CVE-2018-5473

An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. The SSH functions of the device are vulnerable to buffer overflow conditions that may allow a remote attacker to execute arbitrary code on the device.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/103054	Broken Link
https://ics-cert.us-cert.gov/advisories/ICSA-18-046-02	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:ge:d60_line_distance_relay_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:ge:d60_line_distance_relay:-:*:*:*:*:*:*:*

History

19 Apr 2022, 16:06

Type	Values Removed	Values Added
References	~~(BID) http://www.securityfocus.com/bid/103054 - Third Party Advisory, VDB Entry~~	(BID) http://www.securityfocus.com/bid/103054 - Broken Link

18 Aug 2021, 14:12

Type	Values Removed	Values Added
CPE	cpe:2.3:h:gegridsolutions:d60_line_distance_relay:-:::::::* cpe:2.3:o:gegridsolutions:d60_line_distance_relay_firmware::::::::	cpe:2.3:o:ge:d60_line_distance_relay_firmware:::::::: cpe:2.3:h:ge:d60_line_distance_relay:-:::::::*

Information

Published : 2018-02-19 18:29

Updated : 2024-02-04 19:46

NVD link : CVE-2018-5473

Mitre link : CVE-2018-5473

CVE.ORG link : CVE-2018-5473

JSON object : View

Products Affected

ge

d60_line_distance_relay_firmware
d60_line_distance_relay

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2018-5473", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2018-02-19T18:29:00.257", "references": [{"url": "http://www.securityfocus.com/bid/103054", "tags": ["Broken Link"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-046-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. The SSH functions of the device are vulnerable to buffer overflow conditions that may allow a remote attacker to execute arbitrary code on the device."}, {"lang": "es", "value": "Se ha descubierto un problema de restricci\u00f3n indebida de operaciones en los l\u00edmites de un b\u00fafer de memoria en los dispositivos GE D60 Line Distance Relay que ejecutan la versi\u00f3n de firmware 7.11 y anteriores. Las funciones SSH del dispositivo son vulnerables a condiciones de desbordamiento de b\u00fafer que podr\u00edan permitir que un atacante remoto ejecute c\u00f3digo arbitrario en el dispositivo."}], "lastModified": "2022-04-19T16:06:55.230", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ge:d60_line_distance_relay_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E794B690-7678-4D07-A413-B07757B32B54", "versionEndIncluding": "7.11"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ge:d60_line_distance_relay:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8CA23112-E10C-40E4-A8CD-F90D0BFF6636"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}