cbcvebase.
CVE-2018-14804
published 2018-10-01

CVE-2018-14804: Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution.

PriorityP260critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
3.52%
87.8th percentile
Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution.

Affected

2 ranges
VendorProductVersion rangeFixed in
emersonams_device_manager
emersonams_device_manager12.0 – 13.5

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2018-14804 is exploitable via a specially crafted script enabling arbitrary remote code execution against Emerson AMS Device Manager v12.0 to v13.5; monitor for unexpected script execution targeting AMS Device Manager services.
  • The vulnerability carries a CVSS v3 score of 10.0 with network vector, no privileges required, and no user interaction (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), indicating fully unauthenticated remote exploitation is possible; prioritize network-level detection for AMS Device Manager exposed services.
  • No known public exploits specifically target this vulnerability as of the advisory date; focus detection on behavioral anomalies (unexpected process spawning, remote code execution artifacts) on AMS Device Manager hosts.
  • ·Affected product versions are AMS Device Manager v12.0 through v13.5; patches are available via the Emerson Guardian Support Portal — detection efforts should confirm whether patched versions (post v13.5 patch) are deployed.
  • ·The companion vulnerability CVE-2018-14808 (CWE-269, CVSS 8.2) allows non-admin users to overwrite executables/libraries and can be mitigated by application whitelisting; both CVEs should be assessed together on the same asset.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.