Search

Find a vulnerability

Search criteria

    12 vulnerabilities by Martem

    VAR-201810-0086

    Vulnerability from variot - Updated: 2024-11-23 22:12

    Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow unprivileged users to modify/upload a new system configuration or take the full control over the RTU using default credentials to connect to the RTU. Martem TELEM GW6/GWM Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MartemTELEMGW6/GWM are data processor products from Martem, Estonia. A security vulnerability exists in versions prior to MartemTELEMGW6/GWM2.0.87-4018403-k4

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0086",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "telem-gw6",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "martem",
            "version": "2.0.87-4018403-k4"
          },
          {
            "model": "telem-gwm",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "martem",
            "version": "2.0.87-4018403-k4"
          },
          {
            "model": "telem gw6",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "martem",
            "version": "2.0.87-4018403-k4"
          },
          {
            "model": "telem gwm",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "martem",
            "version": "2.0.87-4018403-k4"
          },
          {
            "model": "telem gw6/gwm \u003c2.0.87-4018403-k4",
            "scope": null,
            "trust": 0.6,
            "vendor": "martem",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "telem gw6",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "telem gwm",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1bbcf237-5eda-443e-ad18-33424687df2c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-07031"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010915"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10605"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:martem:telem_gw6_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:martem:telem_gwm_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010915"
          }
        ]
      },
      "cve": "CVE-2018-10605",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2018-10605",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2019-07031",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "1bbcf237-5eda-443e-ad18-33424687df2c",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2018-10605",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-10605",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-10605",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-07031",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201810-020",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "1bbcf237-5eda-443e-ad18-33424687df2c",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1bbcf237-5eda-443e-ad18-33424687df2c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-07031"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010915"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-020"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10605"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow unprivileged users to modify/upload a new system configuration or take the full control over the RTU using default credentials to connect to the RTU. Martem TELEM GW6/GWM Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MartemTELEMGW6/GWM are data processor products from Martem, Estonia. A security vulnerability exists in versions prior to MartemTELEMGW6/GWM2.0.87-4018403-k4",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-10605"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010915"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-07031"
          },
          {
            "db": "IVD",
            "id": "1bbcf237-5eda-443e-ad18-33424687df2c"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-10605",
            "trust": 3.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-142-01",
            "trust": 2.4
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-07031",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-020",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010915",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "1BBCF237-5EDA-443E-AD18-33424687DF2C",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1bbcf237-5eda-443e-ad18-33424687df2c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-07031"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010915"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-020"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10605"
          }
        ]
      },
      "id": "VAR-201810-0086",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "1bbcf237-5eda-443e-ad18-33424687df2c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-07031"
          }
        ],
        "trust": 1.8
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "1bbcf237-5eda-443e-ad18-33424687df2c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-07031"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:12:28.824000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "SA1805183",
            "trust": 0.8,
            "url": "https://martem.eu/csa/Martem_CSA_Telem_1805183.pdf"
          },
          {
            "title": "Patch for MartemTELEMGW6/GWM privilege vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/156129"
          },
          {
            "title": "Martem TELEM GW6/GWM Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86118"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-07031"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010915"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-020"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-1188",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-276",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010915"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10605"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-142-01"
          },
          {
            "trust": 1.6,
            "url": "https://martem.eu/csa/martem_csa_telem_1805183.pdf"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10605"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10605"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-07031"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010915"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-020"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10605"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "1bbcf237-5eda-443e-ad18-33424687df2c"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-07031"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010915"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-020"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10605"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-03-14T00:00:00",
            "db": "IVD",
            "id": "1bbcf237-5eda-443e-ad18-33424687df2c"
          },
          {
            "date": "2019-03-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-07031"
          },
          {
            "date": "2018-12-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010915"
          },
          {
            "date": "2018-10-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-020"
          },
          {
            "date": "2018-10-01T16:29:00.440000",
            "db": "NVD",
            "id": "CVE-2018-10605"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-03-14T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-07031"
          },
          {
            "date": "2018-12-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-010915"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-020"
          },
          {
            "date": "2024-11-21T03:41:39.017000",
            "db": "NVD",
            "id": "CVE-2018-10605"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-020"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Martem TELEM GW6/GWM Vulnerabilities related to authorization, permissions, and access control",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-010915"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control issues",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-020"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201807-0340

    Vulnerability from variot - Updated: 2024-11-23 22:12

    Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges. Martem TELEM GW6 and GWM The device firmware contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Martem specializes in providing distribution network monitoring remote control systems, and its customers include distribution companies and industrial and transportation companies with their own power grids. Multiple Martem Products are prone to the following security vulnerabilities. 1. An security bypass vulnerability. 2. A denial-of-service vulnerability. 3. An cross-site scripting vulnerability. Attackers can exploit these issues to bypass certain security restrictions to perform unauthorized actions, steal cookie-based authentication credentials, to execute arbitrary scripts in the context of the web browser. Failed exploit attempts will result in a denial-of-service condition. The following products are affected: GW6 Version 2018.04.18-linux_4-01-601cb47 and prior. GWM Version 2018.04.18-linux_4-01-601cb47 and prior. Both Martem GW6 and GWM are data processor products of Estonian Martem Company. The vulnerability is caused by the program not filtering data correctly

