Sign-up

ID

VAR-201810-0469


CVE

CVE-2018-17933


TITLE

VGo Robot Vulnerabilities in authorization

Trust: 0.8

sources: JVNDB: JVNDB-2018-011591

DESCRIPTION

VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) connected to the VGo XAMPP. User accounts may be able to execute commands that are outside the scope of their privileges and within the scope of an admin account. If an attacker has access to VGo XAMPP Client credentials, they may be able to execute admin commands on the connected robot. VGo Robot Contains an authorization vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Vecna ​​VGo Robot is an industrial automation robot equipment produced by British Vecna ​​company. An attacker could exploit this vulnerability to execute commands

Trust: 1.71

sources: NVD: CVE-2018-17933 // JVNDB: JVNDB-2018-011591 // VULHUB: VHN-128442

AFFECTED PRODUCTS

vendor:vecnamodel:vgoscope:eqversion:3.0.3.53662

Trust: 1.6

vendor:vecnamodel:vgoscope:eqversion:3.0.3.52164

Trust: 1.6

vendor:vecnamodel:vgoscope:ltversion:3.0.3.52164

Trust: 0.8

vendor:vecnamodel:vgoscope:ltversion:3.0.3.53662

Trust: 0.8

sources: JVNDB: JVNDB-2018-011591 // CNNVD: CNNVD-201810-1453 // NVD: CVE-2018-17933

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-17933
value: HIGH

Trust: 1.0

NVD: CVE-2018-17933
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201810-1453
value: HIGH

Trust: 0.6

VULHUB: VHN-128442
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-17933
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-128442
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-17933
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-128442 // JVNDB: JVNDB-2018-011591 // CNNVD: CNNVD-201810-1453 // NVD: CVE-2018-17933

PROBLEMTYPE DATA

problemtype:CWE-285

Trust: 1.9

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: VULHUB: VHN-128442 // JVNDB: JVNDB-2018-011591 // NVD: CVE-2018-17933

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-1453

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201810-1453

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-011591

PATCH
title:Top Pageurl:https://www.vecna.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-011591

EXTERNAL IDS
db:NVDid:CVE-2018-17933
Trust: 2.5
db:ICS CERTid:ICSA-18-114-01
Trust: 2.5
db:JVNDBid:JVNDB-2018-011591
Trust: 0.8
db:CNNVDid:CNNVD-201810-1453
Trust: 0.7
db:VULHUBid:VHN-128442
Trust: 0.1
sources:
            
            
            VULHUB: VHN-128442 // 
            
            
            
            JVNDB: JVNDB-2018-011591 // 
            
            
            
            CNNVD: CNNVD-201810-1453 // 
            
            
            
            NVD: CVE-2018-17933

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-114-01
Trust: 2.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17933
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-17933
Trust: 0.8
sources:
            
            
            VULHUB: VHN-128442 // 
            
            
            
            JVNDB: JVNDB-2018-011591 // 
            
            
            
            CNNVD: CNNVD-201810-1453 // 
            
            
            
            NVD: CVE-2018-17933

SOURCES
db:VULHUBid:VHN-128442
db:JVNDBid:JVNDB-2018-011591
db:CNNVDid:CNNVD-201810-1453
db:NVDid:CVE-2018-17933

LAST UPDATE DATE
2024-11-23T21:52:47.307000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-128442date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-011591date:2019-01-17T00:00:00
db:CNNVDid:CNNVD-201810-1453date:2019-10-17T00:00:00
db:NVDid:CVE-2018-17933date:2024-11-21T03:55:14.270

SOURCES RELEASE DATE
db:VULHUBid:VHN-128442date:2018-10-30T00:00:00
db:JVNDBid:JVNDB-2018-011591date:2019-01-17T00:00:00
db:CNNVDid:CNNVD-201810-1453date:2018-10-31T00:00:00
db:NVDid:CVE-2018-17933date:2018-10-30T21:29:01.090