Details of VAR-201810-0470

ID

VAR-201810-0470

CVE

CVE-2018-17935

TITLE

Telecrane F25 Series Command execution vulnerability

Trust: 0.8

sources: IVD: 7d859061-463f-11e9-94bc-000c29342cb1 // CNVD: CNVD-2018-21920

DESCRIPTION

All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state. Telecrane F25 Series Radio Controls Contains vulnerabilities related to security features.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to issue commands on vulnerable installations of Telecrane equipment. Authentication is not required to exploit this vulnerability.The specific flaw exists with the communication between the transmitter and receiver pair. By using a fixed control code an attacker can obtain and replay commands to the receiver. An attacker can leverage this vulnerability to issue commands to the physical equipment controlled by the device. The Telecrane F25Series is an industrial remote control device from Telecrane. A security vulnerability exists in previous versions of TelecraneF25Series00.0A. Telecrane F25 Series is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks

Trust: 3.24

sources: NVD: CVE-2018-17935 // JVNDB: JVNDB-2018-013934 // ZDI: ZDI-18-1315 // CNVD: CNVD-2018-21920 // BID: 105732 // IVD: 7d859061-463f-11e9-94bc-000c29342cb1

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: 7d859061-463f-11e9-94bc-000c29342cb1 // CNVD: CNVD-2018-21920

AFFECTED PRODUCTS

vendor:	telecrane	model:	f25-10d	scope:	lt	version:	00.0a	Trust: 1.8
vendor:	telecrane	model:	f25-10s	scope:	lt	version:	00.0a	Trust: 1.8
vendor:	telecrane	model:	f25-2d	scope:	lt	version:	00.0a	Trust: 1.8
vendor:	telecrane	model:	f25-2s	scope:	lt	version:	00.0a	Trust: 1.8
vendor:	telecrane	model:	f25-4d	scope:	lt	version:	00.0a	Trust: 1.8
vendor:	telecrane	model:	f25-4s	scope:	lt	version:	00.0a	Trust: 1.8
vendor:	telecrane	model:	f25-60	scope:	lt	version:	00.0a	Trust: 1.8
vendor:	telecrane	model:	f25-6d	scope:	lt	version:	00.0a	Trust: 1.8
vendor:	telecrane	model:	f25-6s	scope:	lt	version:	00.0a	Trust: 1.8
vendor:	telecrane	model:	f25-8d	scope:	lt	version:	00.0a	Trust: 1.8
vendor:	telecrane	model:	f25-8s	scope:	lt	version:	00.0a	Trust: 1.8
vendor:	telecrane	model:	f25	scope:	-	version:	-	Trust: 0.7
vendor:	telecrane	model:	f25 series <=00.0a	scope:	-	version:	-	Trust: 0.6
vendor:	telecrane	model:	f25 series	scope:	eq	version:	0	Trust: 0.3
vendor:	telecrane	model:	f25 series 00.0a	scope:	ne	version:	-	Trust: 0.3
vendor:	f25 2s	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	f25 10d	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	f25 60	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	f25 2d	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	f25 4s	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	f25 4d	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	f25 6s	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	f25 6d	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	f25 8s	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	f25 8d	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	f25 10s	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 7d859061-463f-11e9-94bc-000c29342cb1 // ZDI: ZDI-18-1315 // CNVD: CNVD-2018-21920 // BID: 105732 // JVNDB: JVNDB-2018-013934 // NVD: CVE-2018-17935

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-17935
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-17935
value:	HIGH
Trust: 0.8
ZDI:	CVE-2018-17935
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2018-21920
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201810-1205
value:	HIGH
Trust: 0.6
IVD:	7d859061-463f-11e9-94bc-000c29342cb1
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2018-17935
severity:	MEDIUM
baseScore:	4.8
vectorString:	AV:A/AC:L/AU:N/C:N/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ZDI:	CVE-2018-17935
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
CNVD:	CNVD-2018-21920
severity:	HIGH
baseScore:	8.0
vectorString:	AV:A/AC:L/AU:N/C:P/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	9.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	7d859061-463f-11e9-94bc-000c29342cb1
severity:	HIGH
baseScore:	8.0
vectorString:	AV:A/AC:L/AU:N/C:P/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	9.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2018-17935
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2018-17935
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 7d859061-463f-11e9-94bc-000c29342cb1 // ZDI: ZDI-18-1315 // CNVD: CNVD-2018-21920 // JVNDB: JVNDB-2018-013934 // CNNVD: CNNVD-201810-1205 // NVD: CVE-2018-17935

