CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-13801
https://notcve.org/view.php?id=CVE-2018-13801
A vulnerability has been identified in ROX II (All versions < V2.12.1). An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a privilege escalation and gain root privileges. Successful exploitation requires user privileges of a low-privileged user but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. Se ha identificado una vulnerabilidad en ROX II (todas las versiones anteriores a V2.12.1). • http://www.securityfocus.com/bid/105545 https://cert-portal.siemens.com/productcert/pdf/ssa-493830.pdf https://ics-cert.us-cert.gov/advisories/ICSA-18-282-03 • CWE-264: Permissions, Privileges, and Access Controls CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-13802
https://notcve.org/view.php?id=CVE-2018-13802
A vulnerability has been identified in ROX II (All versions < V2.12.1). An authenticated attacker with a high-privileged user account access via SSH could circumvent restrictions in place and execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the SSH interface in on port 22/tcp. The attacker must be authenticated to exploit the vulnerability. The vulnerability could allow an attacker to execute arbitrary code on the device. • http://www.securityfocus.com/bid/105545 https://cert-portal.siemens.com/productcert/pdf/ssa-493830.pdf https://ics-cert.us-cert.gov/advisories/ICSA-18-282-03 • CWE-264: Permissions, Privileges, and Access Controls CWE-269: Improper Privilege Management •