Search criteria
6 vulnerabilities found for SAGA1-L8B by GAIN Electronic Co. Ltd
CVE-2018-17923 (GCVE-0-2018-17923)
Vulnerability from nvd – Published: 2018-10-24 22:00 – Updated: 2024-09-16 16:27
VLAI
Summary
SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it.
Severity
No CVSS data available.
CWE
- CWE-287 - IMPROPER AUTHENTICATION CWE-287
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02 | x_refsource_MISC |
| http://www.securityfocus.com/bid/105729 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GAIN Electronic Co. Ltd | SAGA1-L8B |
Affected:
All firmware versions prior to A0.10
|
Date Public
2018-10-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
},
{
"name": "105729",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105729"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAGA1-L8B",
"vendor": "GAIN Electronic Co. Ltd",
"versions": [
{
"status": "affected",
"version": "All firmware versions prior to A0.10"
}
]
}
],
"datePublic": "2018-10-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "IMPROPER AUTHENTICATION CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-26T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
},
{
"name": "105729",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105729"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-10-23T00:00:00",
"ID": "CVE-2018-17923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAGA1-L8B",
"version": {
"version_data": [
{
"version_value": "All firmware versions prior to A0.10"
}
]
}
}
]
},
"vendor_name": "GAIN Electronic Co. Ltd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER AUTHENTICATION CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
},
{
"name": "105729",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105729"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-17923",
"datePublished": "2018-10-24T22:00:00.000Z",
"dateReserved": "2018-10-02T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:27:58.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17921 (GCVE-0-2018-17921)
Vulnerability from nvd – Published: 2018-10-24 22:00 – Updated: 2024-09-17 01:46
VLAI
Summary
SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that may allow an attacker to force-pair the device without human interaction.
Severity
No CVSS data available.
CWE
- CWE-284 - IMPROPER ACCESS CONTROL CWE-284
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02 | x_refsource_MISC |
| http://www.securityfocus.com/bid/105729 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GAIN Electronic Co. Ltd | SAGA1-L8B |
Affected:
All firmware versions prior to A0.10
|
Date Public
2018-10-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
},
{
"name": "105729",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105729"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAGA1-L8B",
"vendor": "GAIN Electronic Co. Ltd",
"versions": [
{
"status": "affected",
"version": "All firmware versions prior to A0.10"
}
]
}
],
"datePublic": "2018-10-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that may allow an attacker to force-pair the device without human interaction."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "IMPROPER ACCESS CONTROL CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-26T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
},
{
"name": "105729",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105729"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-10-23T00:00:00",
"ID": "CVE-2018-17921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAGA1-L8B",
"version": {
"version_data": [
{
"version_value": "All firmware versions prior to A0.10"
}
]
}
}
]
},
"vendor_name": "GAIN Electronic Co. Ltd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that may allow an attacker to force-pair the device without human interaction."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER ACCESS CONTROL CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
},
{
"name": "105729",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105729"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-17921",
"datePublished": "2018-10-24T22:00:00.000Z",
"dateReserved": "2018-10-02T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:46:32.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17903 (GCVE-0-2018-17903)
Vulnerability from nvd – Published: 2018-10-24 22:00 – Updated: 2024-09-16 18:09
VLAI
Summary
SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery.
Severity
No CVSS data available.
CWE
- CWE-294 - AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02 | x_refsource_MISC |
| http://www.securityfocus.com/bid/105729 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GAIN Electronic Co. Ltd | SAGA1-L8B |
Affected:
All firmware versions prior to A0.10
|
Date Public
2018-10-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
},
{
"name": "105729",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105729"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAGA1-L8B",
"vendor": "GAIN Electronic Co. Ltd",
"versions": [
{
"status": "affected",
"version": "All firmware versions prior to A0.10"
}
]
}
],
"datePublic": "2018-10-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-26T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
},
{
"name": "105729",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105729"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-10-23T00:00:00",
"ID": "CVE-2018-17903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAGA1-L8B",
"version": {
"version_data": [
{
"version_value": "All firmware versions prior to A0.10"
}
]
}
}
]
},
"vendor_name": "GAIN Electronic Co. Ltd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
},
{
"name": "105729",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105729"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-17903",
"datePublished": "2018-10-24T22:00:00.000Z",
"dateReserved": "2018-10-02T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:09:10.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17923 (GCVE-0-2018-17923)
Vulnerability from cvelistv5 – Published: 2018-10-24 22:00 – Updated: 2024-09-16 16:27
VLAI
Summary
SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it.