PROBLEMTYPE DATA

problemtype:	CWE-294	Trust: 1.0
problemtype:	CWE-254	Trust: 0.8

sources: JVNDB: JVNDB-2018-013934 // NVD: CVE-2018-17935

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201810-1205

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-201810-1205

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013934

PATCH

title:	F25 Series	url:	https://telecrane-usa.biz/index.php/en/products/remote-controls/f25-series	Trust: 0.8
title:	Telecrane has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-18-296-03	Trust: 0.7
title:	TelecraneF25Series unlicensed patch for operating vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/143335	Trust: 0.6
title:	Telecrane F25 Series Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86293	Trust: 0.6

sources: ZDI: ZDI-18-1315 // CNVD: CNVD-2018-21920 // JVNDB: JVNDB-2018-013934 // CNNVD: CNNVD-201810-1205

EXTERNAL IDS

db:	NVD	id:	CVE-2018-17935	Trust: 4.2
db:	ICS CERT	id:	ICSA-18-296-03	Trust: 2.7
db:	BID	id:	105732	Trust: 1.9
db:	CNVD	id:	CNVD-2018-21920	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-1205	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-013934	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-6188	Trust: 0.7
db:	ZDI	id:	ZDI-18-1315	Trust: 0.7
db:	IVD	id:	7D859061-463F-11E9-94BC-000C29342CB1	Trust: 0.2

sources: IVD: 7d859061-463f-11e9-94bc-000c29342cb1 // ZDI: ZDI-18-1315 // CNVD: CNVD-2018-21920 // BID: 105732 // JVNDB: JVNDB-2018-013934 // CNNVD: CNNVD-201810-1205 // NVD: CVE-2018-17935

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-296-03	Trust: 3.4
url:	http://www.securityfocus.com/bid/105732	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-17935	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17935	Trust: 0.8
url:	https://telecrane.mobi/index.php/en/products/remote-controls/f25-series	Trust: 0.3

sources: ZDI: ZDI-18-1315 // CNVD: CNVD-2018-21920 // BID: 105732 // JVNDB: JVNDB-2018-013934 // CNNVD: CNNVD-201810-1205 // NVD: CVE-2018-17935

CREDITS

Jonathan Andersson Philippe Z Lin Akira Urano Marco Balduzzi Federico Maggi Stephen Hilt Rainer Vosseler

Trust: 0.7

sources: ZDI: ZDI-18-1315

SOURCES

db:	IVD	id:	7d859061-463f-11e9-94bc-000c29342cb1
db:	ZDI	id:	ZDI-18-1315
db:	CNVD	id:	CNVD-2018-21920
db:	BID	id:	105732
db:	JVNDB	id:	JVNDB-2018-013934
db:	CNNVD	id:	CNNVD-201810-1205
db:	NVD	id:	CVE-2018-17935

LAST UPDATE DATE

2024-11-23T23:08:34.380000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-1315	date:	2018-10-24T00:00:00
db:	CNVD	id:	CNVD-2018-21920	date:	2019-01-23T00:00:00
db:	BID	id:	105732	date:	2018-10-23T00:00:00
db:	JVNDB	id:	JVNDB-2018-013934	date:	2019-03-06T00:00:00
db:	CNNVD	id:	CNNVD-201810-1205	date:	2020-09-21T00:00:00
db:	NVD	id:	CVE-2018-17935	date:	2024-11-21T03:55:14.500

SOURCES RELEASE DATE

db:	IVD	id:	7d859061-463f-11e9-94bc-000c29342cb1	date:	2018-10-26T00:00:00
db:	ZDI	id:	ZDI-18-1315	date:	2018-10-24T00:00:00
db:	CNVD	id:	CNVD-2018-21920	date:	2018-10-26T00:00:00
db:	BID	id:	105732	date:	2018-10-23T00:00:00
db:	JVNDB	id:	JVNDB-2018-013934	date:	2019-03-06T00:00:00
db:	CNNVD	id:	CNNVD-201810-1205	date:	2018-10-24T00:00:00
db:	NVD	id:	CVE-2018-17935	date:	2018-10-24T13:29:00.430