Sign-up

ID

VAR-201811-0828


CVE

CVE-2018-6012


TITLE

Green Electronics RainMachine Mini-8 Code injection vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-014635 // CNNVD: CNNVD-201811-013

DESCRIPTION

The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 (2nd generation) allows an attacker to inject arbitrary Python code via the 'Add new weather data source' upload function. Green Electronics RainMachine Mini-8 Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler from Green Electronics, USA

Trust: 2.16

sources: NVD: CVE-2018-6012 // JVNDB: JVNDB-2018-014635 // CNVD: CNVD-2019-28250

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-28250

AFFECTED PRODUCTS

vendor:rainmachinemodel:mini-8scope:gteversion:4.0.539

Trust: 1.0

vendor:rainmachinemodel:mini-8scope:lteversion:4.0.975

Trust: 1.0

vendor:greenmodel:mini 8scope: - version: -

Trust: 0.8

vendor:greenmodel:electronics rainmachine mini-8 noscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-28250 // JVNDB: JVNDB-2018-014635 // NVD: CVE-2018-6012

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-6012
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-6012
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-28250
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201811-013
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2018-6012
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-28250
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-6012
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-28250 // JVNDB: JVNDB-2018-014635 // CNNVD: CNNVD-201811-013 // NVD: CVE-2018-6012

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.8

sources: JVNDB: JVNDB-2018-014635 // NVD: CVE-2018-6012

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-013

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201811-013

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014635

PATCH
title:Top Pageurl:https://www.rainmachine.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-014635

EXTERNAL IDS
db:NVDid:CVE-2018-6012
Trust: 3.0
db:JVNDBid:JVNDB-2018-014635
Trust: 0.8
db:CNVDid:CNVD-2019-28250
Trust: 0.6
db:CNNVDid:CNNVD-201811-013
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-28250 // 
            
            
            
            JVNDB: JVNDB-2018-014635 // 
            
            
            
            CNNVD: CNNVD-201811-013 // 
            
            
            
            NVD: CVE-2018-6012

REFERENCES
url:http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu-2018-07-when-it-rains-it-pours-sam-granger
Trust: 2.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6012
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-6012
Trust: 0.8
url:http://www.irongeek.com/i.php?page=videos/bsidesrdu2018/bsidesrdu
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-28250 // 
            
            
            
            JVNDB: JVNDB-2018-014635 // 
            
            
            
            CNNVD: CNNVD-201811-013 // 
            
            
            
            NVD: CVE-2018-6012

SOURCES
db:CNVDid:CNVD-2019-28250
db:JVNDBid:JVNDB-2018-014635
db:CNNVDid:CNNVD-201811-013
db:NVDid:CVE-2018-6012

LAST UPDATE DATE
2024-11-23T22:34:04.989000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-28250date:2019-08-22T00:00:00
db:JVNDBid:JVNDB-2018-014635date:2019-04-01T00:00:00
db:CNNVDid:CNNVD-201811-013date:2019-09-23T00:00:00
db:NVDid:CVE-2018-6012date:2024-11-21T04:09:53.283

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-28250date:2019-08-21T00:00:00
db:JVNDBid:JVNDB-2018-014635date:2019-04-01T00:00:00
db:CNNVDid:CNNVD-201811-013date:2018-11-02T00:00:00
db:NVDid:CVE-2018-6012date:2018-11-01T17:29:00.937