How severe is CVE-2018-13799?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2018-13799?

This is classified as CWE-269, which is a common weakness in software security.

CVE-2018-13799

CRITICAL Year: 2018

CVSS v3 Score

9.1

Critical

CVSS v2 Score

6.4

Medium

Weakness Type

CWE-269

View all →

Vulnerability Description

A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions < V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated remote user to escalate its privileges in the context of SIMATIC WinCC OA V3.14. This vulnerability could be exploited by an attacker with network access to port 5678/TCP of the SIMATIC WinCC OA V3.14 server. Successful exploitation requires no user privileges and no user interaction. This vulnerability could allow an attacker to compromise integrity and availability of the SIMATIC WinCC OA system. At the time of advisory publication no public exploitation of this vulnerability was known.

CVE-2017-5142

CRITICAL

CVSS:9.1(Critical)

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the par...

CWE-2692017

CVE-2018-1000141

CRITICAL

CVSS:9.1(Critical)

I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to proje...

CWE-2692018

CVE-2020-9141

CRITICAL

CVSS:9.1(Critical)

There is a improper privilege management vulnerability in some Huawei smartphone. Successful exploitation of this vulnerability can cause information disclosure and malfunctions due to insufficient ve...

CWE-2692020

CVE-2021-39982

CRITICAL

CVSS:9.1(Critical)

Phone Manager application has a Improper Privilege Management vulnerability.Successful exploitation of this vulnerability may read and write arbitrary files by tampering with Phone Manager notificatio...

CWE-2692021

CVE-2022-35243

CRITICAL

CVSS:9.1(Critical)

In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.5.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role...

CWE-2692022

CVE-2024-22036

CRITICAL

CVSS:9.1(Critical)

A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot jail and gain root access to the Rancher container itself. In production environments...

CWE-2692024

CVE-2018-13799

Vulnerability Description

Related Vulnerabilities

CVE-2017-5142

CVE-2018-1000141

CVE-2020-9141

CVE-2021-39982

CVE-2022-35243

CVE-2024-22036