CVE-2018-7793 - OpenCVE

A Credential Management vulnerability exists in FoxView HMI SCADA (All Foxboro DCS, Foxboro Evo, and IA Series versions prior to Foxboro DCS Control Core Services 9.4 (CCS 9.4) and FoxView 10.5.) which could cause unauthorized disclosure, modification, or disruption in service when the password is modified without permission.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Schneider-electric	Foxboro Dcs Foxboro Evo Foxview Ia Series

Configuration 1 [-]

OR	cpe:2.3:a:schneider-electric:foxboro_dcs::::::::
	cpe:2.3:a:schneider-electric:foxboro_evo::::::::
	cpe:2.3:a:schneider-electric:foxview:10.5:::::::*
	cpe:2.3:a:schneider-electric:ia_series::::::::

No data.

References

Link	Providers
https://www.schneider-electric.com/en/download/document/SEVD-2018-353-03/

History

No history.

MITRE

Status: PUBLISHED

Assigner: schneider

Published: 2018-12-24T16:00:00

Updated: 2024-08-05T06:37:59.019Z

Reserved: 2018-03-08T00:00:00

Link: CVE-2018-7793

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-12-24T16:29:00.640

Modified: 2020-08-24T17:37:01.140

Link: CVE-2018-7793

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "FoxView HMI SCADA (All Foxboro DCS, Foxboro Evo, and IA Series versions prior to Foxboro DCS Control Core Services 9.4 (CCS 9.4) and FoxView 10.5.)", "vendor": "Schneider Electric SE", "versions": [{"status": "affected", "version": "FoxView HMI SCADA (All Foxboro DCS, Foxboro Evo, and IA Series versions prior to Foxboro DCS Control Core Services 9.4 (CCS 9.4) and FoxView 10.5.)"}]}], "datePublic": "2018-12-24T00:00:00", "descriptions": [{"lang": "en", "value": "A Credential Management vulnerability exists in FoxView HMI SCADA (All Foxboro DCS, Foxboro Evo, and IA Series versions prior to Foxboro DCS Control Core Services 9.4 (CCS 9.4) and FoxView 10.5.) which could cause unauthorized disclosure, modification, or disruption in service when the password is modified without permission."}], "problemTypes": [{"descriptions": [{"description": "Credential Management", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-12-24T15:57:01", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-353-03/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2018-7793", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "FoxView HMI SCADA (All Foxboro DCS, Foxboro Evo, and IA Series versions prior to Foxboro DCS Control Core Services 9.4 (CCS 9.4) and FoxView 10.5.)", "version": {"version_data": [{"version_value": "FoxView HMI SCADA (All Foxboro DCS, Foxboro Evo, and IA Series versions prior to Foxboro DCS Control Core Services 9.4 (CCS 9.4) and FoxView 10.5.)"}]}}]}, "vendor_name": "Schneider Electric SE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Credential Management vulnerability exists in FoxView HMI SCADA (All Foxboro DCS, Foxboro Evo, and IA Series versions prior to Foxboro DCS Control Core Services 9.4 (CCS 9.4) and FoxView 10.5.) which could cause unauthorized disclosure, modification, or disruption in service when the password is modified without permission."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Credential Management"}]}]}, "references": {"reference_data": [{"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-353-03/", "refsource": "CONFIRM", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-353-03/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:37:59.019Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-353-03/"}]}]}, "cveMetadata": {"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2018-7793", "datePublished": "2018-12-24T16:00:00", "dateReserved": "2018-03-08T00:00:00", "dateUpdated": "2024-08-05T06:37:59.019Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:foxboro_dcs:*:*:*:*:*:*:*:*", "matchCriteriaId": "DBD743B7-7CED-46B6-9ECD-0C082BD8F5DB", "versionEndExcluding": "ccs_9.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:schneider-electric:foxboro_evo:*:*:*:*:*:*:*:*", "matchCriteriaId": "FE0621CA-DEB5-46C6-8F6C-EABA5DA04DFE", "versionEndExcluding": "ccs_9.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:schneider-electric:foxview:10.5:*:*:*:*:*:*:*", "matchCriteriaId": "875225C7-6546-41BB-96DB-450F5C99494E", "vulnerable": true}, {"criteria": "cpe:2.3:a:schneider-electric:ia_series:*:*:*:*:*:*:*:*", "matchCriteriaId": "9EDC2A27-E072-4D61-9A35-714571A3E9A1", "versionEndExcluding": "ccs_9.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A Credential Management vulnerability exists in FoxView HMI SCADA (All Foxboro DCS, Foxboro Evo, and IA Series versions prior to Foxboro DCS Control Core Services 9.4 (CCS 9.4) and FoxView 10.5.) which could cause unauthorized disclosure, modification, or disruption in service when the password is modified without permission."}, {"lang": "es", "value": "Existe una vulnerabilidad de gesti\u00f3n de credenciales en FoxView HMI SCADA (todas las versiones de Foxboro DCS, Foxboro Evo e IA Series anteriores a Foxboro DCS Control Core Services 9.4 (CCS 9.4) y FoxView 10.5.) que podr\u00eda permitir la divulgaci\u00f3n, modificaci\u00f3n o interrupci\u00f3n no autorizada del servicio cuando se modifica la contrase\u00f1a sin permiso."}], "id": "CVE-2018-7793", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L", "version": "3.0"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-12-24T16:29:00.640", "references": [{"source": "cybersecurity@se.com", "tags": ["Vendor Advisory"], "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-353-03/"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}