Sign-up

ID

VAR-201809-0148


CVE

CVE-2018-14796


TITLE

Tec4Data SmartCooler Vulnerabilities related to lack of authentication for critical functions

Trust: 0.8

sources: JVNDB: JVNDB-2018-010849

DESCRIPTION

Tec4Data SmartCooler, all versions prior to firmware 180806, the device responds to a remote unauthenticated reboot command that may be used to perform a denial of service attack. Tec4Data SmartCooler Is vulnerable to a lack of authentication for critical functions.Service operation interruption (DoS) There is a possibility of being put into a state. The Tec4DataSmartCooler is a refrigeration unit from Tec4Data, Austria. Tec4Data SmartCooler is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Tec4Data SmartCooler versions prior to firmware 180806 are vulnerable

Trust: 2.52

sources: NVD: CVE-2018-14796 // JVNDB: JVNDB-2018-010849 // CNVD: CNVD-2018-19740 // BID: 108101 // VULHUB: VHN-124991

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-19740

AFFECTED PRODUCTS

vendor:tec4datamodel:smartcoolerscope:ltversion:180806

Trust: 1.8

vendor:tec4datamodel:smartcoolerscope: - version: -

Trust: 0.6

vendor:tec4datamodel:smartcoolerscope:eqversion: -

Trust: 0.6

vendor:tec4datamodel:smartcoolerscope:eqversion:0

Trust: 0.3

vendor:tec4datamodel:smartcoolerscope:neversion:180806

Trust: 0.3

sources: CNVD: CNVD-2018-19740 // BID: 108101 // JVNDB: JVNDB-2018-010849 // CNNVD: CNNVD-201809-951 // NVD: CVE-2018-14796

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-14796
value: HIGH

Trust: 1.0

NVD: CVE-2018-14796
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-19740
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201809-951
value: HIGH

Trust: 0.6

VULHUB: VHN-124991
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-14796
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-19740
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-124991
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-14796
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-19740 // VULHUB: VHN-124991 // JVNDB: JVNDB-2018-010849 // CNNVD: CNNVD-201809-951 // NVD: CVE-2018-14796

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.9

sources: VULHUB: VHN-124991 // JVNDB: JVNDB-2018-010849 // NVD: CVE-2018-14796

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-951

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201809-951

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-010849

PATCH
title:Top Pageurl:http://www.tec4data.com/en/
Trust: 0.8
title:Tec4DataSmartCooler denial of service vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/140961
Trust: 0.6
title:Tec4Data SmartCooler Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85066
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-19740 // 
            
            
            
            JVNDB: JVNDB-2018-010849 // 
            
            
            
            CNNVD: CNNVD-201809-951

EXTERNAL IDS
db:ICS CERTid:ICSA-18-263-01
Trust: 3.4
db:NVDid:CVE-2018-14796
Trust: 3.4
db:JVNDBid:JVNDB-2018-010849
Trust: 0.8
db:CNNVDid:CNNVD-201809-951
Trust: 0.7
db:CNVDid:CNVD-2018-19740
Trust: 0.6
db:BIDid:108101
Trust: 0.3
db:SEEBUGid:SSVID-98892
Trust: 0.1
db:VULHUBid:VHN-124991
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-19740 // 
            
            
            
            VULHUB: VHN-124991 // 
            
            
            
            BID: 108101 // 
            
            
            
            JVNDB: JVNDB-2018-010849 // 
            
            
            
            CNNVD: CNNVD-201809-951 // 
            
            
            
            NVD: CVE-2018-14796

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-263-01
Trust: 3.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14796
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-14796
Trust: 0.8
url:http://www.tec4data.com/en/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-19740 // 
            
            
            
            VULHUB: VHN-124991 // 
            
            
            
            BID: 108101 // 
            
            
            
            JVNDB: JVNDB-2018-010849 // 
            
            
            
            CNNVD: CNNVD-201809-951 // 
            
            
            
            NVD: CVE-2018-14796

CREDITS
Ankit Anubhav of NewSky Security
Trust: 0.3
sources:
            
            
            BID: 108101

SOURCES
db:CNVDid:CNVD-2018-19740
db:VULHUBid:VHN-124991
db:BIDid:108101
db:JVNDBid:JVNDB-2018-010849
db:CNNVDid:CNNVD-201809-951
db:NVDid:CVE-2018-14796

LAST UPDATE DATE
2024-11-23T23:02:01.562000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-19740date:2018-09-26T00:00:00
db:VULHUBid:VHN-124991date:2019-10-09T00:00:00
db:BIDid:108101date:2018-09-20T00:00:00
db:JVNDBid:JVNDB-2018-010849date:2018-12-26T00:00:00
db:CNNVDid:CNNVD-201809-951date:2019-10-17T00:00:00
db:NVDid:CVE-2018-14796date:2024-11-21T03:49:48.773

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-19740date:2018-09-25T00:00:00
db:VULHUBid:VHN-124991date:2018-09-20T00:00:00
db:BIDid:108101date:2018-09-20T00:00:00
db:JVNDBid:JVNDB-2018-010849date:2018-12-26T00:00:00
db:CNNVDid:CNNVD-201809-951date:2018-09-21T00:00:00
db:NVDid:CVE-2018-14796date:2018-09-20T19:29:00.360