CVE-2018-14804 – CVE-2018-14804 is a critical vulnerability in E... (How to Fix)

Q: What is the severity of CVE-2018-14804?

CVE-2018-14804 has a CVSS score of 9.8 (CRITICAL). CVE-2018-14804 is a critical vulnerability in Emerson AMS Device Manager that allows remote attackers to execute arbitrary code by running specially crafted scripts. This affects industrial control systems using Emerson AMS Device Manager versions 12.0 through 13.5, potentially compromising critical infrastructure operations.

📋 TL;DR

CVE-2018-14804 is a critical vulnerability in Emerson AMS Device Manager that allows remote attackers to execute arbitrary code by running specially crafted scripts. This affects industrial control systems using Emerson AMS Device Manager versions 12.0 through 13.5, potentially compromising critical infrastructure operations.

💻 Affected Systems

Products:

Emerson AMS Device Manager

Versions: 12.0 to 13.5

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all installations within the vulnerable version range; no special configuration required for exploitation.

📦 What is this software?

Ams Device Manager by Emerson

View all CVEs affecting Ams Device Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to take full control of the AMS Device Manager server, manipulate industrial processes, steal sensitive operational data, and pivot to other industrial control systems.

🟠

Likely Case

Remote code execution leading to data theft, system manipulation, and disruption of industrial operations.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing exploitation attempts.

🌐 Internet-Facing: HIGH - Directly exploitable over network without authentication, making internet-facing systems extremely vulnerable.

🏢 Internal Only: HIGH - Even internally, this vulnerability can be exploited by attackers who gain network access through other means.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access but no authentication, making it relatively easy to weaponize.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 13.5.1 and later

Vendor Advisory: https://ics-cert.us-cert.gov/advisories/ICSA-18-270-01

Restart Required: Yes

Instructions:

1. Download Emerson AMS Device Manager version 13.5.1 or later from Emerson support portal. 2. Backup current configuration and data. 3. Install the updated version following Emerson's installation guide. 4. Restart the system to apply changes.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate AMS Device Manager systems from untrusted networks and restrict access to authorized IP addresses only.

Firewall Rules

all

Implement strict firewall rules to block unnecessary inbound connections to AMS Device Manager ports.

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable systems from production networks
Deploy intrusion detection systems to monitor for exploitation attempts and anomalous behavior

🔍 How to Verify

Check if Vulnerable:

Check AMS Device Manager version in the application interface or Windows Programs and Features. If version is between 12.0 and 13.5 inclusive, the system is vulnerable.

Check Version:

Check via Windows Control Panel > Programs and Features or the AMS Device Manager application interface

Verify Fix Applied:

Verify that AMS Device Manager version is 13.5.1 or later and test that script execution is properly restricted.

📡 Detection & Monitoring

Log Indicators:

Unusual script execution events
Unexpected process creation from AMS Device Manager
Failed authentication attempts followed by script execution

Network Indicators:

Unusual network connections from AMS Device Manager server
Traffic patterns indicating script injection attempts

SIEM Query:

source="ams_device_manager" AND (event_type="script_execution" OR process_name="powershell" OR process_name="cmd")

📊 Metadata

CVE ID: CVE-2018-14804

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-284

Published: October 1, 2018

Last Updated: November 21, 2024

🔗 References

http://www.securityfocus.com/bid/105406 Third Party Advisory,VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-270-01 Third Party Advisory,US Government Resource
http://www.securityfocus.com/bid/105406 Third Party Advisory,VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-18-270-01 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-14804, you might also want to check these: