Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for vgo_firmware by vecna

    CVE-2018-8858 (GCVE-0-2018-8858)

    Vulnerability from nvd – Published: 2018-10-30 21:00 – Updated: 2024-08-05 07:10
    VLAI
    Summary
    If an attacker has access to the firmware from the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to extract credentials.
    Severity
    No CVSS data available.
    CWE
    • CWE-522 - INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a VGo Robot Affected: Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected.
    Date Public
    2018-10-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:10:46.255Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VGo Robot",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected."
                }
              ]
            }
          ],
          "datePublic": "2018-10-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "If an attacker has access to the firmware from the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to extract credentials."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-30T20:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2018-8858",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VGo Robot",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "If an attacker has access to the firmware from the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to extract credentials."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-8858",
        "datePublished": "2018-10-30T21:00:00.000Z",
        "dateReserved": "2018-03-20T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:10:46.255Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-17933 (GCVE-0-2018-17933)

    Vulnerability from nvd – Published: 2018-10-30 21:00 – Updated: 2024-08-05 11:01
    VLAI
    Summary
    VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) connected to the VGo XAMPP. User accounts may be able to execute commands that are outside the scope of their privileges and within the scope of an admin account. If an attacker has access to VGo XAMPP Client credentials, they may be able to execute admin commands on the connected robot.
    Severity
    No CVSS data available.
    CWE
    • CWE-285 - IMPROPER AUTHORIZATION CWE-285
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a VGo Robot Affected: Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected.
    Date Public
    2018-10-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.711Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VGo Robot",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected."
                }
              ]
            }
          ],
          "datePublic": "2018-10-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) connected to the VGo XAMPP. User accounts may be able to execute commands that are outside the scope of their privileges and within the scope of an admin account. If an attacker has access to VGo XAMPP Client credentials, they may be able to execute admin commands on the connected robot."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "IMPROPER AUTHORIZATION CWE-285",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-30T20:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2018-17933",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VGo Robot",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) connected to the VGo XAMPP. User accounts may be able to execute commands that are outside the scope of their privileges and within the scope of an admin account. If an attacker has access to VGo XAMPP Client credentials, they may be able to execute admin commands on the connected robot."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER AUTHORIZATION CWE-285"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-17933",
        "datePublished": "2018-10-30T21:00:00.000Z",
        "dateReserved": "2018-10-02T00:00:00.000Z",
        "dateUpdated": "2024-08-05T11:01:14.711Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-17931 (GCVE-0-2018-17931)

    Vulnerability from nvd – Published: 2018-10-30 21:00 – Updated: 2024-08-05 11:01
    VLAI
    Summary
    If an attacker has physical access to the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to alter scripts, which may allow code execution with root privileges.
    Severity
    No CVSS data available.
    CWE
    • CWE-284 - IMPROPER ACCESS CONTROL CWE-284
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a VGo Robot Affected: Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected.
    Date Public
    2018-10-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.712Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VGo Robot",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected."
                }
              ]
            }
          ],
          "datePublic": "2018-10-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "If an attacker has physical access to the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to alter scripts, which may allow code execution with root privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "IMPROPER ACCESS CONTROL CWE-284",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-30T20:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2018-17931",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VGo Robot",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "If an attacker has physical access to the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to alter scripts, which may allow code execution with root privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER ACCESS CONTROL CWE-284"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-17931",
        "datePublished": "2018-10-30T21:00:00.000Z",
        "dateReserved": "2018-10-02T00:00:00.000Z",
        "dateUpdated": "2024-08-05T11:01:14.712Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8860 (GCVE-0-2018-8860)

