VDB
CVE-2018-1002208
CVE-2018-1002208
PUBLISHED
CVSS 4.400000095367432 MEDIUM
A vulnerability exists in the SharpZip.dll included in the product versions listed above. An attacker could exploit vulnerability by providing a specially crafted message to the system node, causing insertion, and running of arbitrary code.
EPSS 0.79% · 74.3th percentile
Risk Scores
CVSS 3.1
4.400000095367432
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C
EPSS Score
0.79%
74.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ABB | ABB Protection and Control IED manager PCM600 >=1.5|<=2.13 |
Exploit Intelligence
- https://snyk.io/vuln/SNYK-DOTNET-SHARPZIPLIB-60247 (nist-nvd)
- CIRCL seen: CVE-2018-1002208 (circl-sighting)
- https://snyk.io/research/zip-slip-vulnerability (circl)
- https://github.com/icsharpcode/SharpZipLib/issues/232 (circl)
- https://github.com/icsharpcode/SharpZipLib/wiki/Release-1.0 (circl)
- https://github.com/snyk/zip-slip-vulnerability (circl)
- briefSynthesizer.test.ts (github-poc)
- briefSynthesizer.test.ts (github-poc)
- briefSynthesizer.test.ts (github-poc)
- briefSynthesizer.test.ts (github-poc)
…and 4 more exploits
Timeline
- Jul 25, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
- May 13, 2023 EPSS Score
References
- https://psirt.abb.com/csaf/2025/2nga002813.json advisory
- https://search.abb.com/library/Download.aspx?DocumentID=2NGA002813&LanguageCode=en&DocumentPartId=&Action=Launch advisory
- https://search.abb.com/library/Download.aspx?DocumentID=1MRS758440&LanguageCode=en&DocumentPartId=ABB&Action=Launch advisory
- https://nvd.nist.gov/vuln/detail/CVE-2018-1002208 advisory