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201807-0340",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "telem-gw6",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "martem",
            "version": "2018.04.18-linux_4-01-601cb47"
          },
          {
            "model": "telem-gwm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "martem",
            "version": "2018.04.18-linux_4-01-601cb47"
          },
          {
            "model": "telem gw6",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "martem",
            "version": "2018.04.18-linux_4-01-601cb47"
          },
          {
            "model": "telem gwm",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "martem",
            "version": "2018.04.18-linux_4-01-601cb47"
          },
          {
            "model": "gw6 \u003c=2018.04.18-linux 4-01-601cb47",
            "scope": null,
            "trust": 0.6,
            "vendor": "martem",
            "version": null
          },
          {
            "model": "gwm \u003c=2018.04.18-linux 4-01-601cb47",
            "scope": null,
            "trust": 0.6,
            "vendor": "martem",
            "version": null
          },
          {
            "model": "telem gw6",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "martem",
            "version": "2018.04.18-linux_4-01-601cb47"
          },
          {
            "model": "telem gwm",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "martem",
            "version": "2018.04.18-linux_4-01-601cb47"
          },
          {
            "model": "gwm 2018.04.18-linux 4-0",
            "scope": null,
            "trust": 0.3,
            "vendor": "martem",
            "version": null
          },
          {
            "model": "gw6 2018.04.18-linux 4-0",
            "scope": null,
            "trust": 0.3,
            "vendor": "martem",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "telem gwm",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "telem gw6",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f070f0-39ab-11e9-841a-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10589"
          },
          {
            "db": "BID",
            "id": "104286"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008780"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-1162"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10609"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:martem:telem_gw6_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:martem:telem_gwm_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008780"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Latvia,Bernhards Blumbergs and Arturs Danilevics of CERT.LV",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-1162"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2018-10609",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-10609",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-10589",
                "impactScore": 6.9,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "e2f070f0-39ab-11e9-841a-000c29342cb1",
                "impactScore": 6.9,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-120385",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2018-10609",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-10609",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-10609",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-10589",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201805-1162",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "e2f070f0-39ab-11e9-841a-000c29342cb1",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-120385",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f070f0-39ab-11e9-841a-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10589"
          },
          {
            "db": "VULHUB",
            "id": "VHN-120385"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008780"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-1162"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10609"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges. Martem TELEM GW6 and GWM The device firmware contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Martem specializes in providing distribution network monitoring remote control systems, and its customers include distribution companies and industrial and transportation companies with their own power grids. Multiple Martem Products are prone to the following security vulnerabilities. \n1. An security bypass vulnerability. \n2. A denial-of-service vulnerability. \n3. An cross-site scripting vulnerability. \nAttackers can exploit these issues to bypass certain security restrictions to perform unauthorized actions, steal cookie-based authentication credentials, to execute arbitrary scripts in the context of the web browser. Failed exploit attempts will result in a denial-of-service condition. \nThe following products are affected:\nGW6 Version 2018.04.18-linux_4-01-601cb47 and prior. \nGWM Version 2018.04.18-linux_4-01-601cb47 and prior. Both Martem GW6 and GWM are data processor products of Estonian Martem Company. The vulnerability is caused by the program not filtering data correctly",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-10609"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008780"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10589"
          },
          {
            "db": "BID",
            "id": "104286"
          },
          {
            "db": "IVD",
            "id": "e2f070f0-39ab-11e9-841a-000c29342cb1"
          },
          {
            "db": "VULHUB",
            "id": "VHN-120385"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-10609",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-142-01",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "104286",
            "trust": 2.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-1162",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10589",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008780",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E2F070F0-39AB-11E9-841A-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-120385",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f070f0-39ab-11e9-841a-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10589"
          },
          {
            "db": "VULHUB",
            "id": "VHN-120385"
          },
          {
            "db": "BID",
            "id": "104286"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008780"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-1162"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10609"
          }
        ]
      },
      "id": "VAR-201807-0340",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2f070f0-39ab-11e9-841a-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10589"
          },
          {
            "db": "VULHUB",
            "id": "VHN-120385"
          }
        ],
        "trust": 1.9
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f070f0-39ab-11e9-841a-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10589"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:12:28.786000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "SA1805181",
            "trust": 0.8,
            "url": "https://martem.eu/csa/Martem_CSA_Telem_1805181.pdf"
          },
          {
            "title": "Martem GW6  and GWM Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80639"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008780"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-1162"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-120385"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008780"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10609"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-142-01"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/104286"
          },
          {
            "trust": 1.7,
            "url": "http://martem.eu/csa/martem_csa_telem_1805181.pdf"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10609"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10609"
          },
          {
            "trust": 0.3,
            "url": "http://martem.ee/"
          },
          {
            "trust": 0.3,
            "url": "http://martem.eu/csa/martem_csa_telem_1805182.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://martem.eu/csa/martem_csa_telem_1805184.pdf"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-10589"
          },
          {
            "db": "VULHUB",
            "id": "VHN-120385"
          },
          {
            "db": "BID",
            "id": "104286"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008780"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-1162"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10609"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2f070f0-39ab-11e9-841a-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10589"
          },
          {
            "db": "VULHUB",
            "id": "VHN-120385"
          },
          {
            "db": "BID",
            "id": "104286"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008780"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-1162"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10609"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-05-30T00:00:00",
            "db": "IVD",
            "id": "e2f070f0-39ab-11e9-841a-000c29342cb1"
          },
          {
            "date": "2018-05-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-10589"
          },
          {
            "date": "2018-07-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-120385"
          },
          {
            "date": "2018-05-22T00:00:00",
            "db": "BID",
            "id": "104286"
          },
          {
            "date": "2018-10-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-008780"
          },
          {
            "date": "2018-06-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201805-1162"
          },
          {
            "date": "2018-07-31T17:29:00.373000",
            "db": "NVD",
            "id": "CVE-2018-10609"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-05-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-10589"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-120385"
          },
          {
            "date": "2018-05-22T00:00:00",
            "db": "BID",
            "id": "104286"
          },
          {
            "date": "2018-10-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-008780"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201805-1162"
          },
          {
            "date": "2024-11-21T03:41:39.490000",
            "db": "NVD",
            "id": "CVE-2018-10609"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-1162"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Martem TELEM-GW6/GWM Cross-Site Scripting Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "e2f070f0-39ab-11e9-841a-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10589"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-1162"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201807-0336

