Search

Find a vulnerability

Search criteria

    7 vulnerabilities found for OZW772 by Siemens

    VAR-202505-1588

    Vulnerability from variot - Updated: 2025-10-12 22:21

    A vulnerability has been identified in OZW672 (All versions < V6.0), OZW772 (All versions < V6.0). The web service of affected devices is vulnerable to SQL injection when checking authentication data. This could allow an unauthenticated remote attacker to bypass the check and authenticate as Administrator user. Siemens' OZW672 firmware and OZW772 The firmware has SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. OZW devices (web servers) are used to remotely monitor building controller devices, for example for monitoring heating controls or air conditioning conditions.

    Siemens OZW672 and OZW772 web servers have code execution and SQL injection vulnerabilities that can be exploited by an attacker to execute arbitrary code on the device with root privileges (in versions prior to V8.0) or authenticate as an administrator user (in versions prior to V6.0)

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202505-1588",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ozw772",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "siemens",
            "version": "6.0"
          },
          {
            "model": "ozw672",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "6.0"
          },
          {
            "model": "ozw772",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
            "version": null
          },
          {
            "model": "ozw672",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
            "version": null
          },
          {
            "model": "ozw672",
            "scope": null,
            "trust": 0.6,
            "vendor": "siemens",
            "version": null
          },
          {
            "model": "ozw772",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "siemens",
            "version": "8.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10580"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015585"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-26390"
          }
        ]
      },
      "cve": "CVE-2025-26390",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-10580",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "productcert@siemens.com",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-26390",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2025-015585",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "productcert@siemens.com",
                "id": "CVE-2025-26390",
                "trust": 1.0,
                "value": "Critical"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2025-015585",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-10580",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10580"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015585"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-26390"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability has been identified in OZW672 (All versions \u003c V6.0), OZW772 (All versions \u003c V6.0). The web service of affected devices is vulnerable to SQL injection when checking authentication data. This could allow an unauthenticated remote attacker to bypass the check and authenticate as\r\nAdministrator user. Siemens\u0027 OZW672 firmware and OZW772 The firmware has SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. OZW devices (web servers) are used to remotely monitor building controller devices, for example for monitoring heating controls or air conditioning conditions. \n\nSiemens OZW672 and OZW772 web servers have code execution and SQL injection vulnerabilities that can be exploited by an attacker to execute arbitrary code on the device with root privileges (in versions prior to V8.0) or authenticate as an administrator user (in versions prior to V6.0)",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-26390"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015585"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-10580"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-26390",
            "trust": 3.2
          },
          {
            "db": "SIEMENS",
            "id": "SSA-047424",
            "trust": 2.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-25-135-10",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU92528757",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015585",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-10580",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10580"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015585"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-26390"
          }
        ]
      },
      "id": "VAR-202505-1588",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10580"
          }
        ],
        "trust": 1.225
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10580"
          }
        ]
      },
      "last_update_date": "2025-10-12T22:21:35.824000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.0
          },
          {
            "problemtype": "SQL injection (CWE-89) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015585"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-26390"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-047424.html"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu92528757/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-26390"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-10"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10580"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015585"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-26390"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10580"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015585"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-26390"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-05-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-10580"
          },
          {
            "date": "2025-10-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-015585"
          },
          {
            "date": "2025-05-13T10:15:23.703000",
            "db": "NVD",
            "id": "CVE-2025-26390"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-05-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-10580"
          },
          {
            "date": "2025-10-09T08:39:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-015585"
          },
          {
            "date": "2025-10-03T20:46:58.210000",
            "db": "NVD",
            "id": "CVE-2025-26390"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Siemens\u0027 \u00a0OZW672\u00a0 firmware and \u00a0OZW772\u00a0 in the firmware \u00a0SQL\u00a0 Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015585"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202505-1587

    Vulnerability from variot - Updated: 2025-10-12 20:56

    A vulnerability has been identified in OZW672 (All versions < V8.0), OZW772 (All versions < V8.0). The web service in affected devices does not sanitize the input parameters required for the exportDiagramPage endpoint. This could allow an unauthenticated remote attacker to execute arbitrary code with root privileges. Siemens' OZW672 firmware and OZW772 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. OZW devices (web servers) are used to remotely monitor building controller devices, for example for monitoring heating controls or air conditioning conditions.

