4.8

CVE-2018-17925

EPSS 0.06%
Veröffentlicht 10.10.2018 17:29:04
Zuletzt bearbeitet 21.11.2024 03:55:13
Quelle ics-cert@hq.dhs.gov
Teams Watchlist Login
Unerledigt Login

Multiple instances of this vulnerability (Unsafe ActiveX Control Marked Safe For Scripting) have been identified in the third-party ActiveX object provided to GE iFIX versions 2.0 - 5.8 by Gigasoft. Only the independent use of the Gigasoft charting package outside the iFIX product may expose users to the reported vulnerability. The reported method shown to impact Internet Explorer is not exposed in the iFIX product, nor is the core functionality of the iFIX product known to be impacted.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ge ≫ Ifix Version >= 2.0 <= 5.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.14

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.8	1.3	3.4	CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
nvd@nist.gov	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P

CWE-623 Unsafe ActiveX Control Marked Safe For Scripting

An ActiveX control is intended for restricted use, but it has been marked as safe-for-scripting.

http://www.securityfocus.com/bid/105540

Third Party Advisory

VDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-18-282-01

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2018-17925

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-17925

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-17925

EUVD