    Vulnerability from variot - Updated: 2024-11-23 22:12

    Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process. Martem TELEM GW6 and GWM There is an authentication vulnerability in the device firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Martem specializes in providing distribution network monitoring remote control systems, and its customers include distribution companies and industrial and transportation companies with their own power grids. Multiple Martem Products are prone to the following security vulnerabilities. 1. An security bypass vulnerability. 2. A denial-of-service vulnerability. 3. An cross-site scripting vulnerability. Attackers can exploit these issues to bypass certain security restrictions to perform unauthorized actions, steal cookie-based authentication credentials, to execute arbitrary scripts in the context of the web browser. Failed exploit attempts will result in a denial-of-service condition. The following products are affected: GW6 Version 2018.04.18-linux_4-01-601cb47 and prior. GWM Version 2018.04.18-linux_4-01-601cb47 and prior. Both Martem GW6 and GWM are data processor products of Estonian Martem Company. Martem GW6 2018.04.18-linux_4-01-601cb47 and earlier versions and GWM 2018.04.18-linux_4-01-601cb47 and earlier versions have an authorization problem vulnerability

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201807-0336",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "telem-gw6",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "martem",
            "version": "2018.04.18-linux_4-01-601cb47"
          },
          {
            "model": "telem-gwm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "martem",
            "version": "2018.04.18-linux_4-01-601cb47"
          },
          {
            "model": "telem gw6",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "martem",
            "version": "2018.04.18-linux_4-01-601cb47"
          },
          {
            "model": "telem gwm",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "martem",
            "version": "2018.04.18-linux_4-01-601cb47"
          },
          {
            "model": "gw6 \u003c=2018.04.18-linux 4-01-601cb47",
            "scope": null,
            "trust": 0.6,
            "vendor": "martem",
            "version": null
          },
          {
            "model": "gwm \u003c=2018.04.18-linux 4-01-601cb47",
            "scope": null,
            "trust": 0.6,
            "vendor": "martem",
            "version": null
          },
          {
            "model": "telem gw6",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "martem",
            "version": "2018.04.18-linux_4-01-601cb47"
          },
          {
            "model": "telem gwm",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "martem",
            "version": "2018.04.18-linux_4-01-601cb47"
          },
          {
            "model": "gwm 2018.04.18-linux 4-0",
            "scope": null,
            "trust": 0.3,
            "vendor": "martem",
            "version": null
          },
          {
            "model": "gw6 2018.04.18-linux 4-0",
            "scope": null,
            "trust": 0.3,
            "vendor": "martem",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "telem gwm",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "telem gw6",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f09801-39ab-11e9-8803-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10591"
          },
          {
            "db": "BID",
            "id": "104286"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008778"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-1160"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10603"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:martem:telem_gw6_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:martem:telem_gwm_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008778"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Latvia,Bernhards Blumbergs and Arturs Danilevics of CERT.LV",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-1160"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2018-10603",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-10603",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 9.7,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-10591",
                "impactScore": 9.5,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 9.7,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "e2f09801-39ab-11e9-8803-000c29342cb1",
                "impactScore": 9.5,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:P",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-120379",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-10603",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-10603",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-10603",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-10591",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201805-1160",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "IVD",
                "id": "e2f09801-39ab-11e9-8803-000c29342cb1",
                "trust": 0.2,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-120379",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f09801-39ab-11e9-8803-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10591"
          },
          {
            "db": "VULHUB",
            "id": "VHN-120379"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008778"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-1160"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10603"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process. Martem TELEM GW6 and GWM There is an authentication vulnerability in the device firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Martem specializes in providing distribution network monitoring remote control systems, and its customers include distribution companies and industrial and transportation companies with their own power grids. Multiple Martem Products are prone to the following security vulnerabilities. \n1. An security bypass vulnerability. \n2. A denial-of-service vulnerability. \n3. An cross-site scripting vulnerability. \nAttackers can exploit these issues to bypass certain security restrictions to perform unauthorized actions, steal cookie-based authentication credentials, to execute arbitrary scripts in the context of the web browser. Failed exploit attempts will result in a denial-of-service condition. \nThe following products are affected:\nGW6 Version 2018.04.18-linux_4-01-601cb47 and prior. \nGWM Version 2018.04.18-linux_4-01-601cb47 and prior. Both Martem GW6 and GWM are data processor products of Estonian Martem Company. Martem GW6 2018.04.18-linux_4-01-601cb47 and earlier versions and GWM 2018.04.18-linux_4-01-601cb47 and earlier versions have an authorization problem vulnerability",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-10603"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008778"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10591"