    Siemens OZW672 and OZW772 web servers have code execution and SQL injection vulnerabilities that can be exploited by an attacker to execute arbitrary code on the device with root privileges (in versions prior to V8.0) or authenticate as an administrator user (in versions prior to V6.0)

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202505-1587",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ozw672",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "8.0"
          },
          {
            "model": "ozw772",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "8.0"
          },
          {
            "model": "ozw772",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
            "version": null
          },
          {
            "model": "ozw672",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
            "version": null
          },
          {
            "model": "ozw772",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "siemens",
            "version": "5.2"
          },
          {
            "model": "ozw672",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "siemens",
            "version": "v8.0"
          },
          {
            "model": "ozw672",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "siemens",
            "version": "v6.0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10579"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015796"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-26389"
          }
        ]
      },
      "cve": "CVE-2025-26389",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2025-10579",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "productcert@siemens.com",
                "availabilityImpact": "HIGH",
                "baseScore": 10.0,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-26389",
                "impactScore": 6.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2025-26389",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2025-26389",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "productcert@siemens.com",
                "id": "CVE-2025-26389",
                "trust": 1.0,
                "value": "Critical"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2025-26389",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2025-26389",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2025-10579",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10579"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015796"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-26389"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-26389"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability has been identified in OZW672 (All versions \u003c V8.0), OZW772 (All versions \u003c V8.0). The web service in affected devices does not sanitize the input parameters required for the `exportDiagramPage` endpoint. This could allow an unauthenticated remote attacker to execute arbitrary code with root privileges. Siemens\u0027 OZW672 firmware and OZW772 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. OZW devices (web servers) are used to remotely monitor building controller devices, for example for monitoring heating controls or air conditioning conditions. \n\nSiemens OZW672 and OZW772 web servers have code execution and SQL injection vulnerabilities that can be exploited by an attacker to execute arbitrary code on the device with root privileges (in versions prior to V8.0) or authenticate as an administrator user (in versions prior to V6.0)",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2025-26389"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015796"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-10579"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2025-26389",
            "trust": 3.2
          },
          {
            "db": "SIEMENS",
            "id": "SSA-047424",
            "trust": 2.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-25-135-10",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU92528757",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015796",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2025-10579",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10579"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015796"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-26389"
          }
        ]
      },
      "id": "VAR-202505-1587",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10579"
          }
        ],
        "trust": 1.225
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10579"
          }
        ]
      },
      "last_update_date": "2025-10-12T20:56:44.694000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015796"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-26389"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-047424.html"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu92528757/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2025-26389"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-135-10"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10579"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015796"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-26389"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2025-10579"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015796"
          },
          {
            "db": "NVD",
            "id": "CVE-2025-26389"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-05-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-10579"
          },
          {
            "date": "2025-10-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-015796"
          },
          {
            "date": "2025-05-13T10:15:23.513000",
            "db": "NVD",
            "id": "CVE-2025-26389"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-05-23T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2025-10579"
          },
          {
            "date": "2025-10-10T08:41:00",
            "db": "JVNDB",
            "id": "JVNDB-2025-015796"
          },
          {
            "date": "2025-10-06T10:34:26.037000",
            "db": "NVD",
            "id": "CVE-2025-26389"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Siemens\u0027 \u00a0OZW672\u00a0 firmware and \u00a0OZW772\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2025-015796"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-201708-1510

