Details of VAR-201812-0308

ID

VAR-201812-0308

CVE

CVE-2018-1000627

TITLE

Battelle V2I Hub Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2018-013428

DESCRIPTION

Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system. Battelle V2I Hub Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.62

sources: NVD: CVE-2018-1000627 // JVNDB: JVNDB-2018-013428

IOT TAXONOMY

category:

['network device']

sub_category:

hub

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:

battelle

model:

v2i hub

scope:

version:

2.5.1

Trust: 2.4

sources: JVNDB: JVNDB-2018-013428 // CNNVD: CNNVD-201812-1179 // NVD: CVE-2018-1000627

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-1000627
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-1000627
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201812-1179
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2018-1000627
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2018-1000627
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: JVNDB: JVNDB-2018-013428 // CNNVD: CNNVD-201812-1179 // NVD: CVE-2018-1000627

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.0
problemtype:	CWE-255	Trust: 0.8

sources: JVNDB: JVNDB-2018-013428 // NVD: CVE-2018-1000627

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-1179

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201812-1179

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013428

PATCH

title:

Top Page

url:

https://www.battelle.org/homepage

Trust: 0.8

sources: JVNDB: JVNDB-2018-013428

EXTERNAL IDS

db:	NVD	id:	CVE-2018-1000627	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-013428	Trust: 0.8
db:	CNNVD	id:	CNNVD-201812-1179	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2018-013428 // CNNVD: CNNVD-201812-1179 // NVD: CVE-2018-1000627

REFERENCES

url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/147304	Trust: 2.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1000627	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1000627	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2018-013428 // CNNVD: CNNVD-201812-1179 // NVD: CVE-2018-1000627

SOURCES

db:	OTHER	id:	-
db:	JVNDB	id:	JVNDB-2018-013428
db:	CNNVD	id:	CNNVD-201812-1179
db:	NVD	id:	CVE-2018-1000627

LAST UPDATE DATE

2025-01-30T20:21:49.846000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2018-013428	date:	2019-02-20T00:00:00
db:	CNNVD	id:	CNNVD-201812-1179	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-1000627	date:	2024-11-21T03:40:16.043

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2018-013428	date:	2019-02-20T00:00:00
db:	CNNVD	id:	CNNVD-201812-1179	date:	2018-12-29T00:00:00
db:	NVD	id:	CVE-2018-1000627	date:	2018-12-28T16:29:01.440