CVE-2018-6020

Published: May 9, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Exploitability: 3.9 / Impact: 2.5

Source: NVD

Description

In Silex SX-500 all versions and GE MobileLink(GEH-500) version 1.54 and prior, authentication is not verified when making certain POST requests, which may allow attackers to modify system settings.

Affected (4)

Products: Silextechnology: Sd 320an Firmware, Geh Sd 320an Firmware, Geh 500 Firmware, Sx 500 Firmware

Silextechnology

4 products

Sd 320an Firmware

Geh Sd 320an Firmware

Geh 500 Firmware

Sx 500 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silextechnology Sd 320an Firmware	Up to 2.01

Running on/with	Platform Versions
Silextechnology Sd 320an	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silextechnology Geh Sd 320an Firmware	Up to geh-1.1

Running on/with	Platform Versions
Silextechnology Geh Sd 320an	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silextechnology Geh 500 Firmware	Up to 1.54

Running on/with	Platform Versions
Silextechnology Geh 500	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Silextechnology Sx 500 Firmware	All versions

Running on/with	Platform Versions
Silextechnology Sx 500	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://ics-cert.us-cert.gov/advisories/ICSMA-18-128-01

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

https://ics-cert.us-cert.gov/advisories/ICSMA-18-128-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.