    Vulnerability from variot - Updated: 2025-04-20 23:15

    A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack on the integrated web server on port 443/tcp. Siemens OZW672 and OZW772 Contains a cryptographic vulnerability.Information may be obtained and information may be altered. Both Siemens OZW672 and OZW772 are building controller products from Siemens AG. There is a man-in-the-middle attack vulnerability in Siemens OZW672 and OZW772. Multiple Siemens OZW672 and OZW772 are prone to multiple authentication-bypass vulnerabilities. An attacker can exploit these issues to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201708-1510",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ozw672",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "siemens",
            "version": null
          },
          {
            "model": "ozw772",
            "scope": "eq",
            "trust": 2.4,
            "vendor": "siemens",
            "version": null
          },
          {
            "model": "ozw772",
            "scope": null,
            "trust": 0.6,
            "vendor": "siemens",
            "version": null
          },
          {
            "model": "ozw672",
            "scope": null,
            "trust": 0.6,
            "vendor": "siemens",
            "version": null
          },
          {
            "model": "ozw772",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": "ozw672",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ozw772",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ozw672",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b6aab7b7-cd78-4139-9b22-d94f00e179d1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-12866"
          },
          {
            "db": "BID",
            "id": "99473"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-006993"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-624"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6873"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:siemens:ozw672_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:siemens:ozw772_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-006993"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Stefan Viehb\u00f6ck from SEC Consult.",
        "sources": [
          {
            "db": "BID",
            "id": "99473"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-6873",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2017-6873",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.6,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 4.9,
                "id": "CNVD-2017-12866",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.6,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 4.9,
                "id": "b6aab7b7-cd78-4139-9b22-d94f00e179d1",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.2,
                "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-115076",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "id": "CVE-2017-6873",
                "impactScore": 5.2,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-6873",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-6873",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-12866",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201703-624",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "b6aab7b7-cd78-4139-9b22-d94f00e179d1",
                "trust": 0.2,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-115076",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-6873",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b6aab7b7-cd78-4139-9b22-d94f00e179d1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-12866"
          },
          {
            "db": "VULHUB",
            "id": "VHN-115076"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-6873"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-006993"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-624"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6873"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack on the integrated web server on port 443/tcp. Siemens OZW672 and OZW772 Contains a cryptographic vulnerability.Information may be obtained and information may be altered. Both Siemens OZW672 and OZW772 are building controller products from Siemens AG. There is a man-in-the-middle attack vulnerability in Siemens OZW672 and OZW772. Multiple Siemens OZW672 and OZW772  are prone to multiple authentication-bypass vulnerabilities. \nAn attacker can exploit these issues to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-6873"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-006993"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-12866"
          },
          {
            "db": "BID",
            "id": "99473"
          },
          {
            "db": "IVD",
            "id": "b6aab7b7-cd78-4139-9b22-d94f00e179d1"
          },
          {
            "db": "VULHUB",
            "id": "VHN-115076"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-6873"
          }
        ],
        "trust": 2.79
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-6873",
            "trust": 3.7
          },
          {
            "db": "SIEMENS",
            "id": "SSA-563539",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "99473",
            "trust": 2.1
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-187-01",
            "trust": 1.2
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-624",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-12866",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-006993",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "B6AAB7B7-CD78-4139-9B22-D94F00E179D1",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-115076",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-6873",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b6aab7b7-cd78-4139-9b22-d94f00e179d1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-12866"
          },
          {
            "db": "VULHUB",
            "id": "VHN-115076"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-6873"
          },
          {
            "db": "BID",
            "id": "99473"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-006993"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-624"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6873"
          }
        ]
      },
      "id": "VAR-201708-1510",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "b6aab7b7-cd78-4139-9b22-d94f00e179d1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-12866"
          },
          {
            "db": "VULHUB",
            "id": "VHN-115076"
          }
        ],
        "trust": 1.525
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "b6aab7b7-cd78-4139-9b22-d94f00e179d1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-12866"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:15:59.149000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "SSA-563539",
            "trust": 0.8,
            "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-563539.pdf"
          },
          {
            "title": "Patch for Siemens OZW672 and OZW772 man-in-the-middle attack vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/97345"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-12866"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-006993"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-306",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-310",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-115076"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-006993"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6873"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.7,
            "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-563539.pdf"
          },
          {
            "trust": 1.9,
            "url": "http://www.securityfocus.com/bid/99473"
          },
          {
            "trust": 1.2,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-187-01"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6873"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6873"
          },
          {
            "trust": 0.3,
            "url": "http://subscriber.communications.siemens.com/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-12866"
          },
          {
            "db": "VULHUB",
            "id": "VHN-115076"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-6873"
          },
          {
            "db": "BID",
            "id": "99473"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-006993"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-624"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6873"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "b6aab7b7-cd78-4139-9b22-d94f00e179d1"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-12866"
          },
          {
            "db": "VULHUB",
            "id": "VHN-115076"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-6873"
          },
          {
            "db": "BID",
            "id": "99473"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-006993"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-624"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6873"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-05T00:00:00",
            "db": "IVD",
            "id": "b6aab7b7-cd78-4139-9b22-d94f00e179d1"
          },
          {
            "date": "2017-07-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-12866"
          },
          {
            "date": "2017-08-08T00:00:00",
            "db": "VULHUB",
            "id": "VHN-115076"
          },
          {
            "date": "2017-08-08T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-6873"
          },
          {
            "date": "2017-07-06T00:00:00",
            "db": "BID",
            "id": "99473"
          },
          {
            "date": "2017-09-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-006993"
          },
          {
            "date": "2017-03-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-624"
          },
          {
            "date": "2017-08-08T00:29:00.320000",
            "db": "NVD",
            "id": "CVE-2017-6873"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-12866"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-115076"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-6873"
          },
          {
            "date": "2017-07-06T00:00:00",
            "db": "BID",
            "id": "99473"
          },
          {
            "date": "2017-09-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-006993"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-624"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-6873"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-624"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Siemens OZW672 and  OZW772 Cryptographic vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-006993"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "encryption problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-624"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201708-1509

