Sign-up

ID

VAR-201810-0434


CVE

CVE-2018-17889


TITLE

WECON Technology Co., Ltd. PI Studio HMI and PI Studio In XML External entity vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2018-010757

DESCRIPTION

In WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior when parsing project files, the XMLParser that ships with Wecon PIStudio is vulnerable to a XML external entity injection attack, which may allow sensitive information disclosure. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Wecon PIStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of project files. Due to the improper restriction of XML External Entity (XXE) references, a specially crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information under the context of Administrator. Failed exploit attempts will likely cause denial-of-service conditions

Trust: 3.24

sources: NVD: CVE-2018-17889 // JVNDB: JVNDB-2018-010757 // ZDI: ZDI-18-1106 // CNVD: CNVD-2018-21174 // BID: 105710 // IVD: e2fdb75e-39ab-11e9-851d-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2fdb75e-39ab-11e9-851d-000c29342cb1 // CNVD: CNVD-2018-21174

AFFECTED PRODUCTS

vendor:we conmodel:pi studio hmiscope:lteversion:4.1.9

Trust: 1.0

vendor:we conmodel:pi studioscope:lteversion:4.2.34

Trust: 1.0

vendor:weconmodel:pi studioscope:lteversion:4.2.34

Trust: 0.8

vendor:weconmodel:pi studio hmiscope:lteversion:4.1.9

Trust: 0.8

vendor:weconmodel:pistudioscope: - version: -

Trust: 0.7

vendor:weconmodel:pi studio hmiscope:lteversion:<=4.1.9

Trust: 0.6

vendor:weconmodel:pi studioscope:lteversion:<=4.2.34

Trust: 0.6

vendor:we conmodel:pi studio hmiscope:eqversion:4.1.9

Trust: 0.6

vendor:we conmodel:pi studioscope:eqversion:4.2.34

Trust: 0.6

vendor:weconmodel:pi studio hmi project programmerscope:eqversion:4.1.9

Trust: 0.3

vendor:weconmodel:pi studioscope:eqversion:4.2.34

Trust: 0.3

vendor:pi studiomodel: - scope:eqversion:*

Trust: 0.2

vendor:pi studio hmimodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2fdb75e-39ab-11e9-851d-000c29342cb1 // ZDI: ZDI-18-1106 // CNVD: CNVD-2018-21174 // BID: 105710 // JVNDB: JVNDB-2018-010757 // CNNVD: CNNVD-201810-245 // NVD: CVE-2018-17889

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-17889
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-17889
value: MEDIUM

Trust: 0.8

ZDI: CVE-2018-17889
value: HIGH

Trust: 0.7

CNVD: CNVD-2018-21174
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201810-245
value: MEDIUM

Trust: 0.6

IVD: e2fdb75e-39ab-11e9-851d-000c29342cb1
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2018-17889
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2018-17889
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2

Trust: 0.7

CNVD: CNVD-2018-21174
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2fdb75e-39ab-11e9-851d-000c29342cb1
severity: MEDIUM
baseScore: 5.4
vectorString: AV:N/AC:H/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-17889
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.6
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: IVD: e2fdb75e-39ab-11e9-851d-000c29342cb1 // ZDI: ZDI-18-1106 // CNVD: CNVD-2018-21174 // JVNDB: JVNDB-2018-010757 // CNNVD: CNNVD-201810-245 // NVD: CVE-2018-17889

PROBLEMTYPE DATA

problemtype:CWE-611

Trust: 1.8

sources: JVNDB: JVNDB-2018-010757 // NVD: CVE-2018-17889

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-245

TYPE

Code problem

Trust: 0.8

sources: IVD: e2fdb75e-39ab-11e9-851d-000c29342cb1 // CNNVD: CNNVD-201810-245

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-010757

PATCH
title:Top Pageurl:http://www.we-con.com.cn/en/index.aspx
Trust: 0.8
title:Wecon has issued an update to correct this vulnerability.        This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 120 day deadline.05/08/18 - ZDI sent the report to ICS-CERT05/09/18 - ICS-CERT acknowledged, confirmed the report was sent to the vendor and sent an ICS-VU #09/17/18 - ZDI asked ICS-CERT to confirm the report remains unpatched and to advise the vendor of the intent to publish the report as 0-day on 10/02/18-- Mitigation:Given the nature of the vulnerability the only salient mitigation strategy is to restrict interaction with the application to trusted files.url:https://us-cert.cisa.gov/ics/advisories/ICSA-18-277-01
Trust: 0.7
sources:
            
