CVE-2018-17926

Опубликовано: 31 янв. 2019

Источник: nvd

CVSS3: 4.3

CVSS2: 3.3

EPSS Низкий

Описание

The product M2M ETHERNET (FW Versions 2.22 and prior, ETH-FW Versions 1.01 and prior) is vulnerable in that an attacker can upload a malicious language file by bypassing the user authentication mechanism.

Ссылки

http://www.securityfocus.com/bid/106243
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-352-07
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/106243
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-352-07
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:abb:eth-fw_firmware:*:*:*:*:*:*:*:*

Версия до 1.01 (включая)

cpe:2.3:o:abb:fw_firmware:*:*:*:*:*:*:*:*

Версия до 2.22 (включая)

cpe:2.3:h:abb:m2m_ethernet:-:*:*:*:*:*:*:*

EPSS

Процентиль: 20%

0.00063

Низкий

4.3 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-6xpc-mqmq-w9x7