Sign-up

ID

VAR-201810-1155


CVE

CVE-2018-8858


TITLE

VGo Robot Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2018-011800

DESCRIPTION

If an attacker has access to the firmware from the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to extract credentials. VGo Robot Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Vecna ​​VGo Robot is an industrial automation robot equipment produced by British Vecna ​​company

Trust: 1.71

sources: NVD: CVE-2018-8858 // JVNDB: JVNDB-2018-011800 // VULHUB: VHN-138890

IOT TAXONOMY

category:['industrial device']sub_category:robot

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:vecnamodel:vgoscope:eqversion:3.0.3.53662

Trust: 2.4

vendor:vecnamodel:vgoscope:eqversion:3.0.3.52164

Trust: 1.4

vendor:vecnamodel:vgoscope:lteversion:3.0.3.52164

Trust: 1.0

sources: JVNDB: JVNDB-2018-011800 // CNNVD: CNNVD-201810-1454 // NVD: CVE-2018-8858

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-8858
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-8858
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201810-1454
value: CRITICAL

Trust: 0.6

VULHUB: VHN-138890
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-8858
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-138890
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-8858
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-138890 // JVNDB: JVNDB-2018-011800 // CNNVD: CNNVD-201810-1454 // NVD: CVE-2018-8858

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-138890 // JVNDB: JVNDB-2018-011800 // NVD: CVE-2018-8858

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-1454

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201810-1454

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-011800

PATCH
title:Top Pageurl:https://www.vecna.com/
Trust: 0.8
title:Vecna VGo Robot Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86432
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-011800 // 
            
            
            
            CNNVD: CNNVD-201810-1454

EXTERNAL IDS
db:NVDid:CVE-2018-8858
Trust: 2.6
db:ICS CERTid:ICSA-18-114-01
Trust: 2.5
db:JVNDBid:JVNDB-2018-011800
Trust: 0.8
db:CNNVDid:CNNVD-201810-1454
Trust: 0.7
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-138890
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-138890 // 
            
            
            
            JVNDB: JVNDB-2018-011800 // 
            
            
            
            CNNVD: CNNVD-201810-1454 // 
            
            
            
            NVD: CVE-2018-8858

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-114-01
Trust: 2.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8858
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-8858
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULHUB: VHN-138890 // 
            
            
            
            JVNDB: JVNDB-2018-011800 // 
            
            
            
            CNNVD: CNNVD-201810-1454 // 
            
            
            
            NVD: CVE-2018-8858

SOURCES
db:OTHERid: - 
db:VULHUBid:VHN-138890
db:JVNDBid:JVNDB-2018-011800
db:CNNVDid:CNNVD-201810-1454
db:NVDid:CVE-2018-8858

LAST UPDATE DATE
2025-01-30T22:39:18.195000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-138890date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-011800date:2019-01-23T00:00:00
db:CNNVDid:CNNVD-201810-1454date:2019-10-17T00:00:00
db:NVDid:CVE-2018-8858date:2024-11-21T04:14:28.070

SOURCES RELEASE DATE
db:VULHUBid:VHN-138890date:2018-10-30T00:00:00
db:JVNDBid:JVNDB-2018-011800date:2019-01-23T00:00:00
db:CNNVDid:CNNVD-201810-1454date:2018-10-31T00:00:00
db:NVDid:CVE-2018-8858date:2018-10-30T21:29:01.137