            
            ZDI: ZDI-18-1106 // 
            
            
            
            JVNDB: JVNDB-2018-010757

EXTERNAL IDS
db:NVDid:CVE-2018-17889
Trust: 4.2
db:ICS CERTid:ICSA-18-277-01
Trust: 3.3
db:CNVDid:CNVD-2018-21174
Trust: 0.8
db:CNNVDid:CNNVD-201810-245
Trust: 0.8
db:JVNDBid:JVNDB-2018-010757
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-6162
Trust: 0.7
db:ZDIid:ZDI-18-1106
Trust: 0.7
db:BIDid:105710
Trust: 0.3
db:IVDid:E2FDB75E-39AB-11E9-851D-000C29342CB1
Trust: 0.2
sources:
            
            
            IVD: e2fdb75e-39ab-11e9-851d-000c29342cb1 // 
            
            
            
            ZDI: ZDI-18-1106 // 
            
            
            
            CNVD: CNVD-2018-21174 // 
            
            
            
            BID: 105710 // 
            
            
            
            JVNDB: JVNDB-2018-010757 // 
            
            
            
            CNNVD: CNNVD-201810-245 // 
            
            
            
            NVD: CVE-2018-17889

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-277-01
Trust: 3.3
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17889
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-17889
Trust: 0.8
url:https://us-cert.cisa.gov/ics/advisories/icsa-18-277-01
Trust: 0.7
url:http://www.we-con.com.cn/en/
Trust: 0.3
sources:
            
            
            ZDI: ZDI-18-1106 // 
            
            
            
            CNVD: CNVD-2018-21174 // 
            
            
            
            BID: 105710 // 
            
            
            
            JVNDB: JVNDB-2018-010757 // 
            
            
            
            CNNVD: CNNVD-201810-245 // 
            
            
            
            NVD: CVE-2018-17889

CREDITS
Mat Powell - Trend Micro Zero Day Initiative
Trust: 0.7
sources:
            
            
            ZDI: ZDI-18-1106

SOURCES
db:IVDid:e2fdb75e-39ab-11e9-851d-000c29342cb1
db:ZDIid:ZDI-18-1106
db:CNVDid:CNVD-2018-21174
db:BIDid:105710
db:JVNDBid:JVNDB-2018-010757
db:CNNVDid:CNNVD-201810-245
db:NVDid:CVE-2018-17889

LAST UPDATE DATE
2024-11-23T22:12:19.284000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-18-1106date:2021-12-02T00:00:00
db:CNVDid:CNVD-2018-21174date:2018-10-18T00:00:00
db:BIDid:105710date:2018-10-04T00:00:00
db:JVNDBid:JVNDB-2018-010757date:2018-12-21T00:00:00
db:CNNVDid:CNNVD-201810-245date:2019-10-17T00:00:00
db:NVDid:CVE-2018-17889date:2024-11-21T03:55:08.770

SOURCES RELEASE DATE
db:IVDid:e2fdb75e-39ab-11e9-851d-000c29342cb1date:2018-10-18T00:00:00
db:ZDIid:ZDI-18-1106date:2018-10-02T00:00:00
db:CNVDid:CNVD-2018-21174date:2018-10-17T00:00:00
db:BIDid:105710date:2018-10-04T00:00:00
db:JVNDBid:JVNDB-2018-010757date:2018-12-21T00:00:00
db:CNNVDid:CNNVD-201810-245date:2018-10-09T00:00:00
db:NVDid:CVE-2018-17889date:2018-10-08T12:29:00.517