Sign-up

ID

VAR-201807-0338


CVE

CVE-2018-10607


TITLE

Martem TELEM-GW6/GWM Denial of service vulnerability

Trust: 0.8

sources: IVD: e2f09800-39ab-11e9-bd1b-000c29342cb1 // CNVD: CNVD-2018-10590

DESCRIPTION

Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel. Martem TELEM GW6 and GWM The device firmware contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Martem specializes in providing distribution network monitoring remote control systems, and its customers include distribution companies and industrial and transportation companies with their own power grids. Multiple Martem Products are prone to the following security vulnerabilities. 1. An security bypass vulnerability. 2. A denial-of-service vulnerability. 3. An cross-site scripting vulnerability. Attackers can exploit these issues to bypass certain security restrictions to perform unauthorized actions, steal cookie-based authentication credentials, to execute arbitrary scripts in the context of the web browser. Failed exploit attempts will result in a denial-of-service condition. The following products are affected: GW6 Version 2018.04.18-linux_4-01-601cb47 and prior. GWM Version 2018.04.18-linux_4-01-601cb47 and prior. Both Martem GW6 and GWM are data processor products of Estonian Martem Company

Trust: 2.7

sources: NVD: CVE-2018-10607 // JVNDB: JVNDB-2018-008779 // CNVD: CNVD-2018-10590 // BID: 104286 // IVD: e2f09800-39ab-11e9-bd1b-000c29342cb1 // VULHUB: VHN-120383

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: e2f09800-39ab-11e9-bd1b-000c29342cb1 // CNVD: CNVD-2018-10590

AFFECTED PRODUCTS

vendor:martemmodel:telem-gw6scope:lteversion:2018.04.18-linux_4-01-601cb47

Trust: 1.0

vendor:martemmodel:telem-gwmscope:lteversion:2018.04.18-linux_4-01-601cb47

Trust: 1.0

vendor:martemmodel:telem gw6scope:lteversion:2018.04.18-linux_4-01-601cb47

Trust: 0.8

vendor:martemmodel:telem gwmscope:lteversion:2018.04.18-linux_4-01-601cb47

Trust: 0.8

vendor:martemmodel:gw6 <=2018.04.18-linux 4-01-601cb47scope: - version: -

Trust: 0.6

vendor:martemmodel:gwm <=2018.04.18-linux 4-01-601cb47scope: - version: -

Trust: 0.6

vendor:martemmodel:telem gw6scope:eqversion:2018.04.18-linux_4-01-601cb47

Trust: 0.6

vendor:martemmodel:telem gwmscope:eqversion:2018.04.18-linux_4-01-601cb47

Trust: 0.6

vendor:martemmodel:gwm 2018.04.18-linux 4-0scope: - version: -

Trust: 0.3

vendor:martemmodel:gw6 2018.04.18-linux 4-0scope: - version: -

Trust: 0.3

vendor:telem gwmmodel: - scope:eqversion:*

Trust: 0.2

vendor:telem gw6model: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2f09800-39ab-11e9-bd1b-000c29342cb1 // CNVD: CNVD-2018-10590 // BID: 104286 // JVNDB: JVNDB-2018-008779 // CNNVD: CNNVD-201805-1161 // NVD: CVE-2018-10607

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-10607
value: HIGH

Trust: 1.0

NVD: CVE-2018-10607
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-10590
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201805-1161
value: HIGH

Trust: 0.6

IVD: e2f09800-39ab-11e9-bd1b-000c29342cb1
value: HIGH

Trust: 0.2

VULHUB: VHN-120383
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-10607
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-10590
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2f09800-39ab-11e9-bd1b-000c29342cb1
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-120383
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-10607
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: IVD: e2f09800-39ab-11e9-bd1b-000c29342cb1 // CNVD: CNVD-2018-10590 // VULHUB: VHN-120383 // JVNDB: JVNDB-2018-008779 // CNNVD: CNNVD-201805-1161 // NVD: CVE-2018-10607

