Sign-up

ID

VAR-201809-0150


CVE

CVE-2018-14809


TITLE

Fuji Electric V-Server VPR Memory Error Reference Vulnerability

Trust: 0.8

sources: IVD: 7d85b770-463f-11e9-a599-000c29342cb1 // CNVD: CNVD-2018-19868

DESCRIPTION

Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of a VPR file. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the process. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan

Trust: 3.69

sources: NVD: CVE-2018-14809 // JVNDB: JVNDB-2018-010413 // ZDI: ZDI-18-1019 // ZDI: ZDI-18-1010 // CNVD: CNVD-2018-19868 // IVD: 7d85b770-463f-11e9-a599-000c29342cb1 // VULHUB: VHN-125005

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 7d85b770-463f-11e9-a599-000c29342cb1 // CNVD: CNVD-2018-19868

AFFECTED PRODUCTS

vendor:fuji electricmodel:v-serverscope: - version: -

Trust: 1.4

vendor:fujielectricmodel:v-serverscope:lteversion:4.0.3.0

Trust: 1.0

vendor:fuji electricmodel:v-serverscope:lteversion:4.0.3.0

Trust: 0.8

vendor:fujimodel:electric v-server vprscope:lteversion:<=4.0.3.0

Trust: 0.6

vendor:fujielectricmodel:v-serverscope:eqversion:4.0.3.0

Trust: 0.6

vendor:v servermodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 7d85b770-463f-11e9-a599-000c29342cb1 // ZDI: ZDI-18-1019 // ZDI: ZDI-18-1010 // CNVD: CNVD-2018-19868 // JVNDB: JVNDB-2018-010413 // CNNVD: CNNVD-201809-576 // NVD: CVE-2018-14809

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2018-14809
value: MEDIUM

Trust: 1.4

nvd@nist.gov: CVE-2018-14809
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-14809
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-19868
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201809-576
value: CRITICAL

Trust: 0.6

IVD: 7d85b770-463f-11e9-a599-000c29342cb1
value: CRITICAL

Trust: 0.2

VULHUB: VHN-125005
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-14809
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2018-14809
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.4

CNVD: CNVD-2018-19868
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7d85b770-463f-11e9-a599-000c29342cb1
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-125005
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-14809
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: 7d85b770-463f-11e9-a599-000c29342cb1 // ZDI: ZDI-18-1019 // ZDI: ZDI-18-1010 // CNVD: CNVD-2018-19868 // VULHUB: VHN-125005 // JVNDB: JVNDB-2018-010413 // CNNVD: CNNVD-201809-576 // NVD: CVE-2018-14809

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.9

sources: VULHUB: VHN-125005 // JVNDB: JVNDB-2018-010413 // NVD: CVE-2018-14809

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-576

TYPE

Resource management error

Trust: 0.8

sources: IVD: 7d85b770-463f-11e9-a599-000c29342cb1 // CNNVD: CNNVD-201809-576

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-010413

PATCH
title:Fuji Electric has issued an update to correct this vulnerability.url:https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01
Trust: 1.4
title:トップページurl:https://www.fujielectric.co.jp/
Trust: 0.8
title:Fuji Electric V-Server VPR Memory Error Reference Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/141099
Trust: 0.6
title:Fuji Electric V-Server VPR Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84843
Trust: 0.6
sources:
            
            
            ZDI: ZDI-18-1019 // 
            
            
            
            ZDI: ZDI-18-1010 // 
            
            
            
            CNVD: CNVD-2018-19868 // 
            
            
            
            JVNDB: JVNDB-2018-010413 // 
            
            
            
            CNNVD: CNNVD-201809-576

EXTERNAL IDS
db:NVDid:CVE-2018-14809
Trust: 4.7
db:ICS CERTid:ICSA-18-254-01
Trust: 2.5
db:CNNVDid:CNNVD-201809-576
Trust: 0.9
db:CNVDid:CNVD-2018-19868
Trust: 0.8
db:JVNDBid:JVNDB-2018-010413
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-5885
Trust: 0.7
db:ZDIid:ZDI-18-1019
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-5877
Trust: 0.7
db:ZDIid:ZDI-18-1010
Trust: 0.7
db:IVDid:7D85B770-463F-11E9-A599-000C29342CB1
Trust: 0.2
db:VULHUBid:VHN-125005
Trust: 0.1
sources:
            
            
            IVD: 7d85b770-463f-11e9-a599-000c29342cb1 // 
            
            
            
            ZDI: ZDI-18-1019 // 
            
            
            
            ZDI: ZDI-18-1010 // 
            
            
            
            CNVD: CNVD-2018-19868 // 
            
            
            
            VULHUB: VHN-125005 // 
            
            
            
            JVNDB: JVNDB-2018-010413 // 
            
            
            
            CNNVD: CNNVD-201809-576 // 
            
            
            
            NVD: CVE-2018-14809

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-254-01
Trust: 3.9
url:https://nvd.nist.gov/vuln/detail/cve-2018-14809
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14809
Trust: 0.8
sources:
            
            
            ZDI: ZDI-18-1019 // 
            
            
            
            ZDI: ZDI-18-1010 // 
            
            
            
            CNVD: CNVD-2018-19868 // 
            
            
            
            VULHUB: VHN-125005 // 
            
            
            
            JVNDB: JVNDB-2018-010413 // 
            
            
            
            CNNVD: CNNVD-201809-576 // 
            
            
            
            NVD: CVE-2018-14809

CREDITS
Steven Seeley (mr_me) of Source Incite
Trust: 1.4
sources:
            
            
            ZDI: ZDI-18-1019 // 
            
            
            
            ZDI: ZDI-18-1010

SOURCES
db:IVDid:7d85b770-463f-11e9-a599-000c29342cb1
db:ZDIid:ZDI-18-1019
db:ZDIid:ZDI-18-1010
db:CNVDid:CNVD-2018-19868
db:VULHUBid:VHN-125005
db:JVNDBid:JVNDB-2018-010413
db:CNNVDid:CNNVD-201809-576
db:NVDid:CVE-2018-14809

LAST UPDATE DATE
2024-11-23T21:38:24.046000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-18-1019date:2018-09-12T00:00:00
db:ZDIid:ZDI-18-1010date:2018-09-12T00:00:00
db:CNVDid:CNVD-2018-19868date:2019-01-23T00:00:00
db:VULHUBid:VHN-125005date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-010413date:2018-12-13T00:00:00
db:CNNVDid:CNNVD-201809-576date:2019-10-17T00:00:00
db:NVDid:CVE-2018-14809date:2024-11-21T03:49:50.547

SOURCES RELEASE DATE
db:IVDid:7d85b770-463f-11e9-a599-000c29342cb1date:2018-09-27T00:00:00
db:ZDIid:ZDI-18-1019date:2018-09-12T00:00:00
db:ZDIid:ZDI-18-1010date:2018-09-12T00:00:00
db:CNVDid:CNVD-2018-19868date:2018-09-27T00:00:00
db:VULHUBid:VHN-125005date:2018-09-26T00:00:00
db:JVNDBid:JVNDB-2018-010413date:2018-12-13T00:00:00
db:CNNVDid:CNNVD-201809-576date:2018-09-13T00:00:00
db:NVDid:CVE-2018-14809date:2018-09-26T20:29:00.293