    Vulnerability from nvd – Published: 2018-05-09 21:00 – Updated: 2024-09-17 01:30
    VLAI
    Summary
    In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker may be able to capture firmware updates through the adjacent network.
    Severity
    No CVSS data available.
    CWE
    • Cleartext Transmission of Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    ICS-CERT VGo Robot Affected: All versions prior to 3.0.3.52164
    Create a notification for this product.
    Date Public
    2018-05-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:10:46.243Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01"
              },
              {
                "name": "103966",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103966"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VGo Robot",
              "vendor": "ICS-CERT",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 3.0.3.52164"
                }
              ]
            }
          ],
          "datePublic": "2018-05-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker may be able to capture firmware updates through the adjacent network."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-10T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01"
            },
            {
              "name": "103966",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103966"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-05-07T00:00:00",
              "ID": "CVE-2018-8860",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VGo Robot",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 3.0.3.52164"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ICS-CERT"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker may be able to capture firmware updates through the adjacent network."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cleartext Transmission of Sensitive Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01"
                },
                {
                  "name": "103966",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103966"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-8860",
        "datePublished": "2018-05-09T21:00:00.000Z",
        "dateReserved": "2018-03-20T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:30:43.321Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8866 (GCVE-0-2018-8866)

    Vulnerability from nvd – Published: 2018-05-09 19:00 – Updated: 2024-09-16 16:33
    VLAI
    Summary
    In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker on an adjacent network could perform command injection.
    Severity
    No CVSS data available.
    CWE
    • Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    ICS-CERT VGo Robot Affected: All versions prior to 3.0.3.52164
    Create a notification for this product.
    Date Public
    2018-04-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:10:46.541Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01"
              },
              {
                "name": "103966",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103966"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VGo Robot",
              "vendor": "ICS-CERT",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 3.0.3.52164"
                }
              ]
            }
          ],
          "datePublic": "2018-04-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker on an adjacent network could perform command injection."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-10T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01"
            },
            {
              "name": "103966",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103966"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-04-24T00:00:00",
              "ID": "CVE-2018-8866",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VGo Robot",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 3.0.3.52164"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ICS-CERT"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker on an adjacent network could perform command injection."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01"
                },
                {
                  "name": "103966",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103966"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-8866",
        "datePublished": "2018-05-09T19:00:00.000Z",
        "dateReserved": "2018-03-20T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:33:35.624Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-17931 (GCVE-0-2018-17931)

    Vulnerability from cvelistv5 – Published: 2018-10-30 21:00 – Updated: 2024-08-05 11:01
    VLAI
    Summary
    If an attacker has physical access to the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to alter scripts, which may allow code execution with root privileges.
    Severity
    No CVSS data available.
    CWE
    • CWE-284 - IMPROPER ACCESS CONTROL CWE-284
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a VGo Robot Affected: Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected.
    Date Public
    2018-10-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.712Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VGo Robot",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected."
                }
              ]
            }
          ],
          "datePublic": "2018-10-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "If an attacker has physical access to the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to alter scripts, which may allow code execution with root privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "IMPROPER ACCESS CONTROL CWE-284",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-30T20:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2018-17931",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VGo Robot",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "If an attacker has physical access to the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to alter scripts, which may allow code execution with root privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER ACCESS CONTROL CWE-284"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-17931",
        "datePublished": "2018-10-30T21:00:00.000Z",
        "dateReserved": "2018-10-02T00:00:00.000Z",
        "dateUpdated": "2024-08-05T11:01:14.712Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-17933 (GCVE-0-2018-17933)

    Vulnerability from cvelistv5 – Published: 2018-10-30 21:00 – Updated: 2024-08-05 11:01
    VLAI
    Summary
    VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) connected to the VGo XAMPP. User accounts may be able to execute commands that are outside the scope of their privileges and within the scope of an admin account. If an attacker has access to VGo XAMPP Client credentials, they may be able to execute admin commands on the connected robot.
    Severity
    No CVSS data available.
    CWE
    • CWE-285 - IMPROPER AUTHORIZATION CWE-285
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a VGo Robot Affected: Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected.
    Date Public
    2018-10-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.711Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VGo Robot",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected."
                }
              ]
            }
          ],
          "datePublic": "2018-10-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) connected to the VGo XAMPP. User accounts may be able to execute commands that are outside the scope of their privileges and within the scope of an admin account. If an attacker has access to VGo XAMPP Client credentials, they may be able to execute admin commands on the connected robot."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "IMPROPER AUTHORIZATION CWE-285",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-30T20:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2018-17933",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VGo Robot",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) connected to the VGo XAMPP. User accounts may be able to execute commands that are outside the scope of their privileges and within the scope of an admin account. If an attacker has access to VGo XAMPP Client credentials, they may be able to execute admin commands on the connected robot."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER AUTHORIZATION CWE-285"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-17933",
        "datePublished": "2018-10-30T21:00:00.000Z",
        "dateReserved": "2018-10-02T00:00:00.000Z",
        "dateUpdated": "2024-08-05T11:01:14.711Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8858 (GCVE-0-2018-8858)

