CVE-2018-14804
published 2018-10-01CVE-2018-14804: Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution.
PriorityP260critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
3.52%
87.8th percentile
Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| emerson | ams_device_manager | — | — |
| emerson | ams_device_manager | 12.0 – 13.5 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2018-14804 is exploitable via a specially crafted script enabling arbitrary remote code execution against Emerson AMS Device Manager v12.0 to v13.5; monitor for unexpected script execution targeting AMS Device Manager services. ↗
- →The vulnerability carries a CVSS v3 score of 10.0 with network vector, no privileges required, and no user interaction (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), indicating fully unauthenticated remote exploitation is possible; prioritize network-level detection for AMS Device Manager exposed services. ↗
- →No known public exploits specifically target this vulnerability as of the advisory date; focus detection on behavioral anomalies (unexpected process spawning, remote code execution artifacts) on AMS Device Manager hosts. ↗
- ·Affected product versions are AMS Device Manager v12.0 through v13.5; patches are available via the Emerson Guardian Support Portal — detection efforts should confirm whether patched versions (post v13.5 patch) are deployed. ↗
- ·The companion vulnerability CVE-2018-14808 (CWE-269, CVSS 8.2) allows non-admin users to overwrite executables/libraries and can be mitigated by application whitelisting; both CVEs should be assessed together on the same asset. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rm85-gxcg-pjxv: Emerson AMS Device Manager v12
ghsa_unreviewed·2022-05-13
CVE-2018-14804 [CRITICAL] CWE-94 GHSA-rm85-gxcg-pjxv: Emerson AMS Device Manager v12
Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution.
CISA ICS
Emerson AMS Device Manager
cisa_ics·2018-09-27·CVSS 9.8
[CRITICAL] Emerson AMS Device Manager
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Emerson AMS Device Manager
Last RevisedSeptember 27, 2018
Alert CodeICSA-18-270-01
## 1. EXECUTIVE SUMMARY
-
CVSS v3 10.0
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Emerson
- Equipment: AMS Device Manager
- Vulnerabilities: Improper Access Control, Improper Privilege Management
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow arbitrary remote code execution and malware injection.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of AMS Device Manager, an Asset Management System, are affe
No detection rules found.
No public exploits indexed.
2018-10-01
Published