diff --git a/2018/14xxx/CVE-2018-14806.json b/2018/14xxx/CVE-2018-14806.json index 29b6819579c..cbfb7363a45 100644 --- a/2018/14xxx/CVE-2018-14806.json +++ b/2018/14xxx/CVE-2018-14806.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "ics-cert@hq.dhs.gov", + "DATE_PUBLIC" : "2018-10-23T00:00:00", "ID" : "CVE-2018-14806", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Advantech WebAccess", + "version" : { + "version_data" : [ + { + "version_value" : "WebAccess Versions 8.3.1 and prior" + } + ] + } + } + ] + }, + "vendor_name" : "Advantech" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Advantech WebAccess has a path traversal vulnerability may allow an attacker to execute arbitrary code." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01," + }, + { + "url" : "http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download" } ] } diff --git a/2018/14xxx/CVE-2018-14816.json b/2018/14xxx/CVE-2018-14816.json index 8ef4cb6c720..33aeaa424ec 100644 --- a/2018/14xxx/CVE-2018-14816.json +++ b/2018/14xxx/CVE-2018-14816.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "ics-cert@hq.dhs.gov", + "DATE_PUBLIC" : "2018-10-23T00:00:00", "ID" : "CVE-2018-14816", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Advantech WebAccess", + "version" : { + "version_data" : [ + { + "version_value" : "WebAccess Versions 8.3.1 and prior" + } + ] + } + } + ] + }, + "vendor_name" : "Advantech" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Advantech WebAccess has several stack-based buffer overflow vulnerabilities have been identified, which may allow an attacker to execute arbitrary code." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "STACK-BASED BUFFER OVERFLOW CWE-121" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01," + }, + { + "url" : "http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download" } ] } diff --git a/2018/14xxx/CVE-2018-14820.json b/2018/14xxx/CVE-2018-14820.json index cc6517557d7..69df6fc6194 100644 --- a/2018/14xxx/CVE-2018-14820.json +++ b/2018/14xxx/CVE-2018-14820.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "ics-cert@hq.dhs.gov", + "DATE_PUBLIC" : "2018-10-23T00:00:00", "ID" : "CVE-2018-14820", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Advantech WebAccess", + "version" : { + "version_data" : [ + { + "version_value" : "WebAccess Versions 8.3.1 and prior" + } + ] + } + } + ] + }, + "vendor_name" : "Advantech" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Advantech WebAccess has a .dll component is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "EXTERNAL CONTROL OF FILE NAME OR PATH CWE-73" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01," + }, + { + "url" : "http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download" } ] } diff --git a/2018/14xxx/CVE-2018-14828.json b/2018/14xxx/CVE-2018-14828.json index 72b3bceb174..7f65457f76b 100644 --- a/2018/14xxx/CVE-2018-14828.json +++ b/2018/14xxx/CVE-2018-14828.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "ics-cert@hq.dhs.gov", + "DATE_PUBLIC" : "2018-10-23T00:00:00", "ID" : "CVE-2018-14828", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Advantech WebAccess", + "version" : { + "version_data" : [ + { + "version_value" : "WebAccess Versions 8.3.1 and prior" + } + ] + } + } + ] + }, + "vendor_name" : "Advantech" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Advantech WebAccess has an improper privilege management vulnerability has been identified, which may allow an attacker to access those files and perform actions at a system administrator level." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "IMPROPER PRIVILEGE MANAGEMENT CWE-269" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01," + }, + { + "url" : "http://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download" } ] }