          },
          {
            "db": "BID",
            "id": "104286"
          },
          {
            "db": "IVD",
            "id": "e2f09801-39ab-11e9-8803-000c29342cb1"
          },
          {
            "db": "VULHUB",
            "id": "VHN-120379"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-10603",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-142-01",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "104286",
            "trust": 2.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-1160",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10591",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008778",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E2F09801-39AB-11E9-8803-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-120379",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f09801-39ab-11e9-8803-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10591"
          },
          {
            "db": "VULHUB",
            "id": "VHN-120379"
          },
          {
            "db": "BID",
            "id": "104286"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008778"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-1160"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10603"
          }
        ]
      },
      "id": "VAR-201807-0336",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2f09801-39ab-11e9-8803-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10591"
          },
          {
            "db": "VULHUB",
            "id": "VHN-120379"
          }
        ],
        "trust": 1.9
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f09801-39ab-11e9-8803-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10591"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:12:28.747000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Telem-GW6",
            "trust": 0.8,
            "url": "https://www.martem.ee/telem-gw6/"
          },
          {
            "title": "Martem GW6  and GWM Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80637"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008778"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-1160"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-306",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-120379"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008778"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10603"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-142-01"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/104286"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10603"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10603"
          },
          {
            "trust": 0.3,
            "url": "http://martem.ee/"
          },
          {
            "trust": 0.3,
            "url": "http://martem.eu/csa/martem_csa_telem_1805182.pdf"
          },
          {
            "trust": 0.3,
            "url": "http://martem.eu/csa/martem_csa_telem_1805184.pdf"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-10591"
          },
          {
            "db": "VULHUB",
            "id": "VHN-120379"
          },
          {
            "db": "BID",
            "id": "104286"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008778"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-1160"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10603"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2f09801-39ab-11e9-8803-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10591"
          },
          {
            "db": "VULHUB",
            "id": "VHN-120379"
          },
          {
            "db": "BID",
            "id": "104286"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008778"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-1160"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10603"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-05-30T00:00:00",
            "db": "IVD",
            "id": "e2f09801-39ab-11e9-8803-000c29342cb1"
          },
          {
            "date": "2018-05-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-10591"
          },
          {
            "date": "2018-07-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-120379"
          },
          {
            "date": "2018-05-22T00:00:00",
            "db": "BID",
            "id": "104286"
          },
          {
            "date": "2018-10-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-008778"
          },
          {
            "date": "2018-06-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201805-1160"
          },
          {
            "date": "2018-07-31T17:29:00.280000",
            "db": "NVD",
            "id": "CVE-2018-10603"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-05-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-10591"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-120379"
          },
          {
            "date": "2018-05-22T00:00:00",
            "db": "BID",
            "id": "104286"
          },
          {
            "date": "2018-10-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-008778"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201805-1160"
          },
          {
            "date": "2024-11-21T03:41:38.783000",
            "db": "NVD",
            "id": "CVE-2018-10603"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-1160"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Martem TELEM GW6 and  GWM Authentication vulnerabilities in device firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008778"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-1160"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201807-0338

