:JVNDB-2018-004825
db:CNNVDid:CNNVD-201805-233
db:NVDid:CVE-2018-6021

LAST UPDATE DATE
2024-11-23T22:41:50.585000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-09554date:2018-05-16T00:00:00
db:VULHUBid:VHN-136053date:2018-06-13T00:00:00
db:JVNDBid:JVNDB-2018-004825date:2018-06-28T00:00:00
db:CNNVDid:CNNVD-201805-233date:2018-05-15T00:00:00
db:NVDid:CVE-2018-6021date:2024-11-21T04:09:54.730

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-09554date:2018-05-11T00:00:00
db:VULHUBid:VHN-136053date:2018-05-09T00:00:00
db:JVNDBid:JVNDB-2018-004825date:2018-06-28T00:00:00
db:CNNVDid:CNNVD-201805-233date:2018-05-10T00:00:00
db:NVDid:CVE-2018-6021date:2018-05-09T21:29:00.277