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.9

sources: VULHUB: VHN-120383 // JVNDB: JVNDB-2018-008779 // NVD: CVE-2018-10607

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-1161

TYPE

Resource management error

Trust: 0.8

sources: IVD: e2f09800-39ab-11e9-bd1b-000c29342cb1 // CNNVD: CNNVD-201805-1161

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008779

PATCH
title:SA1805184url:https://martem.eu/csa/Martem_CSA_Telem_1805184.pdf
Trust: 0.8
title:Martem GW6  and GWM Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80638
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-008779 // 
            
            
            
            CNNVD: CNNVD-201805-1161

EXTERNAL IDS
db:NVDid:CVE-2018-10607
Trust: 3.6
db:ICS CERTid:ICSA-18-142-01
Trust: 3.4
db:BIDid:104286
Trust: 2.0
db:CNNVDid:CNNVD-201805-1161
Trust: 0.9
db:CNVDid:CNVD-2018-10590
Trust: 0.8
db:JVNDBid:JVNDB-2018-008779
Trust: 0.8
db:IVDid:E2F09800-39AB-11E9-BD1B-000C29342CB1
Trust: 0.2
db:VULHUBid:VHN-120383
Trust: 0.1
sources:
            
            
            IVD: e2f09800-39ab-11e9-bd1b-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-10590 // 
            
            
            
            VULHUB: VHN-120383 // 
            
            
            
            BID: 104286 // 
            
            
            
            JVNDB: JVNDB-2018-008779 // 
            
            
            
            CNNVD: CNNVD-201805-1161 // 
            
            
            
            NVD: CVE-2018-10607

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-142-01
Trust: 3.4
url:http://martem.eu/csa/martem_csa_telem_1805184.pdf
Trust: 2.0
url:http://www.securityfocus.com/bid/104286
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10607
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-10607
Trust: 0.8
url:http://martem.ee/
Trust: 0.3
url:http://martem.eu/csa/martem_csa_telem_1805182.pdf
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-10590 // 
            
            
            
            VULHUB: VHN-120383 // 
            
            
            
            BID: 104286 // 
            
            
            
            JVNDB: JVNDB-2018-008779 // 
            
            
            
            CNNVD: CNNVD-201805-1161 // 
            
            
            
            NVD: CVE-2018-10607

CREDITS
Latvia,Bernhards Blumbergs and Arturs Danilevics of CERT.LV
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201805-1161

SOURCES
db:IVDid:e2f09800-39ab-11e9-bd1b-000c29342cb1
db:CNVDid:CNVD-2018-10590
db:VULHUBid:VHN-120383
db:BIDid:104286
db:JVNDBid:JVNDB-2018-008779
db:CNNVDid:CNNVD-201805-1161
db:NVDid:CVE-2018-10607

LAST UPDATE DATE
2024-11-23T22:12:28.708000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-10590date:2018-05-30T00:00:00
db:VULHUBid:VHN-120383date:2019-10-09T00:00:00
db:BIDid:104286date:2018-05-22T00:00:00
db:JVNDBid:JVNDB-2018-008779date:2018-10-29T00:00:00
db:CNNVDid:CNNVD-201805-1161date:2019-10-17T00:00:00
db:NVDid:CVE-2018-10607date:2024-11-21T03:41:39.253

SOURCES RELEASE DATE
db:IVDid:e2f09800-39ab-11e9-bd1b-000c29342cb1date:2018-05-30T00:00:00
db:CNVDid:CNVD-2018-10590date:2018-05-30T00:00:00
db:VULHUBid:VHN-120383date:2018-07-31T00:00:00
db:BIDid:104286date:2018-05-22T00:00:00
db:JVNDBid:JVNDB-2018-008779date:2018-10-29T00:00:00
db:CNNVDid:CNNVD-201805-1161date:2018-06-05T00:00:00
db:NVDid:CVE-2018-10607date:2018-07-31T17:29:00.327