Details of VAR-201812-0854

ID

VAR-201812-0854

CVE

CVE-2018-7837

TITLE

IIoT Monitor In XML External entity vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2018-014136

DESCRIPTION

An Improper Restriction of XML External Entity Reference ('XXE') vulnerability exists on numerous methods of the IIoT Monitor 3.1.38 software that could allow the software to resolve documents outside of the intended sphere of control, causing the software to embed incorrect documents into its output and expose restricted information. IIoT Monitor Is XML An external entity vulnerability exists.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Schneider Electric IIoT Monitor. Authentication is not required to exploit this vulnerability.The specific flaw exists in the Login method of the AccountMgmt servlet. Due to the improper restriction of XML External Entity (XXE) references, a specially crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this in conjunction with other vulnerabilities to bypass authentication on the system. Schneider Electric IIoT Monitor is an industrial IoT monitor from Schneider Electric of France. An attacker could use this vulnerability to obtain restricted information. A directory-traversal vulnerability 2. An arbitrary file-upload vulnerability 3. An XML External Entity injection vulnerability An attacker can exploit these issues to gain access to arbitrary files, upload and execute arbitrary files to the affected computer and gain access to sensitive information

Trust: 6.75

sources: NVD: CVE-2018-7837 // JVNDB: JVNDB-2018-014136 // ZDI: ZDI-19-026 // ZDI: ZDI-19-025 // ZDI: ZDI-19-028 // ZDI: ZDI-19-024 // ZDI: ZDI-19-023 // ZDI: ZDI-19-027 // CNVD: CNVD-2019-03465 // CNNVD: CNNVD-201812-1097 // BID: 106484

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-03465

AFFECTED PRODUCTS

vendor:	schneider electric	model:	iiot monitor	scope:	-	version:	-	Trust: 4.2
vendor:	schneider electric	model:	iiot monitor	scope:	eq	version:	3.1.38	Trust: 1.1
vendor:	schneider electric	model:	iiot monior	scope:	eq	version:	3.1.38	Trust: 1.0
vendor:	schneider	model:	electric iiot monitor	scope:	eq	version:	3.1.38	Trust: 0.6
vendor:	schneider electric	model:	iiot monitor	scope:	eq	version:	0	Trust: 0.3

sources: ZDI: ZDI-19-026 // ZDI: ZDI-19-025 // ZDI: ZDI-19-028 // ZDI: ZDI-19-024 // ZDI: ZDI-19-023 // ZDI: ZDI-19-027 // CNVD: CNVD-2019-03465 // BID: 106484 // JVNDB: JVNDB-2018-014136 // NVD: CVE-2018-7837

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2018-7837
value:	HIGH
Trust: 4.2
nvd@nist.gov:	CVE-2018-7837
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-7837
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-03465
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201812-1097
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2018-7837
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-03465
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

ZDI:	CVE-2018-7837
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 4.2
nvd@nist.gov:	CVE-2018-7837
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: ZDI: ZDI-19-026 // ZDI: ZDI-19-025 // ZDI: ZDI-19-028 // ZDI: ZDI-19-024 // ZDI: ZDI-19-023 // ZDI: ZDI-19-027 // CNVD: CNVD-2019-03465 // JVNDB: JVNDB-2018-014136 // CNNVD: CNNVD-201812-1097 // NVD: CVE-2018-7837

PROBLEMTYPE DATA

problemtype:

CWE-611

Trust: 1.8

sources: JVNDB: JVNDB-2018-014136 // NVD: CVE-2018-7837

THREAT TYPE

network

Trust: 0.3

sources: BID: 106484

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201812-1097

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014136

PATCH

title:	Schneider Electric has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-19-008-02	Trust: 4.2
title:	SEVD-2018-354-03	url:	https://www.schneider-electric.com/en/download/document/SEVD-2018-354-03/	Trust: 0.8
title:	Patch for IIoTMonitorXML External Entity Injection Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/152475	Trust: 0.6
title:	Schneider Electric IIoT Monitor Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88170	Trust: 0.6

sources: ZDI: ZDI-19-026 // ZDI: ZDI-19-025 // ZDI: ZDI-19-028 // ZDI: ZDI-19-024 // ZDI: ZDI-19-023 // ZDI: ZDI-19-027 // CNVD: CNVD-2019-03465 // JVNDB: JVNDB-2018-014136 // CNNVD: CNNVD-201812-1097

