Sign-up

ID

VAR-201811-0563


CVE

CVE-2018-7806


TITLE

Data Center Operation Path traversal vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-012798

DESCRIPTION

Data Center Operation allows for the upload of a zip file from its user interface to the server. A carefully crafted, malicious file could be mistakenly uploaded by an authenticated user via this feature which could contain path traversal file names. As such, it could allow for the arbitrary upload of files contained with the zip onto the server file system outside of the intended directory. This is leveraging the more commonly known ZipSlip vulnerability within Java code. Data Center Operation Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric StruxureWare Data Center Operation is a set of data center operation software from Schneider Electric of France. The software provides an instant overview of data center operations through inventory management, PUE calculations, real-time device alerts, and in-depth location-based analysis. Schneider Electric StruxureWare Data Center Operation has a security vulnerability

Trust: 2.34

sources: NVD: CVE-2018-7806 // JVNDB: JVNDB-2018-012798 // CNVD: CNVD-2019-45193 // IVD: 5bc724de-1a0c-4e2d-8ff2-de31e2b073c8

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 5bc724de-1a0c-4e2d-8ff2-de31e2b073c8 // CNVD: CNVD-2019-45193

AFFECTED PRODUCTS

vendor:schneider electricmodel:struxureware data center operationscope: - version: -

Trust: 1.4

vendor:schneider electricmodel:struxureware data center operationscope:eqversion:*

Trust: 1.0

vendor:schneidermodel:electric struxureware data center operationscope: - version: -

Trust: 0.6

vendor:struxureware data center operationmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 5bc724de-1a0c-4e2d-8ff2-de31e2b073c8 // CNVD: CNVD-2019-45193 // JVNDB: JVNDB-2018-012798 // CNNVD: CNNVD-201812-007 // NVD: CVE-2018-7806

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7806
value: HIGH

Trust: 1.0

NVD: CVE-2018-7806
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-45193
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201812-007
value: MEDIUM

Trust: 0.6

IVD: 5bc724de-1a0c-4e2d-8ff2-de31e2b073c8
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2018-7806
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-45193
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 5bc724de-1a0c-4e2d-8ff2-de31e2b073c8
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-7806
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: 5bc724de-1a0c-4e2d-8ff2-de31e2b073c8 // CNVD: CNVD-2019-45193 // JVNDB: JVNDB-2018-012798 // CNNVD: CNNVD-201812-007 // NVD: CVE-2018-7806

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2018-012798 // NVD: CVE-2018-7806

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-007

TYPE

Path traversal

Trust: 0.8

sources: IVD: 5bc724de-1a0c-4e2d-8ff2-de31e2b073c8 // CNNVD: CNNVD-201812-007

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-012798

PATCH
title:StruxureWare Data Center Operation Software Vulnerability Fixesurl:https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
Trust: 0.8
title:Patch for Schneider Electric StruxureWare Data Center Operation has an unknown vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/194049
Trust: 0.6
title:Schneider Electric StruxureWare Data Center Operation Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87343
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-45193 // 
            
            
            
            JVNDB: JVNDB-2018-012798 // 
            
            
            
            CNNVD: CNNVD-201812-007

EXTERNAL IDS
db:NVDid:CVE-2018-7806
Trust: 3.2
db:CNVDid:CNVD-2019-45193
Trust: 0.8
db:CNNVDid:CNNVD-201812-007
Trust: 0.8
db:JVNDBid:JVNDB-2018-012798
Trust: 0.8
db:IVDid:5BC724DE-1A0C-4E2D-8FF2-DE31E2B073C8
Trust: 0.2
sources:
            
            
            IVD: 5bc724de-1a0c-4e2d-8ff2-de31e2b073c8 // 
            
            
            
            CNVD: CNVD-2019-45193 // 
            
            
            
            JVNDB: JVNDB-2018-012798 // 
            
            
            
            CNNVD: CNNVD-201812-007 // 
            
            
            
            NVD: CVE-2018-7806

REFERENCES
url:https://help.ecostruxureit.com/display/public/uadco8x/struxureware+data+center+operation+software+vulnerability+fixes
Trust: 2.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7806
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7806
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-45193 // 
            
            
            
            JVNDB: JVNDB-2018-012798 // 
            
            
            
            CNNVD: CNNVD-201812-007 // 
            
            
            
            NVD: CVE-2018-7806

SOURCES
db:IVDid:5bc724de-1a0c-4e2d-8ff2-de31e2b073c8
db:CNVDid:CNVD-2019-45193
db:JVNDBid:JVNDB-2018-012798
db:CNNVDid:CNNVD-201812-007
db:NVDid:CVE-2018-7806

LAST UPDATE DATE
2024-11-23T23:04:56.382000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-45193date:2019-12-13T00:00:00
db:JVNDBid:JVNDB-2018-012798date:2019-02-07T00:00:00
db:CNNVDid:CNNVD-201812-007date:2020-12-11T00:00:00
db:NVDid:CVE-2018-7806date:2024-11-21T04:12:46.137

SOURCES RELEASE DATE
db:IVDid:5bc724de-1a0c-4e2d-8ff2-de31e2b073c8date:2019-12-13T00:00:00
db:CNVDid:CNVD-2019-45193date:2019-12-13T00:00:00
db:JVNDBid:JVNDB-2018-012798date:2019-02-07T00:00:00
db:CNNVDid:CNNVD-201812-007date:2018-12-03T00:00:00
db:NVDid:CVE-2018-7806date:2018-11-30T19:29:00.360