CVE-2018-8858

Published: Oct 30, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

If an attacker has access to the firmware from the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to extract credentials.

Affected (2)

Products: Vecna: Vgo Firmware

Vecna

1 product

Vgo Firmware

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vecna Vgo Firmware	Up to 3.0.3.52164
Vecna Vgo Firmware	Version 3.0.3.53662

Running on/with	Platform Versions
Vecna Vgo	All versions

Related CWEs

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.