    Vulnerability from variot - Updated: 2024-11-23 22:12

    Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel. Martem TELEM GW6 and GWM The device firmware contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Martem specializes in providing distribution network monitoring remote control systems, and its customers include distribution companies and industrial and transportation companies with their own power grids. Multiple Martem Products are prone to the following security vulnerabilities. 1. An security bypass vulnerability. 2. A denial-of-service vulnerability. 3. An cross-site scripting vulnerability. Attackers can exploit these issues to bypass certain security restrictions to perform unauthorized actions, steal cookie-based authentication credentials, to execute arbitrary scripts in the context of the web browser. Failed exploit attempts will result in a denial-of-service condition. The following products are affected: GW6 Version 2018.04.18-linux_4-01-601cb47 and prior. GWM Version 2018.04.18-linux_4-01-601cb47 and prior. Both Martem GW6 and GWM are data processor products of Estonian Martem Company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201807-0338",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "telem-gw6",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "martem",
            "version": "2018.04.18-linux_4-01-601cb47"
          },
          {
            "model": "telem-gwm",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "martem",
            "version": "2018.04.18-linux_4-01-601cb47"
          },
          {
            "model": "telem gw6",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "martem",
            "version": "2018.04.18-linux_4-01-601cb47"
          },
          {
            "model": "telem gwm",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "martem",
            "version": "2018.04.18-linux_4-01-601cb47"
          },
          {
            "model": "gw6 \u003c=2018.04.18-linux 4-01-601cb47",
            "scope": null,
            "trust": 0.6,
            "vendor": "martem",
            "version": null
          },
          {
            "model": "gwm \u003c=2018.04.18-linux 4-01-601cb47",
            "scope": null,
            "trust": 0.6,
            "vendor": "martem",
            "version": null
          },
          {
            "model": "telem gw6",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "martem",
            "version": "2018.04.18-linux_4-01-601cb47"
          },
          {
            "model": "telem gwm",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "martem",
            "version": "2018.04.18-linux_4-01-601cb47"
          },
          {
            "model": "gwm 2018.04.18-linux 4-0",
            "scope": null,
            "trust": 0.3,
            "vendor": "martem",
            "version": null
          },
          {
            "model": "gw6 2018.04.18-linux 4-0",
            "scope": null,
            "trust": 0.3,
            "vendor": "martem",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "telem gwm",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "telem gw6",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f09800-39ab-11e9-bd1b-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10590"
          },
          {
            "db": "BID",
            "id": "104286"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008779"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-1161"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10607"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:martem:telem_gw6_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:martem:telem_gwm_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008779"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Latvia,Bernhards Blumbergs and Arturs Danilevics of CERT.LV",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-1161"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2018-10607",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-10607",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-10590",
                "impactScore": 7.8,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.5,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "e2f09800-39ab-11e9-bd1b-000c29342cb1",
                "impactScore": 7.8,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-120383",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-10607",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-10607",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-10607",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-10590",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201805-1161",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "e2f09800-39ab-11e9-bd1b-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-120383",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f09800-39ab-11e9-bd1b-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10590"
          },
          {
            "db": "VULHUB",
            "id": "VHN-120383"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008779"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-1161"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10607"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel. Martem TELEM GW6 and GWM The device firmware contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Martem specializes in providing distribution network monitoring remote control systems, and its customers include distribution companies and industrial and transportation companies with their own power grids. Multiple Martem Products are prone to the following security vulnerabilities. \n1. An security bypass vulnerability. \n2. A denial-of-service vulnerability. \n3. An cross-site scripting vulnerability. \nAttackers can exploit these issues to bypass certain security restrictions to perform unauthorized actions, steal cookie-based authentication credentials, to execute arbitrary scripts in the context of the web browser. Failed exploit attempts will result in a denial-of-service condition. \nThe following products are affected:\nGW6 Version 2018.04.18-linux_4-01-601cb47 and prior. \nGWM Version 2018.04.18-linux_4-01-601cb47 and prior. Both Martem GW6 and GWM are data processor products of Estonian Martem Company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-10607"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008779"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10590"
          },
          {
            "db": "BID",
            "id": "104286"
          },
          {
            "db": "IVD",
            "id": "e2f09800-39ab-11e9-bd1b-000c29342cb1"
          },
          {
            "db": "VULHUB",
            "id": "VHN-120383"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-10607",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-142-01",
            "trust": 3.4
          },
          {
            "db": "BID",
            "id": "104286",
            "trust": 2.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-1161",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10590",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008779",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "E2F09800-39AB-11E9-BD1B-000C29342CB1",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-120383",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f09800-39ab-11e9-bd1b-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10590"
          },
          {
            "db": "VULHUB",
            "id": "VHN-120383"
          },
          {
            "db": "BID",
            "id": "104286"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008779"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-1161"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10607"
          }
        ]
      },
      "id": "VAR-201807-0338",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "e2f09800-39ab-11e9-bd1b-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10590"
          },
          {
            "db": "VULHUB",
            "id": "VHN-120383"
          }
        ],
        "trust": 1.9
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "e2f09800-39ab-11e9-bd1b-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10590"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:12:28.708000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "SA1805184",
            "trust": 0.8,
            "url": "https://martem.eu/csa/Martem_CSA_Telem_1805184.pdf"
          },
          {
            "title": "Martem GW6  and GWM Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80638"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008779"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-1161"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-400",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-120383"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008779"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10607"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-142-01"
          },
          {
            "trust": 2.0,
            "url": "http://martem.eu/csa/martem_csa_telem_1805184.pdf"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/104286"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10607"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10607"
          },
          {
            "trust": 0.3,
            "url": "http://martem.ee/"
          },
          {
            "trust": 0.3,
            "url": "http://martem.eu/csa/martem_csa_telem_1805182.pdf"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-10590"
          },
          {
            "db": "VULHUB",
            "id": "VHN-120383"
          },
          {
            "db": "BID",
            "id": "104286"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008779"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-1161"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10607"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "e2f09800-39ab-11e9-bd1b-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10590"
          },
          {
            "db": "VULHUB",
            "id": "VHN-120383"
          },
          {
            "db": "BID",
            "id": "104286"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008779"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-1161"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10607"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-05-30T00:00:00",
            "db": "IVD",
            "id": "e2f09800-39ab-11e9-bd1b-000c29342cb1"
          },
          {
            "date": "2018-05-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-10590"
          },
          {
            "date": "2018-07-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-120383"
          },
          {
            "date": "2018-05-22T00:00:00",
            "db": "BID",
            "id": "104286"
          },
          {
            "date": "2018-10-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-008779"
          },
          {
            "date": "2018-06-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201805-1161"
          },
          {
            "date": "2018-07-31T17:29:00.327000",
            "db": "NVD",
            "id": "CVE-2018-10607"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-05-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-10590"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-120383"
          },
          {
            "date": "2018-05-22T00:00:00",
            "db": "BID",
            "id": "104286"
          },
          {
            "date": "2018-10-29T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-008779"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201805-1161"
          },
          {
            "date": "2024-11-21T03:41:39.253000",
            "db": "NVD",
            "id": "CVE-2018-10607"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-1161"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Martem TELEM-GW6/GWM Denial of service vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "e2f09800-39ab-11e9-bd1b-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-10590"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Resource management error",
        "sources": [
          {
            "db": "IVD",
            "id": "e2f09800-39ab-11e9-bd1b-000c29342cb1"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201805-1161"
          }
        ],
        "trust": 0.8
      }
    }

