Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    3 vulnerabilities by telecrane

    VAR-201810-0470

    Vulnerability from variot - Updated: 2023-12-18 13:43

    All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state. Telecrane F25 Series Radio Controls Contains vulnerabilities related to security features.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to issue commands on vulnerable installations of Telecrane equipment. Authentication is not required to exploit this vulnerability.The specific flaw exists with the communication between the transmitter and receiver pair. By using a fixed control code an attacker can obtain and replay commands to the receiver. An attacker can leverage this vulnerability to issue commands to the physical equipment controlled by the device. The Telecrane F25Series is an industrial remote control device from Telecrane. A security vulnerability exists in previous versions of TelecraneF25Series00.0A. Telecrane F25 Series is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0470",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "f25-10d",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "telecrane",
            "version": "00.0a"
          },
          {
            "model": "f25-10s",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "telecrane",
            "version": "00.0a"
          },
          {
            "model": "f25-2d",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "telecrane",
            "version": "00.0a"
          },
          {
            "model": "f25-2s",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "telecrane",
            "version": "00.0a"
          },
          {
            "model": "f25-4d",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "telecrane",
            "version": "00.0a"
          },
          {
            "model": "f25-4s",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "telecrane",
            "version": "00.0a"
          },
          {
            "model": "f25-60",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "telecrane",
            "version": "00.0a"
          },
          {
            "model": "f25-6d",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "telecrane",
            "version": "00.0a"
          },
          {
            "model": "f25-6s",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "telecrane",
            "version": "00.0a"
          },
          {
            "model": "f25-8d",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "telecrane",
            "version": "00.0a"
          },
          {
            "model": "f25-8s",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "telecrane",
            "version": "00.0a"
          },
          {
            "model": "f25",
            "scope": null,
            "trust": 0.7,
            "vendor": "telecrane",
            "version": null
          },
          {
            "model": "f25 series \u003c=00.0a",
            "scope": null,
            "trust": 0.6,
            "vendor": "telecrane",
            "version": null
          },
          {
            "model": "f25 series",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "telecrane",
            "version": "0"
          },
          {
            "model": "f25 series 00.0a",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "telecrane",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "f25 2s",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "f25 10d",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "f25 60",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "f25 2d",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "f25 4s",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "f25 4d",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "f25 6s",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "f25 6d",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "f25 8s",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "f25 8d",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "f25 10s",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d859061-463f-11e9-94bc-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1315"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21920"
          },
          {
            "db": "BID",
            "id": "105732"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013934"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17935"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:telecrane:f25-2s_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "00.0a",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:telecrane:f25-2s:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:telecrane:f25-2d_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "00.0a",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:telecrane:f25-2d:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:telecrane:f25-4s_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "00.0a",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:telecrane:f25-4s:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:telecrane:f25-4d_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "00.0a",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:telecrane:f25-4d:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:telecrane:f25-6s_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "00.0a",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:telecrane:f25-6s:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:telecrane:f25-6d_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "00.0a",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:telecrane:f25-6d:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:telecrane:f25-8s_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "00.0a",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:telecrane:f25-8s:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:telecrane:f25-8d_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "00.0a",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:telecrane:f25-8d:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:telecrane:f25-10s_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "00.0a",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:telecrane:f25-10s:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:telecrane:f25-10d_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "00.0a",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:telecrane:f25-10d:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:telecrane:f25-60_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndExcluding": "00.0a",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:telecrane:f25-60:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-17935"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Jonathan Andersson Philippe Z Lin Akira Urano Marco Balduzzi Federico Maggi Stephen Hilt Rainer Vosseler",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1315"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2018-17935",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 6.5,
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 4.8,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2018-17935",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CVE-2018-17935",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "CNVD-2018-21920",
                "impactScore": 9.5,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.5,
                "id": "7d859061-463f-11e9-94bc-000c29342cb1",
                "impactScore": 9.5,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:C/A:C",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.1,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2018-17935",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-17935",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "ZDI",
                "id": "CVE-2018-17935",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-21920",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201810-1205",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "7d859061-463f-11e9-94bc-000c29342cb1",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d859061-463f-11e9-94bc-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1315"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21920"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013934"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17935"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-1205"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent \"stop\" state. Telecrane F25 Series Radio Controls Contains vulnerabilities related to security features.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to issue commands on vulnerable installations of Telecrane equipment. Authentication is not required to exploit this vulnerability.The specific flaw exists with the communication between the transmitter and receiver pair. By using a fixed control code an attacker can obtain and replay commands to the receiver. An attacker can leverage this vulnerability to issue commands to the physical equipment controlled by the device. The Telecrane F25Series is an industrial remote control device from Telecrane. A security vulnerability exists in previous versions of TelecraneF25Series00.0A. Telecrane F25 Series is prone to an authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-17935"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013934"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1315"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21920"
          },
          {
            "db": "BID",
            "id": "105732"
          },
          {
            "db": "IVD",
            "id": "7d859061-463f-11e9-94bc-000c29342cb1"
          }
        ],
        "trust": 3.24
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-17935",
            "trust": 4.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-296-03",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "105732",
            "trust": 1.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21920",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-1205",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013934",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-6188",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1315",
            "trust": 0.7
          },
          {
            "db": "IVD",
            "id": "7D859061-463F-11E9-94BC-000C29342CB1",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d859061-463f-11e9-94bc-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1315"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21920"
          },
          {
            "db": "BID",
            "id": "105732"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013934"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17935"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-1205"
          }
        ]
      },
      "id": "VAR-201810-0470",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "7d859061-463f-11e9-94bc-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21920"
          }
        ],
        "trust": 1.55
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7d859061-463f-11e9-94bc-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21920"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:43:33.115000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "F25 Series",
            "trust": 0.8,
            "url": "https://telecrane-usa.biz/index.php/en/products/remote-controls/f25-series"
          },
          {
            "title": "Telecrane has issued an update to correct this vulnerability.",
            "trust": 0.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-296-03"
          },
          {
            "title": "TelecraneF25Series unlicensed patch for operating vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/143335"
          },
          {
            "title": "Telecrane F25 Series Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86293"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1315"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21920"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013934"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-1205"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-294",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-254",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013934"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17935"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-296-03"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/105732"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17935"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17935"
          },
          {
            "trust": 0.3,
            "url": "https://telecrane.mobi/index.php/en/products/remote-controls/f25-series"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-18-1315"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21920"
          },
          {
            "db": "BID",
            "id": "105732"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013934"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17935"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-1205"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "7d859061-463f-11e9-94bc-000c29342cb1"
          },
          {
            "db": "ZDI",
            "id": "ZDI-18-1315"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21920"
          },
          {
            "db": "BID",
            "id": "105732"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-013934"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17935"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-1205"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-26T00:00:00",
            "db": "IVD",
            "id": "7d859061-463f-11e9-94bc-000c29342cb1"
          },
          {
            "date": "2018-10-24T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1315"
          },
          {
            "date": "2018-10-26T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-21920"
          },
          {
            "date": "2018-10-23T00:00:00",
            "db": "BID",
            "id": "105732"
          },
          {
            "date": "2019-03-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-013934"
          },
          {
            "date": "2018-10-24T13:29:00.430000",
            "db": "NVD",
            "id": "CVE-2018-17935"
          },
          {
            "date": "2018-10-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-1205"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-24T00:00:00",
            "db": "ZDI",
            "id": "ZDI-18-1315"
          },
          {
            "date": "2019-01-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-21920"
          },
          {
            "date": "2018-10-23T00:00:00",
            "db": "BID",
            "id": "105732"
          },
          {
            "date": "2019-03-06T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-013934"
          },
          {
            "date": "2020-09-18T17:23:45.250000",
            "db": "NVD",
            "id": "CVE-2018-17935"
          },
          {
            "date": "2020-09-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-1205"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-1205"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Telecrane F25 Series Command execution vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "7d859061-463f-11e9-94bc-000c29342cb1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-21920"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "security feature problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-1205"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2018-17935 (GCVE-0-2018-17935)