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7837	Trust: 7.5
db:	BID	id:	106484	Trust: 1.9
db:	SCHNEIDER	id:	SEVD-2018-354-03	Trust: 1.6
db:	ICS CERT	id:	ICSA-19-008-02	Trust: 1.1
db:	JVNDB	id:	JVNDB-2018-014136	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-7126	Trust: 0.7
db:	ZDI	id:	ZDI-19-026	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7125	Trust: 0.7
db:	ZDI	id:	ZDI-19-025	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7133	Trust: 0.7
db:	ZDI	id:	ZDI-19-028	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7124	Trust: 0.7
db:	ZDI	id:	ZDI-19-024	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7123	Trust: 0.7
db:	ZDI	id:	ZDI-19-023	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-7127	Trust: 0.7
db:	ZDI	id:	ZDI-19-027	Trust: 0.7
db:	CNVD	id:	CNVD-2019-03465	Trust: 0.6
db:	CNNVD	id:	CNNVD-201812-1097	Trust: 0.6

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-19-008-02	Trust: 5.3
url:	https://www.schneider-electric.com/en/download/document/sevd-2018-354-03/	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7837	Trust: 1.4
url:	http://www.securityfocus.com/bid/106484	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7837	Trust: 0.8
url:	www.controlmicrosystems.com	Trust: 0.3

CREDITS

rgod of 9sg Security Team - rgod@9sgsec.com

Trust: 4.2

sources: ZDI: ZDI-19-026 // ZDI: ZDI-19-025 // ZDI: ZDI-19-028 // ZDI: ZDI-19-024 // ZDI: ZDI-19-023 // ZDI: ZDI-19-027

SOURCES

db:	ZDI	id:	ZDI-19-026
db:	ZDI	id:	ZDI-19-025
db:	ZDI	id:	ZDI-19-028
db:	ZDI	id:	ZDI-19-024
db:	ZDI	id:	ZDI-19-023
db:	ZDI	id:	ZDI-19-027
db:	CNVD	id:	CNVD-2019-03465
db:	BID	id:	106484
db:	JVNDB	id:	JVNDB-2018-014136
db:	CNNVD	id:	CNNVD-201812-1097
db:	NVD	id:	CVE-2018-7837

LAST UPDATE DATE

2024-11-23T22:17:10.579000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-19-026	date:	2019-01-14T00:00:00
db:	ZDI	id:	ZDI-19-025	date:	2019-01-14T00:00:00
db:	ZDI	id:	ZDI-19-028	date:	2019-01-14T00:00:00
db:	ZDI	id:	ZDI-19-024	date:	2019-01-14T00:00:00
db:	ZDI	id:	ZDI-19-023	date:	2019-01-14T00:00:00
db:	ZDI	id:	ZDI-19-027	date:	2019-01-14T00:00:00
db:	CNVD	id:	CNVD-2019-03465	date:	2019-01-31T00:00:00
db:	BID	id:	106484	date:	2019-01-08T00:00:00
db:	JVNDB	id:	JVNDB-2018-014136	date:	2019-03-25T00:00:00
db:	CNNVD	id:	CNNVD-201812-1097	date:	2019-02-11T00:00:00
db:	NVD	id:	CVE-2018-7837	date:	2024-11-21T04:12:51.130

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-19-026	date:	2019-01-14T00:00:00
db:	ZDI	id:	ZDI-19-025	date:	2019-01-14T00:00:00
db:	ZDI	id:	ZDI-19-028	date:	2019-01-14T00:00:00
db:	ZDI	id:	ZDI-19-024	date:	2019-01-14T00:00:00
db:	ZDI	id:	ZDI-19-023	date:	2019-01-14T00:00:00
db:	ZDI	id:	ZDI-19-027	date:	2019-01-14T00:00:00
db:	CNVD	id:	CNVD-2019-03465	date:	2019-01-31T00:00:00
db:	BID	id:	106484	date:	2019-01-08T00:00:00
db:	JVNDB	id:	JVNDB-2018-014136	date:	2019-03-13T00:00:00
db:	CNNVD	id:	CNNVD-201812-1097	date:	2018-12-25T00:00:00
db:	NVD	id:	CVE-2018-7837	date:	2018-12-24T16:29:00.983