Lucene search

[email protected]CVE-2018-13798

HistoryMar 21, 2019 - 7:29 p.m.

CVE-2018-13798

2019-03-2119:29:00

CWE-20

[email protected]

web.nvd.nist.gov

cve

2018

13798

sicam

a8000

cp-8000

cp-802x

cp-8050

v14

v2.00

dos

denial-of-service

security vulnerability

network packets

web server

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.8%

JSON

A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V14), SICAM A8000 CP-802X (All versions < V14), SICAM A8000 CP-8050 (All versions < V2.00). Specially crafted network packets sent to port 80/TCP or 443/TCP could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the web server. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/TCP or 443/TCP. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the web server. A system reboot is required to recover the web service of the device. At the time of advisory update, exploit code for this security vulnerability is public.

Affected configurations

NVD

Node

siemenssicam_a8000_cp-8000Match-

AND

siemenssicam_a8000_cp-8000_firmwareRange<14

Node

siemenssicam_a8000_cp-802xMatch-

AND

siemenssicam_a8000_cp-802x_firmwareRange<14

Node

siemenssicam_a8000_cp-8050Match-

AND

siemenssicam_a8000_cp-8050_firmwareRange<2.00

CPENameOperatorVersion
siemens:sicam_a8000_cp-8000_firmwaresiemens sicam a8000 cp-8000 firmwarelt14

CPE	Name	Operator	Version
siemens:sicam_a8000_cp-8000_firmware	siemens sicam a8000 cp-8000 firmware	lt	14

CNA Affected

[
  {
    "product": "SICAM A8000 CP-8000, SICAM A8000 CP-802X, SICAM A8000 CP-8050",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "SICAM A8000 CP-8000 : All versions < V14"
      }
    ]
  },
  {
    "product": "SICAM A8000 CP-802X",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "SICAM A8000 CP-802X : All versions < V14"
      }
    ]
  },
  {
    "product": "SICAM A8000 CP-8050",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V2.00"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-579309.pdf

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.8%

JSON

Related for CVE-2018-13798

zdt1 nessus2 cvelist1 ics1 nvd1 prion1 packetstorm1