Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-5473

An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. The SSH functions of the device are vulnerable to buffer overflow conditions that may allow a remote attacker to execute arbitrary code on the device.

Published

2018-02-19T18:29:00.257

Last Modified

2024-11-21T04:08:52.313

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-119
Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	ge	d60_line_distance_relay_firmware	≤ 7.11	Yes
Hardware	ge	d60_line_distance_relay	-	No

References

http://www.securityfocus.com/bid/103054 Broken Link ([email protected])
https://ics-cert.us-cert.gov/advisories/ICSA-18-046-02 Third Party Advisory, US Government Resource ([email protected])
http://www.securityfocus.com/bid/103054 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://ics-cert.us-cert.gov/advisories/ICSA-18-046-02 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)