Detections
Analytics
Sony Network Cameras Stack-based Buffer Overflow (CVE-2018-3938)
critical Tenable OT Security Plugin ID 502387
Synopsis
The remote OT asset is affected by a vulnerability.Description
An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST request to trigger this vulnerability.This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
Solution
Refer to the vendor advisory.See Also
Plugin Details
Severity: Critical
ID: 502387
Version: 1.2
Type: remote
Family: Tenable.ot
Published: 9/16/2024
Updated: 9/17/2024
Supported Sensors: Tenable OT Security
Risk Information
VPR
Risk Factor: Medium
Score: 6.5
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2018-3938
CVSS v3
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:sony:snc-eb602r_firmware:1.87.00, cpe:/o:sony:snc-em630_firmware:1.87.00, cpe:/o:sony:snc-em631_firmware:1.87.00, cpe:/o:sony:snc-em601_firmware:1.87.00, cpe:/o:sony:snc-em600_firmware:1.87.00, cpe:/o:sony:snc-eb630_firmware:1.87.00, cpe:/o:sony:snc-em632r_firmware:1.87.00, cpe:/o:sony:snc-em602r_firmware:1.87.00, cpe:/o:sony:snc-eb600b_firmware:1.87.00, cpe:/o:sony:snc-eb630b_firmware:1.87.00, cpe:/o:sony:snc-eb632r_firmware:1.87.00, cpe:/o:sony:snc-em632rc_firmware:1.87.00, cpe:/o:sony:snc-eb600_firmware:1.87.00, cpe:/o:sony:snc-em602rc_firmware:1.87.00
Required KB Items: Tenable.ot/Sony
Exploit Ease: No known exploits are available
Patch Publication Date: 8/14/2018
Vulnerability Publication Date: 8/14/2018
Reference Information
CVE: CVE-2018-3938
CWE: 787