Authentication bypass vulnerabilities in GAIN Electronic SAGA1-L
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2018-17903 CVE-2018-20783 CVE-2018-17923 |
| CWE-ID | CWE-294 CWE-284 CWE-287 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
SAGA1-L Hardware solutions / Firmware |
| Vendor | GAIN Electronic |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Authentication bypass
EUVDB-ID: #VU15508
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-17903
CWE-ID:
CWE-294 - Authentication Bypass by Capture-replay
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to bypass authentication on the target system.
The vulnerability exists due to authentication bypass by capture-replay. An adjacent attacker can conduct replay attack and command forge any commands.
MitigationUpdate to version A0.10.
Vulnerable software versionsSAGA1-L: All versions
SAGA1-L: before
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-18-296-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU15509
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-20783
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to bypass authentication on the target system.
The vulnerability exists due to improper access control. An adjacent attacker can force-pair the device without human interaction.
MitigationUpdate to version A0.10.
Vulnerable software versionsSAGA1-L: All versions
SAGA1-L: before
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-18-296-02
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper authentication
EUVDB-ID: #VU15510
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-17923
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a physical attacker to bypass authentication on the target system.
The vulnerability exists due to improper access control. An attacker with physical access to the product can reprogram it.
MitigationUpdate to version A0.10.
Vulnerable software versionsSAGA1-L: All versions
SAGA1-L: before
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-18-296-02
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