    CVE-2018-10605 (GCVE-0-2018-10605)

    Vulnerability from nvd – Published: 2018-10-01 16:00 – Updated: 2024-09-17 00:30
    VLAI
    Summary
    Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow unprivileged users to modify/upload a new system configuration or take the full control over the RTU using default credentials to connect to the RTU.
    Severity
    No CVSS data available.
    CWE
    • CWE-276 - INCORRECT DEFAULT PERMISSIONS CWE-276
    Assigner
    References
    Impacted products
    Vendor Product Version
    Martem TELEM-GW6/GWM Affected: All versions prior to 2.0.87-4018403-k4
    Create a notification for this product.
    Date Public
    2018-05-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:46:45.932Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://martem.eu/csa/Martem_CSA_Telem_1805183.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TELEM-GW6/GWM",
              "vendor": "Martem",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 2.0.87-4018403-k4"
                }
              ]
            }
          ],
          "datePublic": "2018-05-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow unprivileged users to modify/upload a new system configuration or take the full control over the RTU using default credentials to connect to the RTU."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "INCORRECT DEFAULT PERMISSIONS CWE-276",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-01T15:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://martem.eu/csa/Martem_CSA_Telem_1805183.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-05-22T00:00:00",
              "ID": "CVE-2018-10605",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TELEM-GW6/GWM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 2.0.87-4018403-k4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Martem"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow unprivileged users to modify/upload a new system configuration or take the full control over the RTU using default credentials to connect to the RTU."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "INCORRECT DEFAULT PERMISSIONS CWE-276"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
                },
                {
                  "name": "https://martem.eu/csa/Martem_CSA_Telem_1805183.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://martem.eu/csa/Martem_CSA_Telem_1805183.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-10605",
        "datePublished": "2018-10-01T16:00:00.000Z",
        "dateReserved": "2018-05-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:30:58.741Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-10609 (GCVE-0-2018-10609)

    Vulnerability from nvd – Published: 2018-07-31 17:00 – Updated: 2024-09-16 18:34
    VLAI
    Summary
    Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79
    Assigner
    References
    Impacted products
    Vendor Product Version
    Martem TELEM-GW6/GWM Affected: 2018.04.18-linux_4-01-601cb47 and prior
    Create a notification for this product.
    Date Public
    2018-05-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:46:46.199Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://martem.eu/csa/Martem_CSA_Telem_1805181.pdf"
              },
              {
                "name": "104286",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104286"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TELEM-GW6/GWM",
              "vendor": "Martem",
              "versions": [
                {
                  "status": "affected",
                  "version": "2018.04.18-linux_4-01-601cb47 and prior"
                }
              ]
            }
          ],
          "datePublic": "2018-05-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-01T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://martem.eu/csa/Martem_CSA_Telem_1805181.pdf"
            },
            {
              "name": "104286",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104286"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-05-22T00:00:00",
              "ID": "CVE-2018-10609",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TELEM-GW6/GWM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2018.04.18-linux_4-01-601cb47 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Martem"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
                },
                {
                  "name": "http://martem.eu/csa/Martem_CSA_Telem_1805181.pdf",
                  "refsource": "CONFIRM",
                  "url": "http://martem.eu/csa/Martem_CSA_Telem_1805181.pdf"
                },
                {
                  "name": "104286",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104286"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-10609",
        "datePublished": "2018-07-31T17:00:00.000Z",
        "dateReserved": "2018-05-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:34:17.545Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-10607 (GCVE-0-2018-10607)

    Vulnerability from nvd – Published: 2018-07-31 17:00 – Updated: 2024-09-16 21:57
    VLAI
    Summary
    Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel.
    Severity
    No CVSS data available.
    CWE
    • CWE-400 - UNCONTROLLED RESOURCE CONSUMPTION ('RESOURCE EXHAUSTION') CWE-400
    Assigner
    References
    Impacted products
    Vendor Product Version
    Martem TELEM GW6 Affected: 2018.04.18-linux_4-01-601cb47 and prior
    Create a notification for this product.
    Martem TELEM GWM Affected: 2018.04.18-linux_4-01-601cb47 and prior
    Create a notification for this product.
    Date Public
    2018-05-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:46:46.084Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://martem.eu/csa/Martem_CSA_Telem_1805184.pdf"
              },
              {
                "name": "104286",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104286"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TELEM GW6",
              "vendor": "Martem",
              "versions": [
                {
                  "status": "affected",
                  "version": "2018.04.18-linux_4-01-601cb47 and prior"
                }
              ]
            },
            {
              "product": "TELEM GWM",
              "vendor": "Martem",
              "versions": [
                {
                  "status": "affected",
                  "version": "2018.04.18-linux_4-01-601cb47 and prior"
                }
              ]
            }
          ],
          "datePublic": "2018-05-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "UNCONTROLLED RESOURCE CONSUMPTION (\u0027RESOURCE EXHAUSTION\u0027) CWE-400",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-01T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://martem.eu/csa/Martem_CSA_Telem_1805184.pdf"
            },
            {
              "name": "104286",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104286"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-05-22T00:00:00",
              "ID": "CVE-2018-10607",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TELEM GW6",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2018.04.18-linux_4-01-601cb47 and prior"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "TELEM GWM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2018.04.18-linux_4-01-601cb47 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Martem"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "UNCONTROLLED RESOURCE CONSUMPTION (\u0027RESOURCE EXHAUSTION\u0027) CWE-400"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
                },
                {
                  "name": "http://martem.eu/csa/Martem_CSA_Telem_1805184.pdf",
                  "refsource": "CONFIRM",
                  "url": "http://martem.eu/csa/Martem_CSA_Telem_1805184.pdf"
                },
                {
                  "name": "104286",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104286"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-10607",
        "datePublished": "2018-07-31T17:00:00.000Z",
        "dateReserved": "2018-05-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T21:57:37.516Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-10603 (GCVE-0-2018-10603)

