Details of VAR-201903-1173

ID

VAR-201903-1173

CVE

CVE-2018-19016

TITLE

Rockwell Automation EtherNet/IP Web Server module 1756-EWEB and CompactLogix 1768-EWEB Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-015152

DESCRIPTION

Rockwell Automation EtherNet/IP Web Server Modules 1756-EWEB (includes 1756-EWEBK) Version 5.001 and earlier, and CompactLogix 1768-EWEB Version 2.005 and earlier. A remote attacker could send a crafted UDP packet to the SNMP service causing a denial-of-service condition to occur until the affected product is restarted. An attacker can exploit this issue to cause denial-of-service condition. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

Trust: 1.98

sources: NVD: CVE-2018-19016 // JVNDB: JVNDB-2018-015152 // BID: 106856 // VULHUB: VHN-129633

AFFECTED PRODUCTS

vendor:	rockwellautomation	model:	ethernet\/ip web server module 1756-eweb	scope:	lte	version:	5.001	Trust: 1.0
vendor:	rockwellautomation	model:	ethernet\/ip web server module 1768-eweb	scope:	lte	version:	2.005	Trust: 1.0
vendor:	rockwell automation	model:	ethernet/ip web server module 1756-eweb	scope:	lte	version:	5.001	Trust: 0.8
vendor:	rockwell automation	model:	ethernet/ip web server module 1768-eweb	scope:	lte	version:	2.005	Trust: 0.8
vendor:	rockwall	model:	automation ethernet/ip web server module 1756-eweb	scope:	eq	version:	5.001	Trust: 0.3
vendor:	rockwall	model:	automation ethernet/ip web server module 1756-eweb	scope:	eq	version:	4.016	Trust: 0.3
vendor:	rockwall	model:	automation ethernet/ip web server module 1756-eweb	scope:	eq	version:	4.014	Trust: 0.3
vendor:	rockwall	model:	automation ethernet/ip web server module 1756-eweb	scope:	eq	version:	4.012	Trust: 0.3
vendor:	rockwall	model:	automation ethernet/ip web server module 1756-eweb	scope:	eq	version:	4.011	Trust: 0.3
vendor:	rockwall	model:	automation ethernet/ip web server module 1756-eweb	scope:	eq	version:	4.010	Trust: 0.3
vendor:	rockwall	model:	automation ethernet/ip web server module 1756-eweb	scope:	eq	version:	4.006	Trust: 0.3
vendor:	rockwall	model:	automation ethernet/ip web server module 1756-eweb	scope:	eq	version:	4.003	Trust: 0.3
vendor:	rockwall	model:	automation ethernet/ip web server module 1756-eweb	scope:	eq	version:	3.006	Trust: 0.3
vendor:	rockwall	model:	automation ethernet/ip web server module 1756-eweb	scope:	eq	version:	2.002	Trust: 0.3
vendor:	rockwall	model:	automation ethernet/ip web server module 1756-eweb	scope:	eq	version:	1.002	Trust: 0.3
vendor:	rockwall	model:	automation compactlogix ethernet/ip web server module 1768-eweb	scope:	eq	version:	2.005	Trust: 0.3
vendor:	rockwall	model:	automation compactlogix ethernet/ip web server module 1768-eweb	scope:	eq	version:	2.001	Trust: 0.3
vendor:	rockwall	model:	automation compactlogix ethernet/ip web server module 1768-eweb	scope:	eq	version:	1.002	Trust: 0.3

sources: BID: 106856 // JVNDB: JVNDB-2018-015152 // NVD: CVE-2018-19016

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-19016
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-19016
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201902-270
value:	HIGH
Trust: 0.6
VULHUB:	VHN-129633
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-19016
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-129633
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-19016
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-129633 // JVNDB: JVNDB-2018-015152 // CNNVD: CNNVD-201902-270 // NVD: CVE-2018-19016

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-129633 // JVNDB: JVNDB-2018-015152 // NVD: CVE-2018-19016

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201902-270

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201902-270

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015152

PATCH

title:

Top Page

url:

https://www.rockwellautomation.com/global/overview.page

Trust: 0.8

sources: JVNDB: JVNDB-2018-015152

EXTERNAL IDS

db:	ICS CERT	id:	ICSA-19-036-02	Trust: 2.8
db:	NVD	id:	CVE-2018-19016	Trust: 2.8
db:	BID	id:	106856	Trust: 1.0
db:	JVNDB	id:	JVNDB-2018-015152	Trust: 0.8
db:	CNNVD	id:	CNNVD-201902-270	Trust: 0.7
db:	TENABLE	id:	TRA-2019-06	Trust: 0.3
db:	SEEBUG	id:	SSVID-98800	Trust: 0.1
db:	VULHUB	id:	VHN-129633	Trust: 0.1

sources: VULHUB: VHN-129633 // BID: 106856 // JVNDB: JVNDB-2018-015152 // CNNVD: CNNVD-201902-270 // NVD: CVE-2018-19016

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-19-036-02	Trust: 2.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19016	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19016	Trust: 0.8
url:	http://www.securityfocus.com/bid/106856	Trust: 0.6
url:	http://www.rockwellautomation.com/	Trust: 0.3
url:	https://compatibility.rockwellautomation.com/pages/multiproductdownload.aspx?crumb=112	Trust: 0.3
url:	https://www.tenable.com/security/research/tra-2019-06	Trust: 0.3

sources: VULHUB: VHN-129633 // BID: 106856 // JVNDB: JVNDB-2018-015152 // CNNVD: CNNVD-201902-270 // NVD: CVE-2018-19016

CREDITS

Kyle Kelley, Dan Coppock,Rockwell Automation, John Lampe, Cesar Navas, Aaron Luft, Iain Kyte, Aleks McKinney, Stephen Baronowsky, Stephen Junck, Ron Erdman, Ben Smith, Dimitriy Dade, Scott Clement and Tenable.

Trust: 0.6

sources: CNNVD: CNNVD-201902-270

SOURCES

db:	VULHUB	id:	VHN-129633
db:	BID	id:	106856
db:	JVNDB	id:	JVNDB-2018-015152
db:	CNNVD	id:	CNNVD-201902-270
db:	NVD	id:	CVE-2018-19016

LAST UPDATE DATE

2024-11-23T23:01:51.989000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-129633	date:	2019-10-09T00:00:00
db:	BID	id:	106856	date:	2019-02-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-015152	date:	2019-05-07T00:00:00
db:	CNNVD	id:	CNNVD-201902-270	date:	2019-10-10T00:00:00
db:	NVD	id:	CVE-2018-19016	date:	2024-11-21T03:57:10.353

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-129633	date:	2019-03-27T00:00:00
db:	BID	id:	106856	date:	2019-02-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-015152	date:	2019-05-07T00:00:00
db:	CNNVD	id:	CNNVD-201902-270	date:	2019-02-05T00:00:00
db:	NVD	id:	CVE-2018-19016	date:	2019-03-27T18:29:00.443