Severity
No CVSS data available.
CWE
- CWE-287 - IMPROPER AUTHENTICATION CWE-287
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02 | x_refsource_MISC |
| http://www.securityfocus.com/bid/105729 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GAIN Electronic Co. Ltd | SAGA1-L8B |
Affected:
All firmware versions prior to A0.10
|
Date Public
2018-10-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
},
{
"name": "105729",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105729"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAGA1-L8B",
"vendor": "GAIN Electronic Co. Ltd",
"versions": [
{
"status": "affected",
"version": "All firmware versions prior to A0.10"
}
]
}
],
"datePublic": "2018-10-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "IMPROPER AUTHENTICATION CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-26T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
},
{
"name": "105729",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105729"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-10-23T00:00:00",
"ID": "CVE-2018-17923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAGA1-L8B",
"version": {
"version_data": [
{
"version_value": "All firmware versions prior to A0.10"
}
]
}
}
]
},
"vendor_name": "GAIN Electronic Co. Ltd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER AUTHENTICATION CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
},
{
"name": "105729",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105729"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-17923",
"datePublished": "2018-10-24T22:00:00.000Z",
"dateReserved": "2018-10-02T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:27:58.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17921 (GCVE-0-2018-17921)
Vulnerability from cvelistv5 – Published: 2018-10-24 22:00 – Updated: 2024-09-17 01:46
VLAI
Summary
SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that may allow an attacker to force-pair the device without human interaction.
Severity
No CVSS data available.
CWE
- CWE-284 - IMPROPER ACCESS CONTROL CWE-284
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02 | x_refsource_MISC |
| http://www.securityfocus.com/bid/105729 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GAIN Electronic Co. Ltd | SAGA1-L8B |
Affected:
All firmware versions prior to A0.10
|
Date Public
2018-10-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
},
{
"name": "105729",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105729"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAGA1-L8B",
"vendor": "GAIN Electronic Co. Ltd",
"versions": [
{
"status": "affected",
"version": "All firmware versions prior to A0.10"
}
]
}
],
"datePublic": "2018-10-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that may allow an attacker to force-pair the device without human interaction."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "IMPROPER ACCESS CONTROL CWE-284",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-26T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
},
{
"name": "105729",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105729"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-10-23T00:00:00",
"ID": "CVE-2018-17921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAGA1-L8B",
"version": {
"version_data": [
{
"version_value": "All firmware versions prior to A0.10"
}
]
}
}
]
},
"vendor_name": "GAIN Electronic Co. Ltd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that may allow an attacker to force-pair the device without human interaction."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER ACCESS CONTROL CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
},
{
"name": "105729",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105729"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-17921",
"datePublished": "2018-10-24T22:00:00.000Z",
"dateReserved": "2018-10-02T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:46:32.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17903 (GCVE-0-2018-17903)
Vulnerability from cvelistv5 – Published: 2018-10-24 22:00 – Updated: 2024-09-16 18:09
VLAI
Summary
SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery.
Severity
No CVSS data available.
CWE
- CWE-294 - AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02 | x_refsource_MISC |
| http://www.securityfocus.com/bid/105729 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GAIN Electronic Co. Ltd | SAGA1-L8B |
Affected:
All firmware versions prior to A0.10
|
Date Public
2018-10-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
},
{
"name": "105729",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105729"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAGA1-L8B",
"vendor": "GAIN Electronic Co. Ltd",
"versions": [
{
"status": "affected",
"version": "All firmware versions prior to A0.10"
}
]
}
],
"datePublic": "2018-10-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-26T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
},
{
"name": "105729",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105729"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-10-23T00:00:00",
"ID": "CVE-2018-17903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAGA1-L8B",
"version": {
"version_data": [
{
"version_value": "All firmware versions prior to A0.10"
}
]
}
}
]
},
"vendor_name": "GAIN Electronic Co. Ltd"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
},
{
"name": "105729",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105729"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-17903",
"datePublished": "2018-10-24T22:00:00.000Z",
"dateReserved": "2018-10-02T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:09:10.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}