    Vulnerability from cvelistv5 – Published: 2018-10-30 21:00 – Updated: 2024-08-05 07:10
    VLAI
    Summary
    If an attacker has access to the firmware from the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to extract credentials.
    Severity
    No CVSS data available.
    CWE
    • CWE-522 - INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a VGo Robot Affected: Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected.
    Date Public
    2018-10-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:10:46.255Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VGo Robot",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected."
                }
              ]
            }
          ],
          "datePublic": "2018-10-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "If an attacker has access to the firmware from the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to extract credentials."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-30T20:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2018-8858",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VGo Robot",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "If an attacker has access to the firmware from the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to extract credentials."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "INSUFFICIENTLY PROTECTED CREDENTIALS CWE-522"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-8858",
        "datePublished": "2018-10-30T21:00:00.000Z",
        "dateReserved": "2018-03-20T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:10:46.255Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8860 (GCVE-0-2018-8860)

    Vulnerability from cvelistv5 – Published: 2018-05-09 21:00 – Updated: 2024-09-17 01:30
    VLAI
    Summary
    In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker may be able to capture firmware updates through the adjacent network.
    Severity
    No CVSS data available.
    CWE
    • Cleartext Transmission of Sensitive Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    ICS-CERT VGo Robot Affected: All versions prior to 3.0.3.52164
    Create a notification for this product.
    Date Public
    2018-05-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:10:46.243Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01"
              },
              {
                "name": "103966",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103966"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VGo Robot",
              "vendor": "ICS-CERT",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 3.0.3.52164"
                }
              ]
            }
          ],
          "datePublic": "2018-05-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker may be able to capture firmware updates through the adjacent network."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-10T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01"
            },
            {
              "name": "103966",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103966"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-05-07T00:00:00",
              "ID": "CVE-2018-8860",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VGo Robot",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 3.0.3.52164"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ICS-CERT"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker may be able to capture firmware updates through the adjacent network."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cleartext Transmission of Sensitive Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01"
                },
                {
                  "name": "103966",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103966"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-8860",
        "datePublished": "2018-05-09T21:00:00.000Z",
        "dateReserved": "2018-03-20T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:30:43.321Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8866 (GCVE-0-2018-8866)

    Vulnerability from cvelistv5 – Published: 2018-05-09 19:00 – Updated: 2024-09-16 16:33
    VLAI
    Summary
    In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker on an adjacent network could perform command injection.
    Severity
    No CVSS data available.
    CWE
    • Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    ICS-CERT VGo Robot Affected: All versions prior to 3.0.3.52164
    Create a notification for this product.
    Date Public
    2018-04-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:10:46.541Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01"
              },
              {
                "name": "103966",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103966"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VGo Robot",
              "vendor": "ICS-CERT",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 3.0.3.52164"
                }
              ]
            }
          ],
          "datePublic": "2018-04-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker on an adjacent network could perform command injection."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-10T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01"
            },
            {
              "name": "103966",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103966"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-04-24T00:00:00",
              "ID": "CVE-2018-8866",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VGo Robot",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 3.0.3.52164"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ICS-CERT"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker on an adjacent network could perform command injection."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01"
                },
                {
                  "name": "103966",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103966"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-8866",
        "datePublished": "2018-05-09T19:00:00.000Z",
        "dateReserved": "2018-03-20T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:33:35.624Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }