8.8

CVE-2018-17933

EPSS 0.29%
Veröffentlicht 30.10.2018 21:29:01
Zuletzt bearbeitet 21.11.2024 03:55:14
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) connected to the VGo XAMPP. User accounts may be able to execute commands that are outside the scope of their privileges and within the scope of an admin account. If an attacker has access to VGo XAMPP Client credentials, they may be able to execute admin commands on the connected robot.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Vecna ≫ Vgo Firmware Version3.0.3.52164

Vecna ≫ Vgo Version-

Vecna ≫ Vgo Firmware Version3.0.3.53662

Vecna ≫ Vgo Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.29%	0.493

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2018-17933

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-17933

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-17933

EUVD