Sign-up

ID

VAR-201811-0102


CVE

CVE-2018-17912


TITLE

Fr. Sauter AG CASE Suite XML External entity injection vulnerability

Trust: 0.8

sources: IVD: f1122210-9ea6-41d9-a6cd-53d3bc909e01 // CNVD: CNVD-2019-44954

DESCRIPTION

An XXE vulnerability exists in CASE Suite Versions 3.10 and prior when processing parameter entities, which may allow remote file disclosure. CASE Suite Is XML An external entity vulnerability exists.Information may be obtained. Fr. Sauter AG CASE Suite is a software development kit for building automation systems from Swiss company Fr. Sauter AG. Sauter AG CASE Suite 3.10 and earlier. A remote attacker could use this vulnerability to cause a file leak. An attacker can exploit this issue to gain access to sensitive information from the application; this may lead to further attacks

Trust: 2.61

sources: NVD: CVE-2018-17912 // JVNDB: JVNDB-2018-013991 // CNVD: CNVD-2019-44954 // BID: 105804 // IVD: f1122210-9ea6-41d9-a6cd-53d3bc909e01

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: f1122210-9ea6-41d9-a6cd-53d3bc909e01 // CNVD: CNVD-2019-44954

AFFECTED PRODUCTS

vendor:sauter controlsmodel:case suitescope:lteversion:3.10

Trust: 1.8

vendor:frmodel:sauter ag case suitescope:lteversion:<=3.10

Trust: 0.6

vendor:frmodel:sauter ag case suitescope:eqversion:3.10

Trust: 0.3

vendor:frmodel:sauter ag case suite service releasescope:neversion:3.10

Trust: 0.3

vendor:case suitemodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: f1122210-9ea6-41d9-a6cd-53d3bc909e01 // CNVD: CNVD-2019-44954 // BID: 105804 // JVNDB: JVNDB-2018-013991 // NVD: CVE-2018-17912

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-17912
value: HIGH

Trust: 1.0

NVD: CVE-2018-17912
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-44954
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201811-024
value: HIGH

Trust: 0.6

IVD: f1122210-9ea6-41d9-a6cd-53d3bc909e01
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2018-17912
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-44954
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: f1122210-9ea6-41d9-a6cd-53d3bc909e01
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-17912
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: IVD: f1122210-9ea6-41d9-a6cd-53d3bc909e01 // CNVD: CNVD-2019-44954 // JVNDB: JVNDB-2018-013991 // CNNVD: CNNVD-201811-024 // NVD: CVE-2018-17912

PROBLEMTYPE DATA

problemtype:CWE-611

Trust: 1.8

sources: JVNDB: JVNDB-2018-013991 // NVD: CVE-2018-17912

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-024

TYPE

Code problem

Trust: 0.8

sources: IVD: f1122210-9ea6-41d9-a6cd-53d3bc909e01 // CNNVD: CNNVD-201811-024

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013991

PATCH
title:CASE Suiteurl:https://www.sauter-controls.com/en/products-sauter/product-details/pdm/gzs-100-150-case-suite.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-013991

EXTERNAL IDS
db:NVDid:CVE-2018-17912
Trust: 3.5
db:ICS CERTid:ICSA-18-305-04
Trust: 3.3
db:BIDid:105804
Trust: 1.9
db:CNVDid:CNVD-2019-44954
Trust: 0.8
db:CNNVDid:CNNVD-201811-024
Trust: 0.8
db:JVNDBid:JVNDB-2018-013991
Trust: 0.8
db:IVDid:F1122210-9EA6-41D9-A6CD-53D3BC909E01
Trust: 0.2
sources:
            
            
            IVD: f1122210-9ea6-41d9-a6cd-53d3bc909e01 // 
            
            
            
            CNVD: CNVD-2019-44954 // 
            
            
            
            BID: 105804 // 
            
            
            
            JVNDB: JVNDB-2018-013991 // 
            
            
            
            CNNVD: CNNVD-201811-024 // 
            
            
            
            NVD: CVE-2018-17912

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-305-04
Trust: 3.3
url:http://www.securityfocus.com/bid/105804
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17912
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-17912
Trust: 0.8
url:https://www.sauter-controls.com/en/products-sauter/product-details/pdm/gzs-100-150-case-suite.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2019-44954 // 
            
            
            
            BID: 105804 // 
            
            
            
            JVNDB: JVNDB-2018-013991 // 
            
            
            
            CNNVD: CNNVD-201811-024 // 
            
            
            
            NVD: CVE-2018-17912

CREDITS
Gjoko Krstic
Trust: 0.3
sources:
            
            
            BID: 105804

SOURCES
db:IVDid:f1122210-9ea6-41d9-a6cd-53d3bc909e01
db:CNVDid:CNVD-2019-44954
db:BIDid:105804
db:JVNDBid:JVNDB-2018-013991
db:CNNVDid:CNNVD-201811-024
db:NVDid:CVE-2018-17912

LAST UPDATE DATE
2024-11-23T23:08:33.660000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-44954date:2019-12-16T00:00:00
db:BIDid:105804date:2018-11-01T00:00:00
db:JVNDBid:JVNDB-2018-013991date:2019-03-07T00:00:00
db:CNNVDid:CNNVD-201811-024date:2019-10-17T00:00:00
db:NVDid:CVE-2018-17912date:2024-11-21T03:55:11.637

SOURCES RELEASE DATE
db:IVDid:f1122210-9ea6-41d9-a6cd-53d3bc909e01date:2019-12-11T00:00:00
db:CNVDid:CNVD-2019-44954date:2019-12-10T00:00:00
db:BIDid:105804date:2018-11-01T00:00:00
db:JVNDBid:JVNDB-2018-013991date:2019-03-07T00:00:00
db:CNNVDid:CNNVD-201811-024date:2018-11-02T00:00:00
db:NVDid:CVE-2018-17912date:2018-11-02T14:29:03.130