Main Vulnerability Database Vulnerabilities #VU15511

Authentication bypass in F25 Series - CVE-2018-17935

Published: October 23, 2018 / Updated: October 24, 2018

Vulnerability identifier: #VU15511

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-17935

CWE-ID: CWE-294

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Telecrane

Affected software:
F25 Series

Detailed vulnerability description

The vulnerability allows an adjacent attacker to bypass authentication on the target system.

The vulnerability exists due to use of fixed codes that are reproducible by sniffing and re-transmission. A remote unauthenticated attacker can bypass authentication to replay commands, spoof arbitrary message, or keep the controlled load in a permanent “stop” state.

How to mitigate CVE-2018-17935

Update to version 00.0A.

Sources

https://ics-cert.us-cert.gov/advisories/ICSA-18-296-03

Authentication bypass in F25 Series - CVE-2018-17935

Detailed vulnerability description

How to mitigate CVE-2018-17935

Sources

Please verify you're human