| CVE ID | CVE-2018-17921 |
| CVSS SCORE | 7.5, AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
| AFFECTED VENDORS |
SAGA |
| AFFECTED PRODUCTS |
SAGA1-L8B |
| VULNERABILITY DETAILS |
This vulnerability allows remote attackers to issue commands on vulnerable installations of Saga Radio equipment. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of communication between the transmitter and receiver. By sending a crafted re-pairing packet an attacker can force a receiver to pair with a new transmitter without user interaction. An attacker can leverage this vulnerability to issue commands to the physical equipment controlled by the device. |
| ADDITIONAL DETAILS |
SAGA has issued an update to correct this vulnerability. More details can be found at:
https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02 |
| DISCLOSURE TIMELINE |
|
| CREDIT | Philippe Lin, Jonathan Andersson, Rainer Vosseler, Federico Maggi, Urano Akira, Stephen Hilt, Marco Balduzzi |
