NVD Vulnerability Detail

CVE-2018-19023

Summary	Hetronic Nova-M prior to verson r161 uses fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state.
Publication Date	Jan. 26, 2019, 5:29 a.m.
Registration Date	March 1, 2021, 7:11 p.m.
Last Update	Nov. 21, 2024, 12:57 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:hetronic:nova-m_firmware::::::::					r161
execution environment
1	cpe:2.3:h:hetronic:nova-m:-:::::::*

Configuration2		or higher	or less	more than	less than
cpe:2.3:o:hetronic:es-can-hl_firmware::::::::					main_r1864
execution environment
1	cpe:2.3:h:hetronic:es-can-hl:-:::::::*

Configuration3		or higher	or less	more than	less than
cpe:2.3:o:hetronic:bms-hl_firmware::::::::					main_r1175
execution environment
1	cpe:2.3:h:hetronic:bms-hl:-:::::::*

Configuration5		or higher	or less	more than	less than
cpe:2.3:o:hetronic:dc_mobile_firmware::::::::					main_r515
execution environment
1	cpe:2.3:h:hetronic:dc_mobile:-:::::::*

Related information, measures and tools

No	URL	タグ
1	http://www.securityfocus.com/bid/106448	Third Party Advisory VDB Entry
2	http://www.securityfocus.com/bid/106448	Third Party Advisory VDB Entry
3	https://ics-cert.us-cert.gov/advisories/ICSA-19-003-03	Third Party Advisory US Government Resource
4	https://ics-cert.us-cert.gov/advisories/ICSA-19-003-03	Third Party Advisory US Government Resource

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-287	不適切な認証	https://cwe.mitre.org/data/definitions/287.html

JVN Vulnerability Information

Hetronic Nova-M における認証に関する脆弱性

Title	Hetronic Nova-M における認証に関する脆弱性
Summary	Hetronic Nova-M には、認証に関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Nov. 6, 2018, midnight
Registration Date	March 6, 2019, 11:47 a.m.
Last Update	March 6, 2019, 11:47 a.m.

Affected System

Hetronic International

BMS-HL ファームウェア

DC_MOBILE ファームウェア

ES-CAN-HL ファームウェア

MLC ファームウェア

NOVA-M ファームウェア R161 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2018-19023	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19023
National Vulnerability Database (NVD)
2	CVE-2018-19023	https://nvd.nist.gov/vuln/detail/CVE-2018-19023

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-287	https://jvndb.jvn.jp/ja/cwe/CWE-287.html

ベンダー情報

No	Name	URL
HETRONIC
1	Top Page	http://www.hetronic.com/

その他

No	Name	URL
ICS-CERT ADVISORY
1	ICSA-19-003-03	https://ics-cert.us-cert.gov/advisories/ICSA-19-003-03

Change Log

No	Changed Details	Date of change
1	[2019年03月06日] 掲載	March 6, 2019, 11:47 a.m.