Sign-up

ID

VAR-201901-0481


CVE

CVE-2018-17926


TITLE

M2M ETHERNET Product Authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-014578

DESCRIPTION

The product M2M ETHERNET (FW Versions 2.22 and prior, ETH-FW Versions 1.01 and prior) is vulnerable in that an attacker can upload a malicious language file by bypassing the user authentication mechanism. M2M ETHERNET Product (FW and ETH-FW) Contains an authentication vulnerability.Information may be tampered with. ABB M2M ETHERNET is a network analysis device of Swiss ABB company. ABB M2M ETHERNET FW 2.22 and earlier versions and ETH-FW 1.01 and earlier versions have authorization issue vulnerabilities. Attackers can use this vulnerability to upload malicious language files. An attacker can exploit this issue to bypass the authentication mechanism. Successful exploits may aid in launching further attacks

Trust: 2.52

sources: NVD: CVE-2018-17926 // JVNDB: JVNDB-2018-014578 // CNVD: CNVD-2020-28495 // BID: 106243 // VULHUB: VHN-128434

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-28495

AFFECTED PRODUCTS

vendor:abbmodel:eth-fwscope:lteversion:1.01

Trust: 1.0

vendor:abbmodel:fwscope:lteversion:2.22

Trust: 1.0

vendor:abbmodel:eth-fwscope:lteversion:2.22

Trust: 0.8

vendor:abbmodel:fwscope:lteversion:1.01

Trust: 0.8

vendor:abbmodel:m2m ethernetscope:lteversion:<=1.01

Trust: 0.6

vendor:abbmodel:m2m ethernetscope:lteversion:<=2.22

Trust: 0.6

vendor:abbmodel:m2m ethernetscope:eqversion:2.22

Trust: 0.3

vendor:abbmodel:m2m ethernetscope:eqversion:1.01

Trust: 0.3

sources: CNVD: CNVD-2020-28495 // BID: 106243 // JVNDB: JVNDB-2018-014578 // NVD: CVE-2018-17926

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-17926
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-17926
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-28495
value: LOW

Trust: 0.6

CNNVD: CNNVD-201812-784
value: MEDIUM

Trust: 0.6

VULHUB: VHN-128434
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-17926
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-28495
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-128434
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-17926
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2020-28495 // VULHUB: VHN-128434 // JVNDB: JVNDB-2018-014578 // CNNVD: CNNVD-201812-784 // NVD: CVE-2018-17926

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-128434 // JVNDB: JVNDB-2018-014578 // NVD: CVE-2018-17926

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201812-784

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201812-784

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014578

PATCH
title:Top Pageurl:http://new.abb.com/
Trust: 0.8
title:Patch for ABB M2M ETHERNET Improper Authentication Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/217739
Trust: 0.6
title:ABB M2M ETHERNET Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87982
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-28495 // 
            
            
            
            JVNDB: JVNDB-2018-014578 // 
            
            
            
            CNNVD: CNNVD-201812-784

EXTERNAL IDS
db:ICS CERTid:ICSA-18-352-07
Trust: 3.4
db:NVDid:CVE-2018-17926
Trust: 3.4
db:BIDid:106243
Trust: 2.0
db:JVNDBid:JVNDB-2018-014578
Trust: 0.8
db:CNVDid:CNVD-2020-28495
Trust: 0.7
db:CNNVDid:CNNVD-201812-784
Trust: 0.7
db:SEEBUGid:SSVID-98835
Trust: 0.1
db:VULHUBid:VHN-128434
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-28495 // 
            
            
            
            VULHUB: VHN-128434 // 
            
            
            
            BID: 106243 // 
            
            
            
            JVNDB: JVNDB-2018-014578 // 
            
            
            
            CNNVD: CNNVD-201812-784 // 
            
            
            
            NVD: CVE-2018-17926

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-352-07
Trust: 3.4
url:http://www.securityfocus.com/bid/106243
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2018-17926
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17926
Trust: 0.8
url:http://www.abb.com/
Trust: 0.3
url:https://new.abb.com/products/2csg299903r4052/m2m-ethernet-network-analyser
Trust: 0.3
url:http://search.abb.com/library/download.aspx?documentid=abbvu-epbp-r-5672&languagecode=en&documentpartid=2csg299903r4052&action=launch
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2020-28495 // 
            
            
            
            VULHUB: VHN-128434 // 
            
            
            
            BID: 106243 // 
            
            
            
            JVNDB: JVNDB-2018-014578 // 
            
            
            
            CNNVD: CNNVD-201812-784 // 
            
            
            
            NVD: CVE-2018-17926

CREDITS
Maxim Rupp (RuppIT)
Trust: 0.3
sources:
            
            
            BID: 106243

SOURCES
db:CNVDid:CNVD-2020-28495
db:VULHUBid:VHN-128434
db:BIDid:106243
db:JVNDBid:JVNDB-2018-014578
db:CNNVDid:CNNVD-201812-784
db:NVDid:CVE-2018-17926

LAST UPDATE DATE
2024-11-23T21:52:36.078000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-28495date:2020-05-17T00:00:00
db:VULHUBid:VHN-128434date:2019-10-09T00:00:00
db:BIDid:106243date:2018-12-18T00:00:00
db:JVNDBid:JVNDB-2018-014578date:2019-03-28T00:00:00
db:CNNVDid:CNNVD-201812-784date:2019-10-17T00:00:00
db:NVDid:CVE-2018-17926date:2024-11-21T03:55:13.393

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-28495date:2020-05-17T00:00:00
db:VULHUBid:VHN-128434date:2019-01-31T00:00:00
db:BIDid:106243date:2018-12-18T00:00:00
db:JVNDBid:JVNDB-2018-014578date:2019-03-28T00:00:00
db:CNNVDid:CNNVD-201812-784date:2018-12-19T00:00:00
db:NVDid:CVE-2018-17926date:2019-01-31T17:29:00.677