Sign-up

ID

VAR-201810-0395


CVE

CVE-2018-14812


TITLE

Fuji Electric Energy Savings Estimator Vulnerable to uncontrolled search path elements

Trust: 0.8

sources: JVNDB: JVNDB-2018-013893

DESCRIPTION

An uncontrolled search path element (DLL Hijacking) vulnerability has been identified in Fuji Electric Energy Savings Estimator versions V.1.0.2.0 and prior. Exploitation of this vulnerability could give an attacker access to the system with the same level of privilege as the application that utilizes the malicious DLL. Fuji Electric Energy Savings Estimator is an energy saving estimator of Fuji Electric Corporation. Using this vulnerability, an attacker could use this vulnerability to execute arbitrary code in the affected application environment, and a failed attack could cause a denial of service. Failed exploit attempts will result in a denial of service condition

Trust: 2.7

sources: NVD: CVE-2018-14812 // JVNDB: JVNDB-2018-013893 // CNVD: CNVD-2019-44955 // BID: 105543 // IVD: 5e5552aa-f67d-4b14-b207-ec1fb7409507 // VULMON: CVE-2018-14812

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 5e5552aa-f67d-4b14-b207-ec1fb7409507 // CNVD: CNVD-2019-44955

AFFECTED PRODUCTS

vendor:fujimodel:electric energy savings estimatorscope:eqversion:1.0.2.0

Trust: 1.1

vendor:fujielectricmodel:energy savings estimatorscope:eqversion:1.0.2.0

Trust: 1.0

vendor:fuji electricmodel:energy savings estimatorscope:eqversion:v.1.0.2.0 and less

Trust: 0.8

vendor:fujimodel:electric energy savings estimatorscope:neversion:1.0.2.1

Trust: 0.3

sources: IVD: 5e5552aa-f67d-4b14-b207-ec1fb7409507 // CNVD: CNVD-2019-44955 // BID: 105543 // JVNDB: JVNDB-2018-013893 // NVD: CVE-2018-14812

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-14812
value: HIGH

Trust: 1.0

NVD: CVE-2018-14812
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-44955
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201810-716
value: HIGH

Trust: 0.6

IVD: 5e5552aa-f67d-4b14-b207-ec1fb7409507
value: HIGH

Trust: 0.2

VULMON: CVE-2018-14812
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-14812
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-44955
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 5e5552aa-f67d-4b14-b207-ec1fb7409507
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-14812
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: 5e5552aa-f67d-4b14-b207-ec1fb7409507 // CNVD: CNVD-2019-44955 // VULMON: CVE-2018-14812 // JVNDB: JVNDB-2018-013893 // CNNVD: CNNVD-201810-716 // NVD: CVE-2018-14812

PROBLEMTYPE DATA

problemtype:CWE-427

Trust: 1.8

sources: JVNDB: JVNDB-2018-013893 // NVD: CVE-2018-14812

THREAT TYPE

local

Trust: 0.9

sources: BID: 105543 // CNNVD: CNNVD-201810-716

TYPE

Code problem

Trust: 0.8

sources: IVD: 5e5552aa-f67d-4b14-b207-ec1fb7409507 // CNNVD: CNNVD-201810-716

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013893

PATCH
title:Engineers' Roomurl:https://americas.fujielectric.com/engineers-room/online-tools/
Trust: 0.8
title:Patch for Fuji Electric Energy Savings Estimator DLL Loads Local Code Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/193515
Trust: 0.6
title:Fuji Electric Energy Savings Estimator Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85811
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-44955 // 
            
            
            
            JVNDB: JVNDB-2018-013893 // 
            
            
            
            CNNVD: CNNVD-201810-716

EXTERNAL IDS
db:NVDid:CVE-2018-14812
Trust: 3.6
db:ICS CERTid:ICSA-18-282-07
Trust: 2.8
db:BIDid:105543
Trust: 2.6
db:CNVDid:CNVD-2019-44955
Trust: 0.8
db:CNNVDid:CNNVD-201810-716
Trust: 0.8
db:JVNDBid:JVNDB-2018-013893
Trust: 0.8
db:IVDid:5E5552AA-F67D-4B14-B207-EC1FB7409507
Trust: 0.2
db:VULMONid:CVE-2018-14812
Trust: 0.1
sources:
            
            
            IVD: 5e5552aa-f67d-4b14-b207-ec1fb7409507 // 
            
            
            
            CNVD: CNVD-2019-44955 // 
            
            
            
            VULMON: CVE-2018-14812 // 
            
            
            
            BID: 105543 // 
            
            
            
            JVNDB: JVNDB-2018-013893 // 
            
            
            
            CNNVD: CNNVD-201810-716 // 
            
            
            
            NVD: CVE-2018-14812

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-282-07
Trust: 2.9
url:http://www.securityfocus.com/bid/105543
Trust: 2.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14812
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-14812
Trust: 0.8
url:https://americas.fujielectric.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/427.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-44955 // 
            
            
            
            VULMON: CVE-2018-14812 // 
            
            
            
            BID: 105543 // 
            
            
            
            JVNDB: JVNDB-2018-013893 // 
            
            
            
            CNNVD: CNNVD-201810-716 // 
            
            
            
            NVD: CVE-2018-14812

CREDITS
Karn Ganeshen
Trust: 0.3
sources:
            
            
            BID: 105543

SOURCES
db:IVDid:5e5552aa-f67d-4b14-b207-ec1fb7409507
db:CNVDid:CNVD-2019-44955
db:VULMONid:CVE-2018-14812
db:BIDid:105543
db:JVNDBid:JVNDB-2018-013893
db:CNNVDid:CNNVD-201810-716
db:NVDid:CVE-2018-14812

LAST UPDATE DATE
2024-11-23T22:38:02.980000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-44955date:2019-12-11T00:00:00
db:VULMONid:CVE-2018-14812date:2019-10-09T00:00:00
db:BIDid:105543date:2018-10-09T00:00:00
db:JVNDBid:JVNDB-2018-013893date:2019-03-05T00:00:00
db:CNNVDid:CNNVD-201810-716date:2019-10-17T00:00:00
db:NVDid:CVE-2018-14812date:2024-11-21T03:49:50.877

SOURCES RELEASE DATE
db:IVDid:5e5552aa-f67d-4b14-b207-ec1fb7409507date:2019-12-11T00:00:00
db:CNVDid:CNVD-2019-44955date:2019-12-10T00:00:00
db:VULMONid:CVE-2018-14812date:2018-10-24T00:00:00
db:BIDid:105543date:2018-10-09T00:00:00
db:JVNDBid:JVNDB-2018-013893date:2019-03-05T00:00:00
db:CNNVDid:CNNVD-201810-716date:2018-10-17T00:00:00
db:NVDid:CVE-2018-14812date:2018-10-24T21:29:00.563