Details of VAR-201807-1852

ID

VAR-201807-1852

CVE

CVE-2018-7779

TITLE

plural Schneider Electric Vulnerabilities related to authorization, authority, and access control in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-007799

DESCRIPTION

In Schneider Electric Wiser for KNX V2.1.0 and prior, homeLYnk V2.0.1 and prior; and spaceLYnk V2.1.0 and prior, weak and unprotected FTP access could allow an attacker unauthorized access. Schneider Electric Wiser for KNX, homeLYnk and spaceLYnk are all automated programming software for different logic controllers from Schneider Electric, France. An attacker could exploit this vulnerability to gain unauthorized access

Trust: 2.43

sources: NVD: CVE-2018-7779 // JVNDB: JVNDB-2018-007799 // CNVD: CNVD-2019-05106 // IVD: 7d862ca2-463f-11e9-ba0b-000c29342cb1 // VULHUB: VHN-137811

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 7d862ca2-463f-11e9-ba0b-000c29342cb1 // CNVD: CNVD-2019-05106

AFFECTED PRODUCTS

vendor:	schneider electric	model:	homelynk	scope:	lte	version:	2.0.1	Trust: 1.0
vendor:	schneider electric	model:	wiser for knx	scope:	lte	version:	2.1.0	Trust: 1.0
vendor:	schneider electric	model:	spacelynk	scope:	lte	version:	2.1.0	Trust: 1.0
vendor:	schneider electric	model:	homelynk	scope:	lt	version:	2.0.1	Trust: 0.8
vendor:	schneider electric	model:	spacelynk	scope:	lt	version:	2.1.0	Trust: 0.8
vendor:	schneider electric	model:	wiser for knx	scope:	lt	version:	2.1.0	Trust: 0.8
vendor:	schneider	model:	electric wiser for knx	scope:	lte	version:	<=2.1.0	Trust: 0.6
vendor:	schneider electric	model:	homelynk	scope:	lte	version:	<=2.0.1	Trust: 0.6
vendor:	schneider electric	model:	spacelynk	scope:	lte	version:	<=2.1.0	Trust: 0.6
vendor:	schneider electric	model:	wiser for knx	scope:	eq	version:	2.1.0	Trust: 0.6
vendor:	schneider electric	model:	spacelynk	scope:	eq	version:	2.1.0	Trust: 0.6
vendor:	schneider electric	model:	homelynk	scope:	eq	version:	2.0.1	Trust: 0.6
vendor:	homelynk	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	spacelynk	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	wiser for knx	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 7d862ca2-463f-11e9-ba0b-000c29342cb1 // CNVD: CNVD-2019-05106 // JVNDB: JVNDB-2018-007799 // CNNVD: CNNVD-201807-147 // NVD: CVE-2018-7779

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7779
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-7779
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-05106
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201807-147
value:	HIGH
Trust: 0.6
IVD:	7d862ca2-463f-11e9-ba0b-000c29342cb1
value:	HIGH
Trust: 0.2
VULHUB:	VHN-137811
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-7779
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-05106
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	7d862ca2-463f-11e9-ba0b-000c29342cb1
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-137811
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-7779
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: IVD: 7d862ca2-463f-11e9-ba0b-000c29342cb1 // CNVD: CNVD-2019-05106 // VULHUB: VHN-137811 // JVNDB: JVNDB-2018-007799 // CNNVD: CNNVD-201807-147 // NVD: CVE-2018-7779

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-264	Trust: 0.9
problemtype:	CWE-668	Trust: 0.1

sources: VULHUB: VHN-137811 // JVNDB: JVNDB-2018-007799 // NVD: CVE-2018-7779

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-147

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201807-147

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-007799

PATCH

title:	SEVD-2018-109-02	url:	https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-109-02+Wiser+For+KNX.pdf&p_Doc_Ref=SEVD-2018-109-02	Trust: 0.8
title:	Schneider Electric Wiser for KNX, homeLYnk, and spaceLYnk Unauthorized Access Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/154309	Trust: 0.6
title:	Schneider Electric Wiser for KNX , homeLYnk and spaceLYnk Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81716	Trust: 0.6

sources: CNVD: CNVD-2019-05106 // JVNDB: JVNDB-2018-007799 // CNNVD: CNNVD-201807-147

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7779	Trust: 3.3
db:	SCHNEIDER	id:	SEVD-2018-109-02	Trust: 2.3
db:	CNNVD	id:	CNNVD-201807-147	Trust: 0.9
db:	CNVD	id:	CNVD-2019-05106	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-007799	Trust: 0.8
db:	IVD	id:	7D862CA2-463F-11E9-BA0B-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-137811	Trust: 0.1

sources: IVD: 7d862ca2-463f-11e9-ba0b-000c29342cb1 // CNVD: CNVD-2019-05106 // VULHUB: VHN-137811 // JVNDB: JVNDB-2018-007799 // CNNVD: CNNVD-201807-147 // NVD: CVE-2018-7779

REFERENCES

url:	https://www.schneider-electric.com/en/download/document/sevd-2018-109-02/	Trust: 2.3
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7779	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7779	Trust: 0.8

sources: CNVD: CNVD-2019-05106 // VULHUB: VHN-137811 // JVNDB: JVNDB-2018-007799 // CNNVD: CNNVD-201807-147 // NVD: CVE-2018-7779

SOURCES

db:	IVD	id:	7d862ca2-463f-11e9-ba0b-000c29342cb1
db:	CNVD	id:	CNVD-2019-05106
db:	VULHUB	id:	VHN-137811
db:	JVNDB	id:	JVNDB-2018-007799
db:	CNNVD	id:	CNNVD-201807-147
db:	NVD	id:	CVE-2018-7779

LAST UPDATE DATE

2024-11-23T22:52:01.307000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-05106	date:	2019-02-24T00:00:00
db:	VULHUB	id:	VHN-137811	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-007799	date:	2018-09-27T00:00:00
db:	CNNVD	id:	CNNVD-201807-147	date:	2020-10-22T00:00:00
db:	NVD	id:	CVE-2018-7779	date:	2024-11-21T04:12:43.100

SOURCES RELEASE DATE

db:	IVD	id:	7d862ca2-463f-11e9-ba0b-000c29342cb1	date:	2019-02-24T00:00:00
db:	CNVD	id:	CNVD-2019-05106	date:	2019-02-22T00:00:00
db:	VULHUB	id:	VHN-137811	date:	2018-07-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-007799	date:	2018-09-27T00:00:00
db:	CNNVD	id:	CNNVD-201807-147	date:	2018-07-04T00:00:00
db:	NVD	id:	CVE-2018-7779	date:	2018-07-03T14:29:01.257