CVE-2018-14808
published 2018-10-01CVE-2018-14808: Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable and library files on the affected products.
PriorityP433medium6.5CVSS 3.0
AVNACLPRLUINSUCNIHAN
EPSS
0.90%
55.2th percentile
Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable and library files on the affected products.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| emerson | ams_device_manager | — | — |
| emerson | ams_device_manager | 12.0 – 13.5 | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qm67-rfm7-rvrh: Emerson AMS Device Manager v12
ghsa_unreviewed·2022-05-13
CVE-2018-14808 [MEDIUM] CWE-269 GHSA-qm67-rfm7-rvrh: Emerson AMS Device Manager v12
Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable and library files on the affected products.
CISA ICS
Emerson AMS Device Manager
cisa_ics·2018-09-27·CVSS 9.8
[CRITICAL] Emerson AMS Device Manager
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Emerson AMS Device Manager
Last RevisedSeptember 27, 2018
Alert CodeICSA-18-270-01
## 1. EXECUTIVE SUMMARY
-
CVSS v3 10.0
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Emerson
- Equipment: AMS Device Manager
- Vulnerabilities: Improper Access Control, Improper Privilege Management
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow arbitrary remote code execution and malware injection.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of AMS Device Manager, an Asset Management System, are affe
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-10-01
Published