Sign-up

ID

VAR-201810-0490


CVE

CVE-2018-17903


TITLE

GAIN Electronic Co. Ltd SAGA1-L Series Command Forgery Vulnerability

Trust: 0.8

sources: IVD: e2ff16f0-39ab-11e9-a896-000c29342cb1 // CNVD: CNVD-2018-22094

DESCRIPTION

SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery. SAGA1-L8B The firmware contains a vulnerability related to input validation.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to issue commands on vulnerable installations of Saga Radio equipment. Authentication is not required to exploit this vulnerability.The specific flaw exists with the communication between the transmitter and receiver pair. By using a fixed control code an attacker can obtain and replay commands to the receiver. An attacker can leverage this vulnerability to issue commands to the physical equipment controlled by the device. GAINSAGA1-LSeries is a SAGA1-L series of industrial remote control products from GAINElectronic. A security hole exists in the GAINSAGA1-LSeries product that uses firmware prior to A0.10. GAIN Electronic SAGA1-L Series is prone to the following security vulnerabilities: 1. An authentication bypass vulnerability 2. An local-authentication bypass vulnerability 3. An access bypass vulnerability An attacker can exploit these issues to bypass authentication mechanism, disclose sensitive information and perform unauthorized actions

Trust: 3.24

sources: NVD: CVE-2018-17903 // JVNDB: JVNDB-2018-013641 // ZDI: ZDI-18-1316 // CNVD: CNVD-2018-22094 // BID: 105729 // IVD: e2ff16f0-39ab-11e9-a896-000c29342cb1

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: e2ff16f0-39ab-11e9-a896-000c29342cb1 // CNVD: CNVD-2018-22094

AFFECTED PRODUCTS

vendor:sagaradiomodel:saga1-l8bscope:ltversion:a0.10

Trust: 1.0

vendor:gain electronicmodel:saga1-l8bscope:ltversion:a0.10

Trust: 0.8

vendor:saga radiomodel:saga1-l8bscope: - version: -

Trust: 0.7

vendor:gainmodel:electronic saga1-l series <=a0.10scope: - version: -

Trust: 0.6

vendor:gainmodel:electronic saga1-l seriesscope:eqversion:0

Trust: 0.3

vendor:gainmodel:electronic saga1-l series a0.10scope:neversion: -

Trust: 0.3

vendor:saga1 l8bmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2ff16f0-39ab-11e9-a896-000c29342cb1 // ZDI: ZDI-18-1316 // CNVD: CNVD-2018-22094 // BID: 105729 // JVNDB: JVNDB-2018-013641 // NVD: CVE-2018-17903

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-17903
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-17903
value: CRITICAL

Trust: 0.8

ZDI: CVE-2018-17903
value: HIGH

Trust: 0.7

CNVD: CNVD-2018-22094
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201810-1206
value: CRITICAL

Trust: 0.6

IVD: e2ff16f0-39ab-11e9-a896-000c29342cb1
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2018-17903
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2018-17903
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

CNVD: CNVD-2018-22094
severity: HIGH
baseScore: 8.0
vectorString: AV:A/AC:L/AU:N/C:P/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 9.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2ff16f0-39ab-11e9-a896-000c29342cb1
severity: HIGH
baseScore: 8.0
vectorString: AV:A/AC:L/AU:N/C:P/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 9.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-17903
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2018-17903
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: e2ff16f0-39ab-11e9-a896-000c29342cb1 // ZDI: ZDI-18-1316 // CNVD: CNVD-2018-22094 // JVNDB: JVNDB-2018-013641 // CNNVD: CNNVD-201810-1206 // NVD: CVE-2018-17903

PROBLEMTYPE DATA

problemtype:CWE-294

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: JVNDB: JVNDB-2018-013641 // NVD: CVE-2018-17903

