Sign-up

ID

VAR-201808-0576


CVE

CVE-2018-11719


TITLE

plural Xovis In the device XML External entity vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2018-009261

DESCRIPTION

Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow XXE. Xovis PC2 , PC2R and PC3 The device includes XML An external entity vulnerability exists.Information may be obtained. XovisPC2, PC2R and PC3 are sensor devices from Xovis USA. An XML external entity injection vulnerability exists in XovisPC2, PC2R, and PC3 sensors using firmware versions 3.6.0 and earlier, which can be exploited by an attacker to exploit information. An attacker could exploit this vulnerability to disclose information

Trust: 2.25

sources: NVD: CVE-2018-11719 // JVNDB: JVNDB-2018-009261 // CNVD: CNVD-2019-02471 // VULHUB: VHN-121606

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-02471

AFFECTED PRODUCTS

vendor:xovismodel:pc2scope:lteversion:3.6.0

Trust: 1.8

vendor:xovismodel:pc2rscope:lteversion:3.6.0

Trust: 1.8

vendor:xovismodel:pc3scope:lteversion:3.6.0

Trust: 1.8

vendor:xovismodel:pc2scope:lteversion:<=3.6.0

Trust: 0.6

vendor:xovismodel:pc2rscope:lteversion:<=3.6.0

Trust: 0.6

vendor:xovismodel:pc3scope:lteversion:<=3.6.0

Trust: 0.6

vendor:xovismodel:pc3scope:eqversion:3.6.0

Trust: 0.6

vendor:xovismodel:pc2rscope:eqversion:3.6.0

Trust: 0.6

vendor:xovismodel:pc2scope:eqversion:3.6.0

Trust: 0.6

sources: CNVD: CNVD-2019-02471 // JVNDB: JVNDB-2018-009261 // CNNVD: CNNVD-201808-980 // NVD: CVE-2018-11719

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-11719
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-11719
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-02471
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201808-980
value: MEDIUM

Trust: 0.6

VULHUB: VHN-121606
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-11719
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-02471
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-121606
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-11719
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-02471 // VULHUB: VHN-121606 // JVNDB: JVNDB-2018-009261 // CNNVD: CNNVD-201808-980 // NVD: CVE-2018-11719

PROBLEMTYPE DATA

problemtype:CWE-611

Trust: 1.9

sources: VULHUB: VHN-121606 // JVNDB: JVNDB-2018-009261 // NVD: CVE-2018-11719

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-980

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201808-980

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-009261

PATCH
title:Xovis Security Bulletin 2018-002url:https://xovis.com/security/xovis-sec-2018-002.html
Trust: 0.8
title:Patch for XovisPC2, PC2R, and PC3XML external entity injection vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/151097
Trust: 0.6
title:Xovis PC2 , PC2R  and PC3 Repair measures for sensor security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84390
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-02471 // 
            
            
            
            JVNDB: JVNDB-2018-009261 // 
            
            
            
            CNNVD: CNNVD-201808-980

EXTERNAL IDS
db:NVDid:CVE-2018-11719
Trust: 3.1
db:JVNDBid:JVNDB-2018-009261
Trust: 0.8
db:CNNVDid:CNNVD-201808-980
Trust: 0.7
db:CNVDid:CNVD-2019-02471
Trust: 0.6
db:VULHUBid:VHN-121606
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-02471 // 
            
            
            
            VULHUB: VHN-121606 // 
            
            
            
            JVNDB: JVNDB-2018-009261 // 
            
            
            
            CNNVD: CNNVD-201808-980 // 
            
            
            
            NVD: CVE-2018-11719

REFERENCES
url:https://xovis.com/security/xovis-sec-2018-002.html
Trust: 2.3
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11719
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-11719
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-02471 // 
            
            
            
            VULHUB: VHN-121606 // 
            
            
            
            JVNDB: JVNDB-2018-009261 // 
            
            
            
            CNNVD: CNNVD-201808-980 // 
            
            
            
            NVD: CVE-2018-11719

SOURCES
db:CNVDid:CNVD-2019-02471
db:VULHUBid:VHN-121606
db:JVNDBid:JVNDB-2018-009261
db:CNNVDid:CNNVD-201808-980
db:NVDid:CVE-2018-11719

LAST UPDATE DATE
2024-11-23T22:30:18.688000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-02471date:2019-01-22T00:00:00
db:VULHUBid:VHN-121606date:2018-10-22T00:00:00
db:JVNDBid:JVNDB-2018-009261date:2018-11-13T00:00:00
db:CNNVDid:CNNVD-201808-980date:2018-08-31T00:00:00
db:NVDid:CVE-2018-11719date:2024-11-21T03:43:53.623

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-02471date:2019-01-22T00:00:00
db:VULHUBid:VHN-121606date:2018-08-30T00:00:00
db:JVNDBid:JVNDB-2018-009261date:2018-11-13T00:00:00
db:CNNVDid:CNNVD-201808-980date:2018-08-31T00:00:00
db:NVDid:CVE-2018-11719date:2018-08-30T16:29:00.823