Sign-up

ID

VAR-201805-1129


CVE

CVE-2018-8714


TITLE

MatrikonOPC Explorer File transfer vulnerability

Trust: 0.8

sources: IVD: e2ef5f80-39ab-11e9-9c2f-000c29342cb1 // CNVD: CNVD-2018-09680

DESCRIPTION

Honeywell MatrikonOPC OPC Controller before 5.1.0.0 allows local users to transfer arbitrary files from a host computer and consequently obtain sensitive information via vectors related to MSXML libraries. Honeywell MatrikonOPC OPC Controller Contains an information disclosure vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. MatrikonOPC Explorer is a free tool for viewing data items contained in OPC servers and detecting OPC network communications. A file transfer vulnerability exists in MatrikonOPC Explorer that allows an attacker to transfer unauthorized files from the host system. MatrikonOPC Explorer is prone to local security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks

Trust: 2.61

sources: NVD: CVE-2018-8714 // JVNDB: JVNDB-2018-005406 // CNVD: CNVD-2018-09680 // BID: 104157 // IVD: e2ef5f80-39ab-11e9-9c2f-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2ef5f80-39ab-11e9-9c2f-000c29342cb1 // CNVD: CNVD-2018-09680

AFFECTED PRODUCTS

vendor:honeywellmodel:matrikonopc explorerscope:ltversion:5.1.0.0

Trust: 1.8

vendor:matrikonopcmodel:explorerscope:lteversion:<=5.0

Trust: 0.6

vendor:matrikonopcmodel:explorerscope:eqversion:5.0

Trust: 0.3

vendor:matrikonopcmodel:explorerscope:neversion:5.1.0.0

Trust: 0.3

vendor:matrikonopc explorermodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2ef5f80-39ab-11e9-9c2f-000c29342cb1 // CNVD: CNVD-2018-09680 // BID: 104157 // JVNDB: JVNDB-2018-005406 // NVD: CVE-2018-8714

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-8714
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-8714
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-09680
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201805-510
value: LOW

Trust: 0.6

IVD: e2ef5f80-39ab-11e9-9c2f-000c29342cb1
value: LOW

Trust: 0.2

nvd@nist.gov: CVE-2018-8714
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-09680
severity: MEDIUM
baseScore: 5.6
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2ef5f80-39ab-11e9-9c2f-000c29342cb1
severity: MEDIUM
baseScore: 5.6
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-8714
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 1.8
impactScore: 4.2
version: 3.0

Trust: 1.8

sources: IVD: e2ef5f80-39ab-11e9-9c2f-000c29342cb1 // CNVD: CNVD-2018-09680 // JVNDB: JVNDB-2018-005406 // CNNVD: CNNVD-201805-510 // NVD: CVE-2018-8714

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2018-005406 // NVD: CVE-2018-8714

THREAT TYPE

local

Trust: 0.9

sources: BID: 104157 // CNNVD: CNNVD-201805-510

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201805-510

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-005406

PATCH
title:SECURITY NOTIFICATION - OPC Explorer - SN 2017-04-27 01url:https://www.opcsupport.com/s/article/SECURITY-NOTIFICATION-OPC-Explorer-SN-2017-04-27-01
Trust: 0.8
title:Patch for MatrikonOPC Explorer File Transfer Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/129347
Trust: 0.6
title:Honeywell MatrikonOPC OPC Controller Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83444
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-09680 // 
            
            
            
            JVNDB: JVNDB-2018-005406 // 
            
            
            
            CNNVD: CNNVD-201805-510

EXTERNAL IDS
db:NVDid:CVE-2018-8714
Trust: 3.5
db:ICS CERTid:ICSA-18-130-01
Trust: 3.3
db:BIDid:104157
Trust: 1.9
db:CNVDid:CNVD-2018-09680
Trust: 0.8
db:CNNVDid:CNNVD-201805-510
Trust: 0.8
db:JVNDBid:JVNDB-2018-005406
Trust: 0.8
db:IVDid:E2EF5F80-39AB-11E9-9C2F-000C29342CB1
Trust: 0.2
sources:
            
            
            IVD: e2ef5f80-39ab-11e9-9c2f-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-09680 // 
            
            
            
            BID: 104157 // 
            
            
            
            JVNDB: JVNDB-2018-005406 // 
            
            
            
            CNNVD: CNNVD-201805-510 // 
            
            
            
            NVD: CVE-2018-8714

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-130-01
Trust: 3.3
url:http://www.securityfocus.com/bid/104157
Trust: 1.6
url:https://www.opcsupport.com/s/article/security-notification-opc-explorer-sn-2017-04-27-01
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8714
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-8714
Trust: 0.8
url:http://www.matrikonopc.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-09680 // 
            
            
            
            BID: 104157 // 
            
            
            
            JVNDB: JVNDB-2018-005406 // 
            
            
            
            CNNVD: CNNVD-201805-510 // 
            
            
            
            NVD: CVE-2018-8714

CREDITS
Ilya Kapov of Positive Technologies
Trust: 0.3
sources:
            
            
            BID: 104157

SOURCES
db:IVDid:e2ef5f80-39ab-11e9-9c2f-000c29342cb1
db:CNVDid:CNVD-2018-09680
db:BIDid:104157
db:JVNDBid:JVNDB-2018-005406
db:CNNVDid:CNNVD-201805-510
db:NVDid:CVE-2018-8714

LAST UPDATE DATE
2024-11-23T22:52:04.922000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-09680date:2018-05-17T00:00:00
db:BIDid:104157date:2018-05-10T00:00:00
db:JVNDBid:JVNDB-2018-005406date:2018-07-13T00:00:00
db:CNNVDid:CNNVD-201805-510date:2018-07-06T00:00:00
db:NVDid:CVE-2018-8714date:2024-11-21T04:14:11.307

SOURCES RELEASE DATE
db:IVDid:e2ef5f80-39ab-11e9-9c2f-000c29342cb1date:2018-05-17T00:00:00
db:CNVDid:CNVD-2018-09680date:2018-05-17T00:00:00
db:BIDid:104157date:2018-05-10T00:00:00
db:JVNDBid:JVNDB-2018-005406date:2018-07-13T00:00:00
db:CNNVDid:CNNVD-201805-510date:2018-05-17T00:00:00
db:NVDid:CVE-2018-8714date:2018-05-17T19:29:00.837