    Vulnerability from cvelistv5 – Published: 2018-10-24 13:00 – Updated: 2024-09-16 20:27
    VLAI
    Summary
    All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state.
    Severity
    No CVSS data available.
    CWE
    • CWE-294 - AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294
    Assigner
    References
    Impacted products
    Vendor Product Version
    Telecrane F25 Series Affected: All versions prior to version 00.0A
    Create a notification for this product.
    Date Public
    2018-10-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.762Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105732",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105732"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "F25 Series",
              "vendor": "Telecrane",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to version 00.0A"
                }
              ]
            }
          ],
          "datePublic": "2018-10-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent \"stop\" state."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-294",
                  "description": "AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-26T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "name": "105732",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105732"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-03"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-10-23T00:00:00",
              "ID": "CVE-2018-17935",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "F25 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to version 00.0A"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Telecrane"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent \"stop\" state."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105732",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105732"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-03",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-03"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-17935",
        "datePublished": "2018-10-24T13:00:00.000Z",
        "dateReserved": "2018-10-02T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:27:41.320Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-17935 (GCVE-0-2018-17935)

    Vulnerability from nvd – Published: 2018-10-24 13:00 – Updated: 2024-09-16 20:27
    VLAI
    Summary
    All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state.
    Severity
    No CVSS data available.
    CWE
    • CWE-294 - AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294
    Assigner
    References
    Impacted products
    Vendor Product Version
    Telecrane F25 Series Affected: All versions prior to version 00.0A
    Create a notification for this product.
    Date Public
    2018-10-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.762Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105732",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105732"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "F25 Series",
              "vendor": "Telecrane",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to version 00.0A"
                }
              ]
            }
          ],
          "datePublic": "2018-10-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent \"stop\" state."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-294",
                  "description": "AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-26T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "name": "105732",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105732"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-03"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-10-23T00:00:00",
              "ID": "CVE-2018-17935",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "F25 Series",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to version 00.0A"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Telecrane"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent \"stop\" state."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105732",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105732"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-03",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-03"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-17935",
        "datePublished": "2018-10-24T13:00:00.000Z",
        "dateReserved": "2018-10-02T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:27:41.320Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }