Sign-up

ID

VAR-201812-0847


CVE

CVE-2018-7802


TITLE

EVLink Parking In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013119

DESCRIPTION

A SQL Injection vulnerability exists in EVLink Parking, v3.2.0-12_v1 and earlier, which could give access to the web interface with full privileges. Schneider Electric EVLink Parking is prone to multiple security vulnerabilities. An attacker can leverage these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, inject code, execute arbitrary code, or gain access to the affected system. EVLink Parking Versions 3.2.0-12_v1 and prior are vulnerable

Trust: 2.07

sources: NVD: CVE-2018-7802 // JVNDB: JVNDB-2018-013119 // BID: 106807 // VULHUB: VHN-137834 // VULMON: CVE-2018-7802

AFFECTED PRODUCTS

vendor:schneider electricmodel:evlink parkingscope:lteversion:3.2.0-12

Trust: 1.0

vendor:schneider electricmodel:evlink parkingscope:lteversion:3.2.0-12_v1

Trust: 0.8

vendor:schneider electricmodel:evlink parkingscope:eqversion:3.2.0-12

Trust: 0.6

vendor:schneider electricmodel:evlink parking 3.2.0-12 v1scope: - version: -

Trust: 0.3

sources: BID: 106807 // JVNDB: JVNDB-2018-013119 // CNNVD: CNNVD-201812-1093 // NVD: CVE-2018-7802

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7802
value: HIGH

Trust: 1.0

NVD: CVE-2018-7802
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201812-1093
value: HIGH

Trust: 0.6

VULHUB: VHN-137834
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-7802
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-7802
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-137834
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7802
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-137834 // VULMON: CVE-2018-7802 // JVNDB: JVNDB-2018-013119 // CNNVD: CNNVD-201812-1093 // NVD: CVE-2018-7802

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-137834 // JVNDB: JVNDB-2018-013119 // NVD: CVE-2018-7802

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-1093

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201812-1093

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013119

PATCH
title:SEVD-2018-354-01url:https://download.schneider-electric.com/files?p_enDocType=Software+-+Release+Notes&p_File_Name=SEVD-2018-354-01_Security+Notification.pdf&p_Doc_Ref=SEVD-2018-354-01
Trust: 0.8
title:Schneider Electric EVLink Parking SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88166
Trust: 0.6
title:Threatposturl:https://threatpost.com/critical-bug-patched-in-schneider-electric-vehicle-charging-station/140370/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-7802 // 
            
            
            
            JVNDB: JVNDB-2018-013119 // 
            
            
            
            CNNVD: CNNVD-201812-1093

EXTERNAL IDS
db:NVDid:CVE-2018-7802
Trust: 2.9
db:ICS CERTid:ICSA-19-031-01
Trust: 2.9
db:SCHNEIDERid:SEVD-2018-354-01
Trust: 2.1
db:BIDid:106807
Trust: 2.1
db:JVNDBid:JVNDB-2018-013119
Trust: 0.8
db:CNNVDid:CNNVD-201812-1093
Trust: 0.7
db:VULHUBid:VHN-137834
Trust: 0.1
db:VULMONid:CVE-2018-7802
Trust: 0.1
sources:
            
            
            VULHUB: VHN-137834 // 
            
            
            
            VULMON: CVE-2018-7802 // 
            
            
            
            BID: 106807 // 
            
            
            
            JVNDB: JVNDB-2018-013119 // 
            
            
            
            CNNVD: CNNVD-201812-1093 // 
            
            
            
            NVD: CVE-2018-7802

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-19-031-01
Trust: 3.0
url:http://www.securityfocus.com/bid/106807
Trust: 2.5
url:https://www.schneider-electric.com/en/download/document/sevd-2018-354-01/
Trust: 2.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7802
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7802
Trust: 0.8
url:https://www.schneider-electric.co.in
Trust: 0.3
url:https://download.schneider-electric.com/files?p_endoctype=software+-+release+notes&p_file_name=sevd-2018-354-01_security+notification.pdf&p_doc_ref=sevd-2018-354-01
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/89.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/critical-bug-patched-in-schneider-electric-vehicle-charging-station/140370/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-137834 // 
            
            
            
            VULMON: CVE-2018-7802 // 
            
            
            
            BID: 106807 // 
            
            
            
            JVNDB: JVNDB-2018-013119 // 
            
            
            
            CNNVD: CNNVD-201812-1093 // 
            
            
            
            NVD: CVE-2018-7802

CREDITS
Vladimir Kononovich and Vyacheslav Moskvin of Positive Technologies
Trust: 0.9
sources:
            
            
            BID: 106807 // 
            
            
            
            CNNVD: CNNVD-201812-1093

SOURCES
db:VULHUBid:VHN-137834
db:VULMONid:CVE-2018-7802
db:BIDid:106807
db:JVNDBid:JVNDB-2018-013119
db:CNNVDid:CNNVD-201812-1093
db:NVDid:CVE-2018-7802

LAST UPDATE DATE
2024-11-23T21:50:54.394000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-137834date:2019-02-28T00:00:00
db:VULMONid:CVE-2018-7802date:2019-02-28T00:00:00
db:BIDid:106807date:2019-01-31T00:00:00
db:JVNDBid:JVNDB-2018-013119date:2019-02-14T00:00:00
db:CNNVDid:CNNVD-201812-1093date:2019-02-26T00:00:00
db:NVDid:CVE-2018-7802date:2024-11-21T04:12:45.807

SOURCES RELEASE DATE
db:VULHUBid:VHN-137834date:2018-12-24T00:00:00
db:VULMONid:CVE-2018-7802date:2018-12-24T00:00:00
db:BIDid:106807date:2019-01-31T00:00:00
db:JVNDBid:JVNDB-2018-013119date:2019-02-14T00:00:00
db:CNNVDid:CNNVD-201812-1093date:2018-12-25T00:00:00
db:NVDid:CVE-2018-7802date:2018-12-24T16:29:00.827