    Vulnerability from variot - Updated: 2025-04-20 23:15

    A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored on the device. Siemens OZW672 and OZW772 Contains vulnerabilities related to authorization, permissions, and access control.Information may be obtained and information may be altered. Both Siemens OZW672 and OZW772 are building controller products from Siemens AG. There are data read and write vulnerabilities in Siemens OZW672 and OZW772. An attacker can exploit these issues to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. A security vulnerability exists in Siemens OZW672 and OZW772 devices

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201708-1509",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ozw772",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "siemens",
            "version": null
          },
          {
            "model": "ozw672",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "siemens",
            "version": null
          },
          {
            "model": "ozw772",
            "scope": null,
            "trust": 1.4,
            "vendor": "siemens",
            "version": null
          },
          {
            "model": "ozw672",
            "scope": null,
            "trust": 1.4,
            "vendor": "siemens",
            "version": null
          },
          {
            "model": "ozw772",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": "ozw672",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "siemens",
            "version": "0"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ozw772",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ozw672",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7002627a-a56c-43fd-b57e-9336b0866e9e"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-12867"
          },
          {
            "db": "BID",
            "id": "99473"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007020"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-625"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6872"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:siemens:ozw672_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:siemens:ozw772_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007020"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Stefan Viehb\u00f6ck from SEC Consult.",
        "sources": [
          {
            "db": "BID",
            "id": "99473"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-6872",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2017-6872",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-12867",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "7002627a-a56c-43fd-b57e-9336b0866e9e",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-115075",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-6872",
                "impactScore": 2.5,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-6872",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-6872",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-12867",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201703-625",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "7002627a-a56c-43fd-b57e-9336b0866e9e",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-115075",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7002627a-a56c-43fd-b57e-9336b0866e9e"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-12867"
          },
          {
            "db": "VULHUB",
            "id": "VHN-115075"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007020"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-625"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6872"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored on the device. Siemens OZW672 and OZW772 Contains vulnerabilities related to authorization, permissions, and access control.Information may be obtained and information may be altered. Both Siemens OZW672 and OZW772 are building controller products from Siemens AG. There are data read and write vulnerabilities in Siemens OZW672 and OZW772. \nAn attacker can exploit these issues to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. A security vulnerability exists in Siemens OZW672 and OZW772 devices",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-6872"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007020"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-12867"
          },
          {
            "db": "BID",
            "id": "99473"
          },
          {
            "db": "IVD",
            "id": "7002627a-a56c-43fd-b57e-9336b0866e9e"
          },
          {
            "db": "VULHUB",
            "id": "VHN-115075"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-6872",
            "trust": 3.6
          },
          {
            "db": "SIEMENS",
            "id": "SSA-563539",
            "trust": 2.6
          },
          {
            "db": "BID",
            "id": "99473",
            "trust": 2.0
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-625",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-12867",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007020",
            "trust": 0.8
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-187-01",
            "trust": 0.3
          },
          {
            "db": "IVD",
            "id": "7002627A-A56C-43FD-B57E-9336B0866E9E",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-115075",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7002627a-a56c-43fd-b57e-9336b0866e9e"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-12867"
          },
          {
            "db": "VULHUB",
            "id": "VHN-115075"
          },
          {
            "db": "BID",
            "id": "99473"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007020"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-625"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6872"
          }
        ]
      },
      "id": "VAR-201708-1509",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "7002627a-a56c-43fd-b57e-9336b0866e9e"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-12867"
          },
          {
            "db": "VULHUB",
            "id": "VHN-115075"
          }
        ],
        "trust": 1.525
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7002627a-a56c-43fd-b57e-9336b0866e9e"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-12867"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:15:59.110000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "SSA-563539",
            "trust": 0.8,
            "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-563539.pdf"
          },
          {
            "title": "Patch for SiemensOZW672 and OZW772 data read and write vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/97346"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-12867"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007020"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-668",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-306",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-115075"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007020"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6872"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-563539.pdf"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/99473"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6872"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6872"
          },
          {
            "trust": 0.3,
            "url": "http://subscriber.communications.siemens.com/"
          },
          {
            "trust": 0.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-187-01"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-12867"
          },
          {
            "db": "VULHUB",
            "id": "VHN-115075"
          },
          {
            "db": "BID",
            "id": "99473"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007020"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-625"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6872"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "7002627a-a56c-43fd-b57e-9336b0866e9e"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-12867"
          },
          {
            "db": "VULHUB",
            "id": "VHN-115075"
          },
          {
            "db": "BID",
            "id": "99473"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007020"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-625"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6872"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-05T00:00:00",
            "db": "IVD",
            "id": "7002627a-a56c-43fd-b57e-9336b0866e9e"
          },
          {
            "date": "2017-07-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-12867"
          },
          {
            "date": "2017-08-08T00:00:00",
            "db": "VULHUB",
            "id": "VHN-115075"
          },
          {
            "date": "2017-07-06T00:00:00",
            "db": "BID",
            "id": "99473"
          },
          {
            "date": "2017-09-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-007020"
          },
          {
            "date": "2017-03-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-625"
          },
          {
            "date": "2017-08-08T00:29:00.290000",
            "db": "NVD",
            "id": "CVE-2017-6872"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-05T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-12867"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-115075"
          },
          {
            "date": "2017-07-06T00:00:00",
            "db": "BID",
            "id": "99473"
          },
          {
            "date": "2017-09-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-007020"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201703-625"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-6872"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-625"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Siemens OZW672 and  OZW772 Vulnerabilities related to authorization, permissions, and access control",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-007020"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control issues",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201703-625"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201601-0459