    Vulnerability from nvd – Published: 2018-07-31 17:00 – Updated: 2024-09-17 00:21
    VLAI
    Summary
    Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process.
    Severity
    No CVSS data available.
    CWE
    • CWE-306 - MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306
    Assigner
    References
    Impacted products
    Vendor Product Version
    Martem TELEM GW6 Affected: 2018.04.18-linux_4-01-601cb47 and prior
    Create a notification for this product.
    Martem TELEM GWM Affected: 2018.04.18-linux_4-01-601cb47 and prior
    Create a notification for this product.
    Date Public
    2018-05-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:39:08.529Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
              },
              {
                "name": "104286",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104286"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TELEM GW6",
              "vendor": "Martem",
              "versions": [
                {
                  "status": "affected",
                  "version": "2018.04.18-linux_4-01-601cb47 and prior"
                }
              ]
            },
            {
              "product": "TELEM GWM",
              "vendor": "Martem",
              "versions": [
                {
                  "status": "affected",
                  "version": "2018.04.18-linux_4-01-601cb47 and prior"
                }
              ]
            }
          ],
          "datePublic": "2018-05-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-01T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
            },
            {
              "name": "104286",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104286"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-05-22T00:00:00",
              "ID": "CVE-2018-10603",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TELEM GW6",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2018.04.18-linux_4-01-601cb47 and prior"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "TELEM GWM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2018.04.18-linux_4-01-601cb47 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Martem"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
                },
                {
                  "name": "104286",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104286"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-10603",
        "datePublished": "2018-07-31T17:00:00.000Z",
        "dateReserved": "2018-05-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:21:23.117Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-10605 (GCVE-0-2018-10605)

    Vulnerability from cvelistv5 – Published: 2018-10-01 16:00 – Updated: 2024-09-17 00:30
    VLAI
    Summary
    Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow unprivileged users to modify/upload a new system configuration or take the full control over the RTU using default credentials to connect to the RTU.
    Severity
    No CVSS data available.
    CWE
    • CWE-276 - INCORRECT DEFAULT PERMISSIONS CWE-276
    Assigner
    References
    Impacted products
    Vendor Product Version
    Martem TELEM-GW6/GWM Affected: All versions prior to 2.0.87-4018403-k4
    Create a notification for this product.
    Date Public
    2018-05-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:46:45.932Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://martem.eu/csa/Martem_CSA_Telem_1805183.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TELEM-GW6/GWM",
              "vendor": "Martem",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 2.0.87-4018403-k4"
                }
              ]
            }
          ],
          "datePublic": "2018-05-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow unprivileged users to modify/upload a new system configuration or take the full control over the RTU using default credentials to connect to the RTU."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-276",
                  "description": "INCORRECT DEFAULT PERMISSIONS CWE-276",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-01T15:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://martem.eu/csa/Martem_CSA_Telem_1805183.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-05-22T00:00:00",
              "ID": "CVE-2018-10605",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TELEM-GW6/GWM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to 2.0.87-4018403-k4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Martem"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Martem TELEM GW6/GWM versions prior to 2.0.87-4018403-k4 may allow unprivileged users to modify/upload a new system configuration or take the full control over the RTU using default credentials to connect to the RTU."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "INCORRECT DEFAULT PERMISSIONS CWE-276"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
                },
                {
                  "name": "https://martem.eu/csa/Martem_CSA_Telem_1805183.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://martem.eu/csa/Martem_CSA_Telem_1805183.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-10605",
        "datePublished": "2018-10-01T16:00:00.000Z",
        "dateReserved": "2018-05-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:30:58.741Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-10607 (GCVE-0-2018-10607)

