Command Injection Vulnerability in Vecna VGo Robot by Vecna Technologies
CVE-2018-8866

8.8HIGH

Key Information:

Vendor: Ics-cert
Status: Vgo Robot
Vendor: CVE Published:; 9 May 2018

What is CVE-2018-8866?

A command injection vulnerability exists in Vecna VGo Robot prior to version 3.0.3.52164, allowing attackers on the same network to execute arbitrary commands. This weakness enables potential attackers to manipulate the robot's operation, posing risks to security and operational integrity. Proper security measures should be applied to mitigate this threat.

Affected Version(s)

VGo Robot All versions prior to 3.0.3.52164

References

https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01

x_refsource_MISC

http://www.securityfocus.com/bid/103966

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 9, 2018
Vulnerability Reserved
Mar 20, 2018

CVE-2018-8866 Data

JSON

Ics-cert

What is CVE-2018-8866?

Affected Version(s)

References

CVSS V3.1

Timeline