Sign-up

ID

VAR-201806-1774


CVE

CVE-2018-4859


TITLE

SIEMENS SCALANCE M875 Command injection vulnerability

Trust: 0.8

sources: IVD: e2f2e1f0-39ab-11e9-91e9-000c29342cb1 // CNVD: CNVD-2018-11399

DESCRIPTION

A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. The vulnerability could allow an attacker to execute arbitrary code on the device. At the time of advisory publication no public exploitation of this security vulnerability was known. SCALANCE M875 Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SCALANCEM Industrial Routers are used for secure remote access to factories via mobile networks, such as GPRS or UMTS, with integrated security features of the firewall to prevent unauthorized access and VPNs to protect data transmission. There is a command injection vulnerability in SIEMENSSCALANCEM875. Siemens SCALANCE M875 is an industrial-grade mobile wireless router product of Siemens

Trust: 2.43

sources: NVD: CVE-2018-4859 // JVNDB: JVNDB-2018-007633 // CNVD: CNVD-2018-11399 // IVD: e2f2e1f0-39ab-11e9-91e9-000c29342cb1 // VULHUB: VHN-134890

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: e2f2e1f0-39ab-11e9-91e9-000c29342cb1 // CNVD: CNVD-2018-11399

AFFECTED PRODUCTS

vendor:siemensmodel:scalance m875scope: - version: -

Trust: 1.2

vendor:siemensmodel:scalance m875scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance m875scope:eqversion: -

Trust: 0.8

vendor:scalance m875model: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2f2e1f0-39ab-11e9-91e9-000c29342cb1 // CNVD: CNVD-2018-11399 // JVNDB: JVNDB-2018-007633 // CNNVD: CNNVD-201806-868 // NVD: CVE-2018-4859

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4859
value: HIGH

Trust: 1.0

NVD: CVE-2018-4859
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-11399
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201806-868
value: HIGH

Trust: 0.6

IVD: e2f2e1f0-39ab-11e9-91e9-000c29342cb1
value: HIGH

Trust: 0.2

VULHUB: VHN-134890
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-4859
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-11399
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2f2e1f0-39ab-11e9-91e9-000c29342cb1
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-134890
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4859
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2f2e1f0-39ab-11e9-91e9-000c29342cb1 // CNVD: CNVD-2018-11399 // VULHUB: VHN-134890 // JVNDB: JVNDB-2018-007633 // CNNVD: CNNVD-201806-868 // NVD: CVE-2018-4859

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-134890 // JVNDB: JVNDB-2018-007633 // NVD: CVE-2018-4859

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-868

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201806-868

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-007633

PATCH
title:SSA-977428url:https://cert-portal.siemens.com/productcert/pdf/ssa-977428.pdf
Trust: 0.8
title:SIEMENSSCALANCEM875 command to inject the patch for the vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/131831
Trust: 0.6
title:Siemens SCALANCE M875 Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80916
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-11399 // 
            
            
            
            JVNDB: JVNDB-2018-007633 // 
            
            
            
            CNNVD: CNNVD-201806-868

EXTERNAL IDS
db:NVDid:CVE-2018-4859
Trust: 3.3
db:SIEMENSid:SSA-977428
Trust: 2.3
db:CNNVDid:CNNVD-201806-868
Trust: 0.9
db:CNVDid:CNVD-2018-11399
Trust: 0.8
db:JVNDBid:JVNDB-2018-007633
Trust: 0.8
db:IVDid:E2F2E1F0-39AB-11E9-91E9-000C29342CB1
Trust: 0.2
db:VULHUBid:VHN-134890
Trust: 0.1
sources:
            
            
            IVD: e2f2e1f0-39ab-11e9-91e9-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-11399 // 
            
            
            
            VULHUB: VHN-134890 // 
            
            
            
            JVNDB: JVNDB-2018-007633 // 
            
            
            
            CNNVD: CNNVD-201806-868 // 
            
            
            
            NVD: CVE-2018-4859

REFERENCES
url:https://cert-portal.siemens.com/productcert/pdf/ssa-977428.pdf
Trust: 2.3
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4859
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-4859
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-11399 // 
            
            
            
            VULHUB: VHN-134890 // 
            
            
            
            JVNDB: JVNDB-2018-007633 // 
            
            
            
            CNNVD: CNNVD-201806-868 // 
            
            
            
            NVD: CVE-2018-4859

SOURCES
db:IVDid:e2f2e1f0-39ab-11e9-91e9-000c29342cb1
db:CNVDid:CNVD-2018-11399
db:VULHUBid:VHN-134890
db:JVNDBid:JVNDB-2018-007633
db:CNNVDid:CNNVD-201806-868
db:NVDid:CVE-2018-4859

LAST UPDATE DATE
2024-11-23T22:00:28.472000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-11399date:2018-06-13T00:00:00
db:VULHUBid:VHN-134890date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-007633date:2018-09-20T00:00:00
db:CNNVDid:CNNVD-201806-868date:2019-10-17T00:00:00
db:NVDid:CVE-2018-4859date:2024-11-21T04:07:36.090

SOURCES RELEASE DATE
db:IVDid:e2f2e1f0-39ab-11e9-91e9-000c29342cb1date:2018-06-13T00:00:00
db:CNVDid:CNVD-2018-11399date:2018-06-13T00:00:00
db:VULHUBid:VHN-134890date:2018-06-26T00:00:00
db:JVNDBid:JVNDB-2018-007633date:2018-09-20T00:00:00
db:CNNVDid:CNNVD-201806-868date:2018-06-13T00:00:00
db:NVDid:CVE-2018-4859date:2018-06-26T18:29:00.917