    Vulnerability from cvelistv5 – Published: 2018-07-31 17:00 – Updated: 2024-09-16 21:57
    VLAI
    Summary
    Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel.
    Severity
    No CVSS data available.
    CWE
    • CWE-400 - UNCONTROLLED RESOURCE CONSUMPTION ('RESOURCE EXHAUSTION') CWE-400
    Assigner
    References
    Impacted products
    Vendor Product Version
    Martem TELEM GW6 Affected: 2018.04.18-linux_4-01-601cb47 and prior
    Create a notification for this product.
    Martem TELEM GWM Affected: 2018.04.18-linux_4-01-601cb47 and prior
    Create a notification for this product.
    Date Public
    2018-05-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:46:46.084Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://martem.eu/csa/Martem_CSA_Telem_1805184.pdf"
              },
              {
                "name": "104286",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104286"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TELEM GW6",
              "vendor": "Martem",
              "versions": [
                {
                  "status": "affected",
                  "version": "2018.04.18-linux_4-01-601cb47 and prior"
                }
              ]
            },
            {
              "product": "TELEM GWM",
              "vendor": "Martem",
              "versions": [
                {
                  "status": "affected",
                  "version": "2018.04.18-linux_4-01-601cb47 and prior"
                }
              ]
            }
          ],
          "datePublic": "2018-05-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "UNCONTROLLED RESOURCE CONSUMPTION (\u0027RESOURCE EXHAUSTION\u0027) CWE-400",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-01T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://martem.eu/csa/Martem_CSA_Telem_1805184.pdf"
            },
            {
              "name": "104286",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104286"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-05-22T00:00:00",
              "ID": "CVE-2018-10607",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TELEM GW6",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2018.04.18-linux_4-01-601cb47 and prior"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "TELEM GWM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2018.04.18-linux_4-01-601cb47 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Martem"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow the creation of new connections to one or more IOAs, without closing them properly, which may cause a denial of service within the industrial process control channel."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "UNCONTROLLED RESOURCE CONSUMPTION (\u0027RESOURCE EXHAUSTION\u0027) CWE-400"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
                },
                {
                  "name": "http://martem.eu/csa/Martem_CSA_Telem_1805184.pdf",
                  "refsource": "CONFIRM",
                  "url": "http://martem.eu/csa/Martem_CSA_Telem_1805184.pdf"
                },
                {
                  "name": "104286",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104286"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-10607",
        "datePublished": "2018-07-31T17:00:00.000Z",
        "dateReserved": "2018-05-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T21:57:37.516Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-10609 (GCVE-0-2018-10609)

    Vulnerability from cvelistv5 – Published: 2018-07-31 17:00 – Updated: 2024-09-16 18:34
    VLAI
    Summary
    Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79
    Assigner
    References
    Impacted products
    Vendor Product Version
    Martem TELEM-GW6/GWM Affected: 2018.04.18-linux_4-01-601cb47 and prior
    Create a notification for this product.
    Date Public
    2018-05-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:46:46.199Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://martem.eu/csa/Martem_CSA_Telem_1805181.pdf"
              },
              {
                "name": "104286",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104286"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TELEM-GW6/GWM",
              "vendor": "Martem",
              "versions": [
                {
                  "status": "affected",
                  "version": "2018.04.18-linux_4-01-601cb47 and prior"
                }
              ]
            }
          ],
          "datePublic": "2018-05-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-01T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://martem.eu/csa/Martem_CSA_Telem_1805181.pdf"
            },
            {
              "name": "104286",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104286"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-05-22T00:00:00",
              "ID": "CVE-2018-10609",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TELEM-GW6/GWM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2018.04.18-linux_4-01-601cb47 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Martem"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
                },
                {
                  "name": "http://martem.eu/csa/Martem_CSA_Telem_1805181.pdf",
                  "refsource": "CONFIRM",
                  "url": "http://martem.eu/csa/Martem_CSA_Telem_1805181.pdf"
                },
                {
                  "name": "104286",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104286"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-10609",
        "datePublished": "2018-07-31T17:00:00.000Z",
        "dateReserved": "2018-05-01T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:34:17.545Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-10603 (GCVE-0-2018-10603)

    Vulnerability from cvelistv5 – Published: 2018-07-31 17:00 – Updated: 2024-09-17 00:21
    VLAI
    Summary
    Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process.
    Severity
    No CVSS data available.
    CWE
    • CWE-306 - MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306
    Assigner
    References
    Impacted products
    Vendor Product Version
    Martem TELEM GW6 Affected: 2018.04.18-linux_4-01-601cb47 and prior
    Create a notification for this product.
    Martem TELEM GWM Affected: 2018.04.18-linux_4-01-601cb47 and prior
    Create a notification for this product.
    Date Public
    2018-05-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:39:08.529Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
              },
              {
                "name": "104286",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104286"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TELEM GW6",
              "vendor": "Martem",
              "versions": [
                {
                  "status": "affected",
                  "version": "2018.04.18-linux_4-01-601cb47 and prior"
                }
              ]
            },
            {
              "product": "TELEM GWM",
              "vendor": "Martem",
              "versions": [
                {
                  "status": "affected",
                  "version": "2018.04.18-linux_4-01-601cb47 and prior"
                }
              ]
            }
          ],
          "datePublic": "2018-05-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-01T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
            },
            {
              "name": "104286",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104286"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-05-22T00:00:00",
              "ID": "CVE-2018-10603",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TELEM GW6",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2018.04.18-linux_4-01-601cb47 and prior"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "TELEM GWM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2018.04.18-linux_4-01-601cb47 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Martem"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
                },
                {
                  "name": "104286",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104286"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-10603",
        "datePublished": "2018-07-31T17:00:00.000Z",
        "dateReserved": "2018-05-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:21:23.117Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }