Sign-up

ID

VAR-201806-1775


CVE

CVE-2018-4860


TITLE

SCALANCE M875 In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-007634

DESCRIPTION

A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. The vulnerability could allow an attacker to execute arbitrary code on the device. At the time of advisory publication no public exploitation of this security vulnerability was known. SCALANCE M875 Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SCALANCEM Industrial Routers are used for secure remote access to factories via mobile networks, such as GPRS or UMTS, with integrated security features of the firewall to prevent unauthorized access and VPNs to protect data transmission. There is a command injection vulnerability in SIEMENSSCALANCEM875. Siemens SCALANCE M875 is an industrial-grade mobile wireless router product of Siemens

Trust: 2.43

sources: NVD: CVE-2018-4860 // JVNDB: JVNDB-2018-007634 // CNVD: CNVD-2018-11398 // IVD: e2f2e1f1-39ab-11e9-a254-000c29342cb1 // VULHUB: VHN-134891

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: e2f2e1f1-39ab-11e9-a254-000c29342cb1 // CNVD: CNVD-2018-11398

AFFECTED PRODUCTS

vendor:siemensmodel:scalance m875scope: - version: -

Trust: 1.2

vendor:siemensmodel:scalance m875scope:eqversion:*

Trust: 1.0

vendor:siemensmodel:scalance m875scope:eqversion: -

Trust: 0.8

vendor:scalance m875model: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2f2e1f1-39ab-11e9-a254-000c29342cb1 // CNVD: CNVD-2018-11398 // JVNDB: JVNDB-2018-007634 // CNNVD: CNNVD-201806-869 // NVD: CVE-2018-4860

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4860
value: HIGH

Trust: 1.0

NVD: CVE-2018-4860
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-11398
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201806-869
value: HIGH

Trust: 0.6

IVD: e2f2e1f1-39ab-11e9-a254-000c29342cb1
value: HIGH

Trust: 0.2

VULHUB: VHN-134891
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-4860
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-11398
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2f2e1f1-39ab-11e9-a254-000c29342cb1
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-134891
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4860
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2f2e1f1-39ab-11e9-a254-000c29342cb1 // CNVD: CNVD-2018-11398 // VULHUB: VHN-134891 // JVNDB: JVNDB-2018-007634 // CNNVD: CNNVD-201806-869 // NVD: CVE-2018-4860

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-134891 // JVNDB: JVNDB-2018-007634 // NVD: CVE-2018-4860

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-869

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201806-869

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-007634

PATCH
title:SSA-977428url:https://cert-portal.siemens.com/productcert/pdf/ssa-977428.pdf
Trust: 0.8
title:Patch for SIEMENSSCALANCEM875 Command Injection Vulnerability (CNVD-2018-11398)url:https://www.cnvd.org.cn/patchInfo/show/131833
Trust: 0.6
title:Siemens SCALANCE M875 Command injection vulnerability Repair measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80917
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-11398 // 
            
            
            
            JVNDB: JVNDB-2018-007634 // 
            
            
            
            CNNVD: CNNVD-201806-869

EXTERNAL IDS
db:NVDid:CVE-2018-4860
Trust: 3.3
db:SIEMENSid:SSA-977428
Trust: 2.3
db:CNNVDid:CNNVD-201806-869
Trust: 0.9
db:CNVDid:CNVD-2018-11398
Trust: 0.8
db:JVNDBid:JVNDB-2018-007634
Trust: 0.8
db:IVDid:E2F2E1F1-39AB-11E9-A254-000C29342CB1
Trust: 0.2
db:VULHUBid:VHN-134891
Trust: 0.1
sources:
            
            
            IVD: e2f2e1f1-39ab-11e9-a254-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-11398 // 
            
            
            
            VULHUB: VHN-134891 // 
            
            
            
            JVNDB: JVNDB-2018-007634 // 
            
            
            
            CNNVD: CNNVD-201806-869 // 
            
            
            
            NVD: CVE-2018-4860

REFERENCES
url:https://cert-portal.siemens.com/productcert/pdf/ssa-977428.pdf
Trust: 2.3
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4860
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-4860
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-11398 // 
            
            
            
            VULHUB: VHN-134891 // 
            
            
            
            JVNDB: JVNDB-2018-007634 // 
            
            
            
            CNNVD: CNNVD-201806-869 // 
            
            
            
            NVD: CVE-2018-4860

SOURCES
db:IVDid:e2f2e1f1-39ab-11e9-a254-000c29342cb1
db:CNVDid:CNVD-2018-11398
db:VULHUBid:VHN-134891
db:JVNDBid:JVNDB-2018-007634
db:CNNVDid:CNNVD-201806-869
db:NVDid:CVE-2018-4860

LAST UPDATE DATE
2024-11-23T22:00:28.516000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-11398date:2018-06-13T00:00:00
db:VULHUBid:VHN-134891date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-007634date:2018-09-20T00:00:00
db:CNNVDid:CNNVD-201806-869date:2019-10-17T00:00:00
db:NVDid:CVE-2018-4860date:2024-11-21T04:07:36.213

SOURCES RELEASE DATE
db:IVDid:e2f2e1f1-39ab-11e9-a254-000c29342cb1date:2018-06-13T00:00:00
db:CNVDid:CNVD-2018-11398date:2018-06-13T00:00:00
db:VULHUBid:VHN-134891date:2018-06-26T00:00:00
db:JVNDBid:JVNDB-2018-007634date:2018-09-20T00:00:00
db:CNNVDid:CNNVD-201806-869date:2018-06-13T00:00:00
db:NVDid:CVE-2018-4860date:2018-06-26T18:29:00.980