Details of VAR-201812-0845

ID

VAR-201812-0845

CVE

CVE-2018-7800

TITLE

EVLink Parking Vulnerable to use of hard-coded credentials

Trust: 0.8

sources: JVNDB: JVNDB-2018-013117

DESCRIPTION

A Hard-coded Credentials vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable an attacker to gain access to the device. EVLink Parking Contains a vulnerability involving the use of hard-coded credentials.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. SchneiderElectricEVLinkParking is a commercial electric vehicle charging solution from Schneider Electric, France. Schneider Electric EVLink Parking is prone to multiple security vulnerabilities. An attacker can leverage these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, inject code, execute arbitrary code, or gain access to the affected system. EVLink Parking Versions 3.2.0-12_v1 and prior are vulnerable

Trust: 2.61

sources: NVD: CVE-2018-7800 // JVNDB: JVNDB-2018-013117 // CNVD: CNVD-2019-03467 // BID: 106807 // VULHUB: VHN-137832 // VULMON: CVE-2018-7800

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-03467

AFFECTED PRODUCTS

vendor:	schneider electric	model:	evlink parking	scope:	lte	version:	3.2.0-12	Trust: 1.0
vendor:	schneider electric	model:	evlink parking	scope:	lte	version:	3.2.0-12_v1	Trust: 0.8
vendor:	schneider	model:	electric evlink parking <=3.2.0-12 v1	scope:	-	version:	-	Trust: 0.6
vendor:	schneider electric	model:	evlink parking	scope:	eq	version:	3.2.0-12	Trust: 0.6
vendor:	schneider electric	model:	evlink parking 3.2.0-12 v1	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2019-03467 // BID: 106807 // JVNDB: JVNDB-2018-013117 // CNNVD: CNNVD-201812-1091 // NVD: CVE-2018-7800

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7800
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-7800
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2019-03467
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201812-1091
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-137832
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-7800
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-7800
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-03467
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-137832
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-7800
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-03467 // VULHUB: VHN-137832 // VULMON: CVE-2018-7800 // JVNDB: JVNDB-2018-013117 // CNNVD: CNNVD-201812-1091 // NVD: CVE-2018-7800

PROBLEMTYPE DATA

problemtype:

CWE-798

Trust: 1.9

sources: VULHUB: VHN-137832 // JVNDB: JVNDB-2018-013117 // NVD: CVE-2018-7800

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-1091

TYPE

Design Error

Trust: 0.9

sources: BID: 106807 // CNNVD: CNNVD-201812-1091

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013117

PATCH

title:	SEVD-2018-354-01	url:	https://download.schneider-electric.com/files?p_enDocType=Software+-+Release+Notes&p_File_Name=SEVD-2018-354-01_Security+Notification.pdf&p_Doc_Ref=SEVD-2018-354-01	Trust: 0.8
title:	EVLinkParking privilege patch	url:	https://www.cnvd.org.cn/patchInfo/show/152483	Trust: 0.6
title:	Schneider Electric EVLink Parking Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88164	Trust: 0.6
title:	Threatpost	url:	https://threatpost.com/critical-bug-patched-in-schneider-electric-vehicle-charging-station/140370/	Trust: 0.1

sources: CNVD: CNVD-2019-03467 // VULMON: CVE-2018-7800 // JVNDB: JVNDB-2018-013117 // CNNVD: CNNVD-201812-1091

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7800	Trust: 3.5
db:	ICS CERT	id:	ICSA-19-031-01	Trust: 2.9
db:	SCHNEIDER	id:	SEVD-2018-354-01	Trust: 2.1
db:	BID	id:	106807	Trust: 2.1
db:	JVNDB	id:	JVNDB-2018-013117	Trust: 0.8
db:	CNNVD	id:	CNNVD-201812-1091	Trust: 0.7
db:	CNVD	id:	CNVD-2019-03467	Trust: 0.6
db:	VULHUB	id:	VHN-137832	Trust: 0.1
db:	VULMON	id:	CVE-2018-7800	Trust: 0.1

sources: CNVD: CNVD-2019-03467 // VULHUB: VHN-137832 // VULMON: CVE-2018-7800 // BID: 106807 // JVNDB: JVNDB-2018-013117 // CNNVD: CNNVD-201812-1091 // NVD: CVE-2018-7800

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-19-031-01	Trust: 3.0
url:	http://www.securityfocus.com/bid/106807	Trust: 2.5
url:	https://www.schneider-electric.com/en/download/document/sevd-2018-354-01/	Trust: 2.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7800	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7800	Trust: 0.8
url:	https://www.schneider-electric.co.in	Trust: 0.3
url:	https://download.schneider-electric.com/files?p_endoctype=software+-+release+notes&p_file_name=sevd-2018-354-01_security+notification.pdf&p_doc_ref=sevd-2018-354-01	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/798.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/critical-bug-patched-in-schneider-electric-vehicle-charging-station/140370/	Trust: 0.1

sources: CNVD: CNVD-2019-03467 // VULHUB: VHN-137832 // VULMON: CVE-2018-7800 // BID: 106807 // JVNDB: JVNDB-2018-013117 // CNNVD: CNNVD-201812-1091 // NVD: CVE-2018-7800

CREDITS

Vladimir Kononovich and Vyacheslav Moskvin of Positive Technologies

Trust: 0.9

sources: BID: 106807 // CNNVD: CNNVD-201812-1091

SOURCES

db:	CNVD	id:	CNVD-2019-03467
db:	VULHUB	id:	VHN-137832
db:	VULMON	id:	CVE-2018-7800
db:	BID	id:	106807
db:	JVNDB	id:	JVNDB-2018-013117
db:	CNNVD	id:	CNNVD-201812-1091
db:	NVD	id:	CVE-2018-7800

LAST UPDATE DATE

2024-11-23T21:50:54.467000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-03467	date:	2019-01-31T00:00:00
db:	VULHUB	id:	VHN-137832	date:	2019-02-28T00:00:00
db:	VULMON	id:	CVE-2018-7800	date:	2019-02-28T00:00:00
db:	BID	id:	106807	date:	2019-01-31T00:00:00
db:	JVNDB	id:	JVNDB-2018-013117	date:	2019-02-14T00:00:00
db:	CNNVD	id:	CNNVD-201812-1091	date:	2019-02-26T00:00:00
db:	NVD	id:	CVE-2018-7800	date:	2024-11-21T04:12:45.577

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-03467	date:	2019-01-31T00:00:00
db:	VULHUB	id:	VHN-137832	date:	2018-12-24T00:00:00
db:	VULMON	id:	CVE-2018-7800	date:	2018-12-24T00:00:00
db:	BID	id:	106807	date:	2019-01-31T00:00:00
db:	JVNDB	id:	JVNDB-2018-013117	date:	2019-02-14T00:00:00
db:	CNNVD	id:	CNNVD-201812-1091	date:	2018-12-25T00:00:00
db:	NVD	id:	CVE-2018-7800	date:	2018-12-24T16:29:00.717