Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability found for sx-500 by silextechnology
VAR-201805-1044
Vulnerability from variot - Updated: 2024-11-23 22:41In Silex SX-500 all versions and GE MobileLink(GEH-500) version 1.54 and prior, authentication is not verified when making certain POST requests, which may allow attackers to modify system settings. Silex SX-500 and GE MobileLink(GEH-500) Contains an authentication vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Silex SD-320AN is a serial port device server produced by Silex Technology Company of Japan. GE MobileLink (GEH-500) is an electrocardiogram analysis system developed by General Electric (GE). There is a security vulnerability in Silex SX-500 and GE MobileLink (GEH-500) 1.54 and earlier versions. The vulnerability is caused by the program not performing authentication on POST requests. An attacker could exploit this vulnerability to change system settings
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-1044",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sx-500",
"scope": "eq",
"trust": 1.6,
"vendor": "silextechnology",
"version": null
},
{
"model": "geh-sd-320an",
"scope": "lte",
"trust": 1.0,
"vendor": "silextechnology",
"version": "geh-1.1"
},
{
"model": "sd-320an",
"scope": "lte",
"trust": 1.0,
"vendor": "silextechnology",
"version": "2.01"
},
{
"model": "geh-500",
"scope": "lte",
"trust": 1.0,
"vendor": "silextechnology",
"version": "1.54"
},
{
"model": "geh-500",
"scope": "lte",
"trust": 0.8,
"vendor": "silex",
"version": "1.54"
},
{
"model": "geh-sd-320an",
"scope": null,
"trust": 0.8,
"vendor": "silex",
"version": null
},
{
"model": "sd-320an",
"scope": null,
"trust": 0.8,
"vendor": "silex",
"version": null
},
{
"model": "sx-500",
"scope": null,
"trust": 0.8,
"vendor": "silex",
"version": null
},
{
"model": "geh-500",
"scope": "eq",
"trust": 0.6,
"vendor": "silextechnology",
"version": "1.54"
},
{
"model": "sd-320an",
"scope": "eq",
"trust": 0.6,
"vendor": "silextechnology",
"version": "2.01"
},
{
"model": "geh-sd-320an",
"scope": "eq",
"trust": 0.6,
"vendor": "silextechnology",
"version": "geh-1.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004824"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-234"
},
{
"db": "NVD",
"id": "CVE-2018-6020"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:silex:geh-500_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:silex:geh-sd-320an_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:silex:sd-320an_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:silex:sx-500_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004824"
}
]
},
"cve": "CVE-2018-6020",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-6020",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-136052",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-6020",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-6020",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-6020",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-234",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-136052",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136052"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004824"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-234"
},
{
"db": "NVD",
"id": "CVE-2018-6020"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Silex SX-500 all versions and GE MobileLink(GEH-500) version 1.54 and prior, authentication is not verified when making certain POST requests, which may allow attackers to modify system settings. Silex SX-500 and GE MobileLink(GEH-500) Contains an authentication vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Silex SD-320AN is a serial port device server produced by Silex Technology Company of Japan. GE MobileLink (GEH-500) is an electrocardiogram analysis system developed by General Electric (GE). There is a security vulnerability in Silex SX-500 and GE MobileLink (GEH-500) 1.54 and earlier versions. The vulnerability is caused by the program not performing authentication on POST requests. An attacker could exploit this vulnerability to change system settings",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6020"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004824"
},
{
"db": "VULHUB",
"id": "VHN-136052"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6020",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSMA-18-128-01",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004824",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201805-234",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-136052",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136052"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004824"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-234"
},
{
"db": "NVD",
"id": "CVE-2018-6020"
}
]
},
"id": "VAR-201805-1044",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-136052"
}
],
"trust": 0.7666666999999999
},
"last_update_date": "2024-11-23T22:41:50.615000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.silex.jp/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004824"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136052"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004824"
},
{
"db": "NVD",
"id": "CVE-2018-6020"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-128-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6020"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6020"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136052"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004824"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-234"
},
{
"db": "NVD",
"id": "CVE-2018-6020"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-136052"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004824"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-234"
},
{
"db": "NVD",
"id": "CVE-2018-6020"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-09T00:00:00",
"db": "VULHUB",
"id": "VHN-136052"
},
{
"date": "2018-06-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004824"
},
{
"date": "2018-05-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-234"
},
{
"date": "2018-05-09T21:29:00.213000",
"db": "NVD",
"id": "CVE-2018-6020"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-13T00:00:00",
"db": "VULHUB",
"id": "VHN-136052"
},
{
"date": "2018-06-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004824"
},
{
"date": "2018-05-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-234"
},
{
"date": "2024-11-21T04:09:54.577000",
"db": "NVD",
"id": "CVE-2018-6020"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-234"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Silex SX-500 and GE MobileLink Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004824"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-234"
}
],
"trust": 0.6
}
}