Sign-up

ID

VAR-201812-0846


CVE

CVE-2018-7801


TITLE

EVLink Parking Code injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013118

DESCRIPTION

A Code Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could enable access with maximum privileges when a remote code execution is performed. EVLink Parking Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Schneider Electric EVLink Parking is prone to multiple security vulnerabilities. An attacker can leverage these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, inject code, execute arbitrary code, or gain access to the affected system. EVLink Parking Versions 3.2.0-12_v1 and prior are vulnerable

Trust: 2.07

sources: NVD: CVE-2018-7801 // JVNDB: JVNDB-2018-013118 // BID: 106807 // VULHUB: VHN-137833 // VULMON: CVE-2018-7801

AFFECTED PRODUCTS

vendor:schneider electricmodel:evlink parkingscope:lteversion:3.2.0-12

Trust: 1.0

vendor:schneider electricmodel:evlink parkingscope:lteversion:3.2.0-12_v1

Trust: 0.8

vendor:schneider electricmodel:evlink parkingscope:eqversion:3.2.0-12

Trust: 0.6

vendor:schneider electricmodel:evlink parking 3.2.0-12 v1scope: - version: -

Trust: 0.3

sources: BID: 106807 // JVNDB: JVNDB-2018-013118 // CNNVD: CNNVD-201812-1092 // NVD: CVE-2018-7801

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7801
value: HIGH

Trust: 1.0

NVD: CVE-2018-7801
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201812-1092
value: HIGH

Trust: 0.6

VULHUB: VHN-137833
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-7801
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-7801
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: CVE-2018-7801
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-137833
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7801
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-7801
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-137833 // VULMON: CVE-2018-7801 // JVNDB: JVNDB-2018-013118 // CNNVD: CNNVD-201812-1092 // NVD: CVE-2018-7801

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.9

sources: VULHUB: VHN-137833 // JVNDB: JVNDB-2018-013118 // NVD: CVE-2018-7801

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-1092

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201812-1092

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013118

PATCH
title:SEVD-2018-354-01url:https://download.schneider-electric.com/files?p_enDocType=Software+-+Release+Notes&p_File_Name=SEVD-2018-354-01_Security+Notification.pdf&p_Doc_Ref=SEVD-2018-354-01
Trust: 0.8
title:Schneider Electric EVLink Parking Fixes for code injection vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=88165
Trust: 0.6
title:Threatposturl:https://threatpost.com/critical-bug-patched-in-schneider-electric-vehicle-charging-station/140370/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-7801 // 
            
            
            
            JVNDB: JVNDB-2018-013118 // 
            
            
            
            CNNVD: CNNVD-201812-1092

EXTERNAL IDS
db:NVDid:CVE-2018-7801
Trust: 2.9
db:ICS CERTid:ICSA-19-031-01
Trust: 2.9
db:SCHNEIDERid:SEVD-2018-354-01
Trust: 2.1
db:BIDid:106807
Trust: 2.1
db:JVNDBid:JVNDB-2018-013118
Trust: 0.8
db:CNNVDid:CNNVD-201812-1092
Trust: 0.7
db:VULHUBid:VHN-137833
Trust: 0.1
db:VULMONid:CVE-2018-7801
Trust: 0.1
sources:
            
            
            VULHUB: VHN-137833 // 
            
            
            
            VULMON: CVE-2018-7801 // 
            
            
            
            BID: 106807 // 
            
            
            
            JVNDB: JVNDB-2018-013118 // 
            
            
            
            CNNVD: CNNVD-201812-1092 // 
            
            
            
            NVD: CVE-2018-7801

REFERENCES
url:http://www.securityfocus.com/bid/106807
Trust: 3.1
url:https://ics-cert.us-cert.gov/advisories/icsa-19-031-01
Trust: 3.0
url:https://www.schneider-electric.com/en/download/document/sevd-2018-354-01/
Trust: 2.1
url:http://seclists.org/fulldisclosure/2021/jul/32
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7801
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7801
Trust: 0.8
url:https://www.schneider-electric.co.in
Trust: 0.3
url:https://download.schneider-electric.com/files?p_endoctype=software+-+release+notes&p_file_name=sevd-2018-354-01_security+notification.pdf&p_doc_ref=sevd-2018-354-01
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/94.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/critical-bug-patched-in-schneider-electric-vehicle-charging-station/140370/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-137833 // 
            
            
            
            VULMON: CVE-2018-7801 // 
            
            
            
            BID: 106807 // 
            
            
            
            JVNDB: JVNDB-2018-013118 // 
            
            
            
            CNNVD: CNNVD-201812-1092 // 
            
            
            
            NVD: CVE-2018-7801

CREDITS
Vladimir Kononovich and Vyacheslav Moskvin of Positive Technologies
Trust: 0.9
sources:
            
            
            BID: 106807 // 
            
            
            
            CNNVD: CNNVD-201812-1092

SOURCES
db:VULHUBid:VHN-137833
db:VULMONid:CVE-2018-7801
db:BIDid:106807
db:JVNDBid:JVNDB-2018-013118
db:CNNVDid:CNNVD-201812-1092
db:NVDid:CVE-2018-7801

LAST UPDATE DATE
2024-11-23T21:50:54.429000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-137833date:2023-02-01T00:00:00
db:VULMONid:CVE-2018-7801date:2021-07-14T00:00:00
db:BIDid:106807date:2019-01-31T00:00:00
db:JVNDBid:JVNDB-2018-013118date:2019-02-14T00:00:00
db:CNNVDid:CNNVD-201812-1092date:2023-02-02T00:00:00
db:NVDid:CVE-2018-7801date:2024-11-21T04:12:45.690

SOURCES RELEASE DATE
db:VULHUBid:VHN-137833date:2018-12-24T00:00:00
db:VULMONid:CVE-2018-7801date:2018-12-24T00:00:00
db:BIDid:106807date:2019-01-31T00:00:00
db:JVNDBid:JVNDB-2018-013118date:2019-02-14T00:00:00
db:CNNVDid:CNNVD-201812-1092date:2018-12-25T00:00:00
db:NVDid:CVE-2018-7801date:2018-12-24T16:29:00.780