Details of VAR-201810-0387

ID

VAR-201810-0387

CVE

CVE-2018-14798

TITLE

Fuji Electric FRENIC LOADER Vulnerable to out-of-bounds reading

Trust: 0.8

sources: JVNDB: JVNDB-2018-011278

DESCRIPTION

Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly parse FNC files that may allow for information disclosure. FujiElectricFRENICLoader and others are inverters of Fuji Electric Corporation of Japan. An out-of-bounds read vulnerability exists in several FujiElectric products. Multiple Fuji Electric FRENIC Devices are prone to multiple security vulnerabilities. An attacker can exploit these issues to execute arbitrary code in the context of the application, or obtain sensitive information. The following products and versions are affected: Fuji Electric FRENIC Loader version 3.3; FRENIC-Mini (C1) version 7.3.4.1a; FRENIC-Mini (C2) version 7.3.4.1a; FRENIC-Eco version 7.3.4.1a; FRENIC-Multi Version 7.3.4.1a; FRENIC-MEGA Version 7.3.4.1a; FRENIC-AceA Version 7.3.4.1a

Trust: 2.52

sources: NVD: CVE-2018-14798 // JVNDB: JVNDB-2018-011278 // CNVD: CNVD-2019-03311 // BID: 105408 // VULHUB: VHN-124993

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-03311

AFFECTED PRODUCTS

vendor:	fujielectric	model:	frenic loader 3.3	scope:	eq	version:	7.3.4.1a	Trust: 1.6
vendor:	fuji	model:	electric frenic-mini 7.3.4.1a	scope:	-	version:	-	Trust: 1.2
vendor:	fuji	model:	electric frenic loader	scope:	eq	version:	3.3	Trust: 0.9
vendor:	fuji electric	model:	frenic loader 3.3	scope:	eq	version:	7.3.4.1a	Trust: 0.8
vendor:	fuji	model:	electric frenic-eco 7.3.4.1a	scope:	-	version:	-	Trust: 0.6
vendor:	fuji	model:	electric frenic-multi 7.3.4.1a	scope:	-	version:	-	Trust: 0.6
vendor:	fuji	model:	electric frenic-mega 7.3.4.1a	scope:	-	version:	-	Trust: 0.6
vendor:	fuji	model:	electric frenic-acea 7.3.4.1a	scope:	-	version:	-	Trust: 0.6
vendor:	fuji	model:	electric frenic-mini	scope:	eq	version:	0	Trust: 0.6
vendor:	fuji	model:	electric frenic-multi	scope:	eq	version:	0	Trust: 0.3
vendor:	fuji	model:	electric frenic-mega	scope:	eq	version:	0	Trust: 0.3
vendor:	fuji	model:	electric frenic-eco	scope:	eq	version:	0	Trust: 0.3
vendor:	fuji	model:	electric frenic-ace	scope:	eq	version:	0	Trust: 0.3
vendor:	fuji	model:	electric frenic loader 7.3.4.1a	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2019-03311 // BID: 105408 // JVNDB: JVNDB-2018-011278 // CNNVD: CNNVD-201809-1245 // NVD: CVE-2018-14798

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-14798
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-14798
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-03311
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201809-1245
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-124993
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-14798
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-03311
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-124993
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-14798
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-03311 // VULHUB: VHN-124993 // JVNDB: JVNDB-2018-011278 // CNNVD: CNNVD-201809-1245 // NVD: CVE-2018-14798

PROBLEMTYPE DATA

problemtype:

CWE-125

Trust: 1.9

sources: VULHUB: VHN-124993 // JVNDB: JVNDB-2018-011278 // NVD: CVE-2018-14798

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-1245

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201809-1245

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-011278

PATCH

title:

Top Page

url:

https://www.fujielectric.com/index.html

Trust: 0.8

sources: JVNDB: JVNDB-2018-011278

EXTERNAL IDS

db:	NVD	id:	CVE-2018-14798	Trust: 3.4
db:	ICS CERT	id:	ICSA-18-270-03	Trust: 2.8
db:	BID	id:	105408	Trust: 2.6
db:	JVNDB	id:	JVNDB-2018-011278	Trust: 0.8
db:	CNNVD	id:	CNNVD-201809-1245	Trust: 0.7
db:	CNVD	id:	CNVD-2019-03311	Trust: 0.6
db:	VULHUB	id:	VHN-124993	Trust: 0.1

sources: CNVD: CNVD-2019-03311 // VULHUB: VHN-124993 // BID: 105408 // JVNDB: JVNDB-2018-011278 // CNNVD: CNNVD-201809-1245 // NVD: CVE-2018-14798

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-270-03	Trust: 2.8
url:	http://www.securityfocus.com/bid/105408	Trust: 2.3
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14798	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14798	Trust: 0.8
url:	http://www.fujielectric.com/	Trust: 0.3

sources: CNVD: CNVD-2019-03311 // VULHUB: VHN-124993 // BID: 105408 // JVNDB: JVNDB-2018-011278 // CNNVD: CNNVD-201809-1245 // NVD: CVE-2018-14798

CREDITS

Michael Flanders and Ghirmay Desta working with Trend Micro??s Zero Day Initiative

Trust: 0.3

sources: BID: 105408

SOURCES

db:	CNVD	id:	CNVD-2019-03311
db:	VULHUB	id:	VHN-124993
db:	BID	id:	105408
db:	JVNDB	id:	JVNDB-2018-011278
db:	CNNVD	id:	CNNVD-201809-1245
db:	NVD	id:	CVE-2018-14798

LAST UPDATE DATE

2024-11-23T21:38:15.916000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-03311	date:	2019-01-30T00:00:00
db:	VULHUB	id:	VHN-124993	date:	2019-10-09T00:00:00
db:	BID	id:	105408	date:	2018-09-27T00:00:00
db:	JVNDB	id:	JVNDB-2018-011278	date:	2019-01-09T00:00:00
db:	CNNVD	id:	CNNVD-201809-1245	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-14798	date:	2024-11-21T03:49:49.027

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-03311	date:	2019-01-30T00:00:00
db:	VULHUB	id:	VHN-124993	date:	2018-10-01T00:00:00
db:	BID	id:	105408	date:	2018-09-27T00:00:00
db:	JVNDB	id:	JVNDB-2018-011278	date:	2019-01-09T00:00:00
db:	CNNVD	id:	CNNVD-201809-1245	date:	2018-09-28T00:00:00
db:	NVD	id:	CVE-2018-14798	date:	2018-10-01T13:29:00.690