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-1206

TYPE

Input validation error

Trust: 0.8

sources: IVD: e2ff16f0-39ab-11e9-a896-000c29342cb1 // CNNVD: CNNVD-201810-1206

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013641

PATCH
title:SAGA1-L6B & L8Burl:http://www.sagaradio.com.tw/SAGA1-L6B.html
Trust: 0.8
title:Saga Radio has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02
Trust: 0.7
title:Patch for GAINElectronicCo.LtdSAGA1-LSeries command forgery vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/143421
Trust: 0.6
title:GAIN SAGA1-L Series Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86295
Trust: 0.6
sources:
            
            
            ZDI: ZDI-18-1316 // 
            
            
            
            CNVD: CNVD-2018-22094 // 
            
            
            
            JVNDB: JVNDB-2018-013641 // 
            
            
            
            CNNVD: CNNVD-201810-1206

EXTERNAL IDS
db:NVDid:CVE-2018-17903
Trust: 4.2
db:ICS CERTid:ICSA-18-296-02
Trust: 3.3
db:BIDid:105729
Trust: 1.9
db:CNVDid:CNVD-2018-22094
Trust: 0.8
db:CNNVDid:CNNVD-201810-1206
Trust: 0.8
db:JVNDBid:JVNDB-2018-013641
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-6186
Trust: 0.7
db:ZDIid:ZDI-18-1316
Trust: 0.7
db:IVDid:E2FF16F0-39AB-11E9-A896-000C29342CB1
Trust: 0.2
sources:
            
            
            IVD: e2ff16f0-39ab-11e9-a896-000c29342cb1 // 
            
            
            
            ZDI: ZDI-18-1316 // 
            
            
            
            CNVD: CNVD-2018-22094 // 
            
            
            
            BID: 105729 // 
            
            
            
            JVNDB: JVNDB-2018-013641 // 
            
            
            
            CNNVD: CNNVD-201810-1206 // 
            
            
            
            NVD: CVE-2018-17903

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-296-02
Trust: 4.0
url:http://www.securityfocus.com/bid/105729
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17903
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-17903
Trust: 0.8
url:http://www.sagaradio.com.tw/about.html
Trust: 0.3
sources:
            
            
            ZDI: ZDI-18-1316 // 
            
            
            
            CNVD: CNVD-2018-22094 // 
            
            
            
            BID: 105729 // 
            
            
            
            JVNDB: JVNDB-2018-013641 // 
            
            
            
            CNNVD: CNNVD-201810-1206 // 
            
            
            
            NVD: CVE-2018-17903

CREDITS
Marco Balduzzi Philippe Z Lin Federico Maggi Jonathan Andersson Akira Urano Stephen Hilt Rainer Vosseler
Trust: 0.7
sources:
            
            
            ZDI: ZDI-18-1316

SOURCES
db:IVDid:e2ff16f0-39ab-11e9-a896-000c29342cb1
db:ZDIid:ZDI-18-1316
db:CNVDid:CNVD-2018-22094
db:BIDid:105729
db:JVNDBid:JVNDB-2018-013641
db:CNNVDid:CNNVD-201810-1206
db:NVDid:CVE-2018-17903

LAST UPDATE DATE
2024-11-23T22:00:16.629000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-18-1316date:2018-10-24T00:00:00
db:CNVDid:CNVD-2018-22094date:2018-10-29T00:00:00
db:BIDid:105729date:2018-10-23T00:00:00
db:JVNDBid:JVNDB-2018-013641date:2019-02-27T00:00:00
db:CNNVDid:CNNVD-201810-1206date:2020-10-22T00:00:00
db:NVDid:CVE-2018-17903date:2024-11-21T03:55:10.560

SOURCES RELEASE DATE
db:IVDid:e2ff16f0-39ab-11e9-a896-000c29342cb1date:2018-10-29T00:00:00
db:ZDIid:ZDI-18-1316date:2018-10-24T00:00:00
db:CNVDid:CNVD-2018-22094date:2018-10-29T00:00:00
db:BIDid:105729date:2018-10-23T00:00:00
db:JVNDBid:JVNDB-2018-013641date:2019-02-27T00:00:00
db:CNNVDid:CNNVD-201810-1206date:2018-10-24T00:00:00
db:NVDid:CVE-2018-17903date:2018-10-24T22:29:00.980