SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-115479319] Nari PCS-9611

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2018-01-25OtherNariKirill Nesterov and Alexey Osipov from Kaspersky Labs reported the vulnerability to NCCIC.N/ACVE-2018-5447 N/AN/AN/A

Source

						
							
								
#
# Nari PCS-9611
#


### VULNERABLE VENDOR
Nari


### VULNERABLE PRODUCT
PCS-9611 


### RESEARCHER
Kirill Nesterov and Alexey Osipov from Kaspersky Labs reported the vulnerability to NCCIC.


### AFFECTED PRODUCTS
All versions of the PCS-9611 relay, a control and monitoring unit, are affected


### IMPACT
Successful exploitation of this vulnerability could allow a remote attacker arbitrary read/write abilities on the system.


### VULNERABILITY OVERVIEW
IMPROPER INPUT VALIDATION CWE-20
An improper input validation vulnerability has been identified that affects a service within the software that may allow a remote attacker to arbitrarily read/access system resources and affect the availability of the system.
CVE-2018-5447 has been assigned to this vulnerability.
A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)





### BACKGROUND
Critical Infrastructure Sectors: Energy
Countries/Areas Deployed: Asia
Company Headquarters Location: China




### MITIGATION