CVE-2018-6020 - OpenCVE

In Silex SX-500 all versions and GE MobileLink(GEH-500) version 1.54 and prior, authentication is not verified when making certain POST requests, which may allow attackers to modify system settings.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Silextechnology	Geh-500 Geh-500 Firmware Geh-sd-320an Geh-sd-320an Firmware Sd-320an Sd-320an Firmware Sx-500 Sx-500 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:silextechnology:sd-320an_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:silextechnology:sd-320an:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:silextechnology:geh-sd-320an_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:silextechnology:geh-sd-320an:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:silextechnology:geh-500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:silextechnology:geh-500:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:silextechnology:sx-500_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:silextechnology:sx-500:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://ics-cert.us-cert.gov/advisories/ICSMA-18-128-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-05-09T21:00:00Z

Updated: 2024-09-17T02:12:11.563Z

Reserved: 2018-01-22T00:00:00

Link: CVE-2018-6020

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-05-09T21:29:00.213

Modified: 2018-06-13T14:14:16.177

Link: CVE-2018-6020

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-05-07T00:00:00", "descriptions": [{"lang": "en", "value": "In Silex SX-500 all versions and GE MobileLink(GEH-500) version 1.54 and prior, authentication is not verified when making certain POST requests, which may allow attackers to modify system settings."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-09T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-128-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "DATE_PUBLIC": "2018-05-07T00:00:00", "ID": "CVE-2018-6020", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Silex SX-500 all versions and GE MobileLink(GEH-500) version 1.54 and prior, authentication is not verified when making certain POST requests, which may allow attackers to modify system settings."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-128-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-128-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T05:54:51.311Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-128-01"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-6020", "datePublished": "2018-05-09T21:00:00Z", "dateReserved": "2018-01-22T00:00:00", "dateUpdated": "2024-09-17T02:12:11.563Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:silextechnology:sd-320an_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "90DC4B80-ED83-4243-BD3C-DFE5919E9FBE", "versionEndIncluding": "2.01", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:silextechnology:sd-320an:-:*:*:*:*:*:*:*", "matchCriteriaId": "F7F9B29F-6092-4E06-AF34-0EE7F7A162D2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:silextechnology:geh-sd-320an_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "35EA07A6-B304-428E-ABCE-D5DF175EC23F", "versionEndIncluding": "geh-1.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:silextechnology:geh-sd-320an:-:*:*:*:*:*:*:*", "matchCriteriaId": "18DC87D4-F185-4BCB-81DF-E0825C67DABD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:silextechnology:geh-500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B61A0766-3653-431A-B2ED-B8CB1364B9B9", "versionEndIncluding": "1.54", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:silextechnology:geh-500:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F1F4623-E124-4230-9ED1-1794BB03FE34", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:silextechnology:sx-500_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E9AB171F-A089-4BE6-88C7-CDBEE2EB0877", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:silextechnology:sx-500:-:*:*:*:*:*:*:*", "matchCriteriaId": "78B1C26A-3B1E-45FF-9A76-9E50E6CC61D2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Silex SX-500 all versions and GE MobileLink(GEH-500) version 1.54 and prior, authentication is not verified when making certain POST requests, which may allow attackers to modify system settings."}, {"lang": "es", "value": "En Silex SX-500 en todas las versiones y en GE MobileLink(GEH-500) en versiones 1.54 y anteriores, la autenticaci\u00f3n no se verifica cuando se realizan ciertas peticiones POST, lo que podr\u00eda permitir que los atacantes modifiquen opciones del sistema."}], "id": "CVE-2018-6020", "lastModified": "2018-06-13T14:14:16.177", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-09T21:29:00.213", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-128-01"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}