CVE-2018-14790

Published Oct 1, 2018

Last updated 5 years ago

CVSS critical 9.8

Overview

Description: Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. A buffer over-read vulnerability may allow remote code execution on the device.
Source: ics-cert@hq.dhs.gov
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-125
ics-cert@hq.dhs.gov: CWE-126

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fujielectric:frenic_loader_3.3_firmware:7.3.4.1a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "047DAA36-D21F-4563-8C57-9829048BBAA3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:fujielectric:frenic-ace:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E9D4C166-2E13-45FF-A2FD-410D36DE3DAF"
          },
          {
            "criteria": "cpe:2.3:h:fujielectric:frenic-eco:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "ECB1557C-2F2E-41BF-B288-02694D7170CB"
          },
          {
            "criteria": "cpe:2.3:h:fujielectric:frenic-mega:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B895CAB3-FE3A-4B4C-BC57-764D153461DF"
          },
          {
            "criteria": "cpe:2.3:h:fujielectric:frenic-mini\\(c1\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E4E0156F-6435-4DE6-97E0-E7E9D85621DD"
          },
          {
            "criteria": "cpe:2.3:h:fujielectric:frenic-mini\\(c2\\):-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "858682FA-3073-410B-9BE7-FFA77D9753C0"
          },
          {
            "criteria": "cpe:2.3:h:fujielectric:frenic-multi:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FA31A696-5425-47CB-84EB-527FEEA86CC9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References