Privilege escalation in PEPPERL+FUCHS CT50-Ex



Published: 2018-10-31
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2018-14825
CWE-ID CWE-269
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		CT50-Ex
Hardware solutions / Firmware

Vendor PEPPERL+FUCHS

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Privilege escalation

EUVDB-ID: #VU15585

Risk: Low

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-14825

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists due to improper privilege management. A remote unauthenticated attacker with advanced knowledge of the target system can create an application that would bind to the service, gain elevated system privileges and obtain access to keystrokes, passwords, personally identifiable information, photos, emails, or business-critical documents.

Mitigation

Install update from vendor's website.

Vulnerable software versions

CT50-Ex: All versions

External links

http://ics-cert.us-cert.gov/advisories/ICSA-18-303-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###