Vulnerability Details : CVE-2018-14825
On Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80 running Android OS 7.1, CT40 running Android OS 7.1, CK75 running Android OS 6.0, CN75 running Android OS 6.0, CN75e running Android OS 6.0, CT50 running Android OS 6.0, D75e running Android OS 6.0, CT50 running Android OS 4.4, D75e running Android OS 4.4, CN51 running Android OS 6.0, EDA50k running Android 4.4, EDA50 running Android OS 7.1, EDA50k running Android OS 7.1, EDA70 running Android OS 7.1, EDA60k running Android OS 7.1, and EDA51 running Android OS 8.1), a skilled attacker with advanced knowledge of the target system could exploit this vulnerability by creating an application that would successfully bind to the service and gain elevated system privileges. This could enable the attacker to obtain access to keystrokes, passwords, personal identifiable information, photos, emails, or business-critical documents.
Products affected by CVE-2018-14825
- cpe:2.3:h:honeywell:cn80:-:*:*:*:*:*:*:*
- cpe:2.3:h:honeywell:ct40:-:*:*:*:*:*:*:*
- cpe:2.3:h:honeywell:ct60:-:*:*:*:*:*:*:*
- cpe:2.3:h:honeywell:eda50:-:*:*:*:*:*:*:*
- cpe:2.3:h:honeywell:eda50k:-:*:*:*:*:*:*:*
- cpe:2.3:h:honeywell:eda60k:-:*:*:*:*:*:*:*
- cpe:2.3:h:honeywell:eda70:-:*:*:*:*:*:*:*
- cpe:2.3:h:honeywell:ck75:-:*:*:*:*:*:*:*
- cpe:2.3:h:honeywell:cn51:-:*:*:*:*:*:*:*
- cpe:2.3:h:honeywell:cn75:-:*:*:*:*:*:*:*
- cpe:2.3:h:honeywell:cn75e:-:*:*:*:*:*:*:*
- cpe:2.3:h:honeywell:d75e:-:*:*:*:*:*:*:*
- cpe:2.3:h:honeywell:ct50:-:*:*:*:*:*:*:*
- cpe:2.3:h:honeywell:eda51:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-14825
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 40 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-14825
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
5.8
|
MEDIUM | CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H |
1.0
|
4.7
|
NIST |
CWE ids for CVE-2018-14825
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: ics-cert@hq.dhs.gov (Secondary)
-
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-14825
-
https://ics-cert.us-cert.gov/advisories/ICSA-18-256-01
Honeywell Mobile Computers with Android Operating Systems | CISAThird Party Advisory;US Government Resource
-
http://www.securityfocus.com/bid/105767
PEPPERL+FUCHS CT50-Ex CVE-2016-9345 Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
https://cert.vde.com/de-de/advisories/vde-2018-016
PEPPERL+FUCHS ecom Mobile devices prone to Android privilege elevation vulnerability — German (Germany)Third Party Advisory
Jump to