Details of VAR-201810-0385

ID

VAR-201810-0385

CVE

CVE-2018-14790

TITLE

Fuji Electric FRENIC LOADER Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-011277

DESCRIPTION

Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. A buffer over-read vulnerability may allow remote code execution on the device. Fuji Electric FRENIC LOADER Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FujiElectricFRENICLoader and others are inverters of Fuji Electric Corporation of Japan. Multiple Fuji Electric FRENIC Devices are prone to multiple security vulnerabilities. An attacker can exploit these issues to execute arbitrary code in the context of the application, or obtain sensitive information. The following products and versions are affected: Fuji Electric FRENIC Loader version 3.3; FRENIC-Mini (C1) version 7.3.4.1a; FRENIC-Mini (C2) version 7.3.4.1a; FRENIC-Eco version 7.3.4.1a; FRENIC-Multi Version 7.3.4.1a; FRENIC-MEGA Version 7.3.4.1a; FRENIC-AceA Version 7.3.4.1a

Trust: 2.61

sources: NVD: CVE-2018-14790 // JVNDB: JVNDB-2018-011277 // CNVD: CNVD-2019-03309 // BID: 105408 // VULHUB: VHN-124985 // VULMON: CVE-2018-14790

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-03309

AFFECTED PRODUCTS

vendor:	fujielectric	model:	frenic loader 3.3	scope:	eq	version:	7.3.4.1a	Trust: 1.6
vendor:	fuji	model:	electric frenic-mini 7.3.4.1a	scope:	-	version:	-	Trust: 1.2
vendor:	fuji	model:	electric frenic loader	scope:	eq	version:	3.3	Trust: 0.9
vendor:	fuji electric	model:	frenic loader 3.3	scope:	eq	version:	7.3.4.1a	Trust: 0.8
vendor:	fuji	model:	electric frenic-eco 7.3.4.1a	scope:	-	version:	-	Trust: 0.6
vendor:	fuji	model:	electric frenic-multi 7.3.4.1a	scope:	-	version:	-	Trust: 0.6
vendor:	fuji	model:	electric frenic-mega 7.3.4.1a	scope:	-	version:	-	Trust: 0.6
vendor:	fuji	model:	electric frenic-acea 7.3.4.1a	scope:	-	version:	-	Trust: 0.6
vendor:	fuji	model:	electric frenic-mini	scope:	eq	version:	0	Trust: 0.6
vendor:	fuji	model:	electric frenic-multi	scope:	eq	version:	0	Trust: 0.3
vendor:	fuji	model:	electric frenic-mega	scope:	eq	version:	0	Trust: 0.3
vendor:	fuji	model:	electric frenic-eco	scope:	eq	version:	0	Trust: 0.3
vendor:	fuji	model:	electric frenic-ace	scope:	eq	version:	0	Trust: 0.3
vendor:	fuji	model:	electric frenic loader 7.3.4.1a	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2019-03309 // BID: 105408 // JVNDB: JVNDB-2018-011277 // CNNVD: CNNVD-201809-1244 // NVD: CVE-2018-14790

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-14790
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-14790
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2019-03309
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201809-1244
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-124985
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-14790
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-14790
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-03309
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-124985
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-14790
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-03309 // VULHUB: VHN-124985 // VULMON: CVE-2018-14790 // JVNDB: JVNDB-2018-011277 // CNNVD: CNNVD-201809-1244 // NVD: CVE-2018-14790

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.1
problemtype:	CWE-126	Trust: 1.0
problemtype:	CWE-119	Trust: 0.9

sources: VULHUB: VHN-124985 // JVNDB: JVNDB-2018-011277 // NVD: CVE-2018-14790

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-1244

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201809-1244

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011277

PATCH

title:

Top Page

url:

https://www.fujielectric.com/index.html

Trust: 0.8

sources: JVNDB: JVNDB-2018-011277

EXTERNAL IDS

db:	NVD	id:	CVE-2018-14790	Trust: 3.5
db:	ICS CERT	id:	ICSA-18-270-03	Trust: 2.9
db:	BID	id:	105408	Trust: 2.7
db:	JVNDB	id:	JVNDB-2018-011277	Trust: 0.8
db:	CNNVD	id:	CNNVD-201809-1244	Trust: 0.7
db:	BID	id:	105406	Trust: 0.6
db:	CNVD	id:	CNVD-2019-03309	Trust: 0.6
db:	VULHUB	id:	VHN-124985	Trust: 0.1
db:	VULMON	id:	CVE-2018-14790	Trust: 0.1

sources: CNVD: CNVD-2019-03309 // VULHUB: VHN-124985 // VULMON: CVE-2018-14790 // BID: 105408 // JVNDB: JVNDB-2018-011277 // CNNVD: CNNVD-201809-1244 // NVD: CVE-2018-14790

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-270-03	Trust: 3.0
url:	http://www.securityfocus.com/bid/105408	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14790	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14790	Trust: 0.8
url:	https://www.securityfocus.com/bid/105406	Trust: 0.6
url:	http://www.fujielectric.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/125.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

CREDITS

Michael Flanders and Ghirmay Desta working with Trend Micro??s Zero Day Initiative

Trust: 0.3

sources: BID: 105408

SOURCES

db:	CNVD	id:	CNVD-2019-03309
db:	VULHUB	id:	VHN-124985
db:	VULMON	id:	CVE-2018-14790
db:	BID	id:	105408
db:	JVNDB	id:	JVNDB-2018-011277
db:	CNNVD	id:	CNNVD-201809-1244
db:	NVD	id:	CVE-2018-14790

LAST UPDATE DATE

2024-11-23T21:38:15.982000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-03309	date:	2019-01-30T00:00:00
db:	VULHUB	id:	VHN-124985	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2018-14790	date:	2019-10-09T00:00:00
db:	BID	id:	105408	date:	2018-09-27T00:00:00
db:	JVNDB	id:	JVNDB-2018-011277	date:	2019-01-09T00:00:00
db:	CNNVD	id:	CNNVD-201809-1244	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-14790	date:	2024-11-21T03:49:47.973

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-03309	date:	2019-01-30T00:00:00
db:	VULHUB	id:	VHN-124985	date:	2018-10-01T00:00:00
db:	VULMON	id:	CVE-2018-14790	date:	2018-10-01T00:00:00
db:	BID	id:	105408	date:	2018-09-27T00:00:00
db:	JVNDB	id:	JVNDB-2018-011277	date:	2019-01-09T00:00:00
db:	CNNVD	id:	CNNVD-201809-1244	date:	2018-09-28T00:00:00
db:	NVD	id:	CVE-2018-14790	date:	2018-10-01T13:29:00.440