SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-297106368] Nortek Linear eMerge E3 Series

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2018-02-15OtherNortekEvgeny Ermakov and Sergey Gordeychik reported the vulnerability to NCCIC.N/ACVE-2018-5439 N/AN/AN/A

Source

						
							
								
#
# Nortek Linear eMerge E3 Series
#


### VULNERABLE VENDOR
Nortek


### VULNERABLE PRODUCT
Linear eMerge E3 Series 


### RESEARCHER
Evgeny Ermakov and Sergey Gordeychik reported the vulnerability to NCCIC.


### AFFECTED PRODUCTS
The following Linear eMerge, an access control interface, versions are affected:

Linear eMerge E3 series Versions V0.32-07e and prior


### IMPACT
Successful exploitation of this vulnerability could allow a remote attacker to execute malicious code on the system with elevated privileges, allowing for full control of the server.


### VULNERABILITY OVERVIEW
IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN A COMMAND ('COMMAND INJECTION') CWE-77
A remote attacker may be able to execute arbitrary code on a target machine with elevated privileges.
CVE-2018-5439 has been assigned to this vulnerability.
A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)





### BACKGROUND
Critical Infrastructure Sector: Commercial Facilities
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Italy




### MITIGATION

Nortek recommends that affected users upgrade by following the process outlined on Page 47 of the E3 User Programming Guide.