CVE-2018-13801

Published: Oct 10, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability has been identified in ROX II (All versions < V2.12.1). An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privileges. Successful exploitation requires user privileges of a low-privileged user but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system.

Affected (1)

Products: Siemens: Rox Ii Firmware

1 product

Rox Ii Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Rox Ii Firmware	Before 2.12.1

Running on/with	Platform Versions
Siemens Rox Ii	All versions

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (6)

http://www.securityfocus.com/bid/105545

Source: productcert@siemens.com

Third Party AdvisoryVDB Entry

https://cert-portal.siemens.com/productcert/pdf/ssa-493830.pdf

Source: productcert@siemens.com

Vendor Advisory

https://ics-cert.us-cert.gov/advisories/ICSA-18-282-03

Source: productcert@siemens.com

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/105545

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://cert-portal.siemens.com/productcert/pdf/ssa-493830.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://ics-cert.us-cert.gov/advisories/ICSA-18-282-03

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.