Details of VAR-201809-0154

ID

VAR-201809-0154

CVE

CVE-2018-14817

TITLE

Fuji Electric V-Server Integer Overflow Vulnerability

Trust: 0.8

sources: IVD: e2fd6940-39ab-11e9-8108-000c29342cb1 // CNVD: CNVD-2018-20784

DESCRIPTION

Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution. Fuji Electric V-Server VPR is a data collection software from Fuji Electric of Japan. A remote attacker could exploit the vulnerability to execute code. Fuji Electric V-Server is prone to multiple security vulnerabilities: 1. A use-after-free vulnerability 2. Multiple untrusted pointer dereference remote code-execution vulnerabilities 3. A heap-based buffer overflow vulnerability 4. Multiple out-of-bounds write vulnerabilities 5. An integer underflow vulnerability 6. An out-of-bounds read vulnerability 7. V-Server 4.0.3.0 and prior are vulnerable

Trust: 2.7

sources: NVD: CVE-2018-14817 // JVNDB: JVNDB-2018-010417 // CNVD: CNVD-2018-20784 // BID: 105341 // IVD: e2fd6940-39ab-11e9-8108-000c29342cb1 // VULHUB: VHN-125014

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2fd6940-39ab-11e9-8108-000c29342cb1 // CNVD: CNVD-2018-20784

AFFECTED PRODUCTS

vendor:	fujielectric	model:	v-server	scope:	lte	version:	4.0.3.0	Trust: 1.0
vendor:	fuji electric	model:	v-server	scope:	lte	version:	4.0.3.0	Trust: 0.8
vendor:	fuji	model:	electric v-server vpr	scope:	lte	version:	<=4.0.3.0	Trust: 0.6
vendor:	fujielectric	model:	v-server	scope:	eq	version:	4.0.3.0	Trust: 0.6
vendor:	fuji	model:	electric v-server	scope:	eq	version:	4.0.3.0	Trust: 0.3
vendor:	fuji	model:	electric v-server	scope:	eq	version:	4.0.1.0	Trust: 0.3
vendor:	fuji	model:	electric v-server	scope:	eq	version:	4.0.0.0	Trust: 0.3
vendor:	fuji	model:	electric v-server	scope:	eq	version:	3.3.22.0	Trust: 0.3
vendor:	fuji	model:	electric v-server	scope:	ne	version:	4.0.4.0	Trust: 0.3
vendor:	v server	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2fd6940-39ab-11e9-8108-000c29342cb1 // CNVD: CNVD-2018-20784 // BID: 105341 // JVNDB: JVNDB-2018-010417 // CNNVD: CNNVD-201809-580 // NVD: CVE-2018-14817

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-14817
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-14817
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2018-20784
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201809-580
value:	CRITICAL
Trust: 0.6
IVD:	e2fd6940-39ab-11e9-8108-000c29342cb1
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-125014
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-14817
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-20784
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2fd6940-39ab-11e9-8108-000c29342cb1
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-125014
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-14817
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: e2fd6940-39ab-11e9-8108-000c29342cb1 // CNVD: CNVD-2018-20784 // VULHUB: VHN-125014 // JVNDB: JVNDB-2018-010417 // CNNVD: CNNVD-201809-580 // NVD: CVE-2018-14817

PROBLEMTYPE DATA

problemtype:

CWE-191

Trust: 1.9

sources: VULHUB: VHN-125014 // JVNDB: JVNDB-2018-010417 // NVD: CVE-2018-14817

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-580

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201809-580

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-010417

PATCH

title:	トップページ	url:	https://www.fujielectric.co.jp/	Trust: 0.8
title:	Patch for Fuji Electric V-Server Integer Overflow Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/142217	Trust: 0.6
title:	Fuji Electric V-Server VPR Fixes for digital error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84847	Trust: 0.6

sources: CNVD: CNVD-2018-20784 // JVNDB: JVNDB-2018-010417 // CNNVD: CNNVD-201809-580

EXTERNAL IDS

db:	NVD	id:	CVE-2018-14817	Trust: 3.6
db:	ICS CERT	id:	ICSA-18-254-01	Trust: 2.8
db:	BID	id:	105341	Trust: 2.6
db:	CNNVD	id:	CNNVD-201809-580	Trust: 0.9
db:	CNVD	id:	CNVD-2018-20784	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-010417	Trust: 0.8
db:	IVD	id:	E2FD6940-39AB-11E9-8108-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-125014	Trust: 0.1

sources: IVD: e2fd6940-39ab-11e9-8108-000c29342cb1 // CNVD: CNVD-2018-20784 // VULHUB: VHN-125014 // BID: 105341 // JVNDB: JVNDB-2018-010417 // CNNVD: CNNVD-201809-580 // NVD: CVE-2018-14817

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-254-01	Trust: 2.8
url:	http://www.securityfocus.com/bid/105341	Trust: 2.3
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14817	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14817	Trust: 0.8
url:	http://www.fujielectric.com/	Trust: 0.3

sources: CNVD: CNVD-2018-20784 // VULHUB: VHN-125014 // BID: 105341 // JVNDB: JVNDB-2018-010417 // CNNVD: CNNVD-201809-580 // NVD: CVE-2018-14817

CREDITS

Steven Seeley (mr_me) of Source Incite and Ghirmay Desta working with Trend Micro??s Zero Day Initiative

Trust: 0.3

sources: BID: 105341

SOURCES

db:	IVD	id:	e2fd6940-39ab-11e9-8108-000c29342cb1
db:	CNVD	id:	CNVD-2018-20784
db:	VULHUB	id:	VHN-125014
db:	BID	id:	105341
db:	JVNDB	id:	JVNDB-2018-010417
db:	CNNVD	id:	CNNVD-201809-580
db:	NVD	id:	CVE-2018-14817

LAST UPDATE DATE

2024-11-23T21:38:23.896000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-20784	date:	2018-10-12T00:00:00
db:	VULHUB	id:	VHN-125014	date:	2019-10-09T00:00:00
db:	BID	id:	105341	date:	2018-09-11T00:00:00
db:	JVNDB	id:	JVNDB-2018-010417	date:	2018-12-13T00:00:00
db:	CNNVD	id:	CNNVD-201809-580	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-14817	date:	2024-11-21T03:49:51.510

SOURCES RELEASE DATE

db:	IVD	id:	e2fd6940-39ab-11e9-8108-000c29342cb1	date:	2018-10-12T00:00:00
db:	CNVD	id:	CNVD-2018-20784	date:	2018-10-12T00:00:00
db:	VULHUB	id:	VHN-125014	date:	2018-09-26T00:00:00
db:	BID	id:	105341	date:	2018-09-11T00:00:00
db:	JVNDB	id:	JVNDB-2018-010417	date:	2018-12-13T00:00:00
db:	CNNVD	id:	CNNVD-201809-580	date:	2018-09-13T00:00:00
db:	NVD	id:	CVE-2018-14817	date:	2018-09-26T20:29:00.747