CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-13801

A vulnerability has been identified in ROX II (All versions < V2.12.1). An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privileges. Successful exploitation requires user privileges of a low-privileged user but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.013

EPSS Ranking 79.2%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 9.0

References

http://www.securityfocus.com/bid/105545
https://cert-portal.siemens.com/productcert/pdf/ssa-493830.pdf
https://ics-cert.us-cert.gov/advisories/ICSA-18-282-03
http://www.securityfocus.com/bid/105545
https://cert-portal.siemens.com/productcert/pdf/ssa-493830.pdf
https://ics-cert.us-cert.gov/advisories/ICSA-18-282-03

Products affected by CVE-2018-13801

Siemens » Rox Ii » Version: N/A

cpe:2.3:h:siemens:rox_ii:-
Siemens » Rox Ii Firmware » Version: Any

cpe:2.3:o:siemens:rox_ii_firmware:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-13801

Products

Pricing

Contact Us