VDB
CVE-2018-20505
CVE-2018-20505
PUBLISHED
CVSS 7.5 HIGH
SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).
EPSS 8.95% · 92.8th percentile
Risk Scores
CVSS 3.0
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
EPSS Score
8.95%
92.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ABB | B&R Industrial Automation GmbH Automation Studio <6.5 | |
| ABB | ABB B&R Automation Studio <6.5 | |
| ABB | ABB Ability Camera Connect <=2.0.0.42 |
Exploit Intelligence
- https://sqlite.org/src/info/1a84668dcfdebaf12415d (nist-nvd)
- CIRCL seen: CVE-2018-20505 (circl-sighting)
- https://seclists.org/bugtraq/2019/Jan/31 (circl)
- https://seclists.org/bugtraq/2019/Jan/39 (circl)
- http://seclists.org/fulldisclosure/2019/Jan/67 (circl)
- http://seclists.org/fulldisclosure/2019/Jan/68 (circl)
- http://seclists.org/fulldisclosure/2019/Jan/69 (circl)
- http://www.securityfocus.com/bid/106698 (circl)
- https://seclists.org/bugtraq/2019/Jan/28 (circl)
- https://seclists.org/bugtraq/2019/Jan/29 (circl)
…and 13 more exploits
Timeline
- Dec 21, 2018 CVE Published
- Jan 28, 2019 PoC Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
- Jul 15, 2023 EPSS Score
References
- https://psirt.abb.com/csaf/2026/sa25p007.json advisory
- https://www.br-automation.com/fileadmin/SA25P007-097a386d.pdf advisory
- https://nvd.nist.gov/vuln/detail/CVE-2018-20505 advisory
- https://psirt.abb.com/csaf/2026/4hzm000604.json advisory
- https://search.abb.com/library/Download.aspx?DocumentID=4HZM000604&LanguageCode=en&DocumentPartId=PDF&Action=Launch advisory