    Vulnerability from variot - Updated: 2025-04-13 23:26

    Cross-site scripting (XSS) vulnerability in the login form in the integrated web server on Siemens OZW OZW672 devices before 6.00 and OZW772 devices before 6.00 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Both Siemens OZW672 and OZW772 are building controller products from Siemens AG. A cross-site scripting vulnerability exists in the Siemens OZW672 and OZW772 devices. The vulnerability could be exploited by a remote attacker to change data and settings. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201601-0459",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ozw772",
            "scope": null,
            "trust": 1.4,
            "vendor": "siemens",
            "version": null
          },
          {
            "model": "ozw672",
            "scope": null,
            "trust": 1.4,
            "vendor": "siemens",
            "version": null
          },
          {
            "model": "ozw772",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "5.2"
          },
          {
            "model": "ozw672",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "5.2"
          },
          {
            "model": "ozw672",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "siemens",
            "version": "6.00"
          },
          {
            "model": "ozw772",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "siemens",
            "version": "6.00"
          },
          {
            "model": "ozw672",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "siemens",
            "version": null
          },
          {
            "model": "ozw772",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "siemens",
            "version": null
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ozw672",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ozw772",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "62b00c84-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-00391"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-001549"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201601-367"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1488"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:siemens:ozw672",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:siemens:ozw672_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:siemens:ozw772",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:siemens:ozw772_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-001549"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Aditya Sood",
        "sources": [
          {
            "db": "BID",
            "id": "80915"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2016-1488",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2016-1488",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2016-00391",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "62b00c84-2351-11e6-abef-000c29c66e3d",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.9 [IVD]"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-90307",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2016-1488",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-1488",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-1488",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-00391",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201601-367",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "IVD",
                "id": "62b00c84-2351-11e6-abef-000c29c66e3d",
                "trust": 0.2,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-90307",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "62b00c84-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-00391"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90307"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-001549"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201601-367"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1488"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting (XSS) vulnerability in the login form in the integrated web server on Siemens OZW OZW672 devices before 6.00 and OZW772 devices before 6.00 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Both Siemens OZW672 and OZW772 are building controller products from Siemens AG. A cross-site scripting vulnerability exists in the Siemens OZW672 and OZW772 devices. The vulnerability could be exploited by a remote attacker to change data and settings. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected  site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-1488"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-001549"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-00391"
          },
          {
            "db": "BID",
            "id": "80915"
          },
          {
            "db": "IVD",
            "id": "62b00c84-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90307"
          }
        ],
        "trust": 2.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-1488",
            "trust": 3.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-16-019-01",
            "trust": 3.1
          },
          {
            "db": "SIEMENS",
            "id": "SSA-743465",
            "trust": 1.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201601-367",
            "trust": 0.9
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-00391",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-001549",
            "trust": 0.8
          },
          {
            "db": "BID",
            "id": "80915",
            "trust": 0.4
          },
          {
            "db": "IVD",
            "id": "62B00C84-2351-11E6-ABEF-000C29C66E3D",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-90307",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "62b00c84-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-00391"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90307"
          },
          {
            "db": "BID",
            "id": "80915"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-001549"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201601-367"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1488"
          }
        ]
      },
      "id": "VAR-201601-0459",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "62b00c84-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-00391"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90307"
          }
        ],
        "trust": 1.525
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "62b00c84-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-00391"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:26:39.884000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "SSA-743465",
            "trust": 0.8,
            "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-743465.pdf"
          },
          {
            "title": "Patch for SiemensOZW672 and OZW772 cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/70337"
          },
          {
            "title": "Siemens OZW672  and OZW772 Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59685"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-00391"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-001549"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201601-367"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-90307"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-001549"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1488"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-019-01"
          },
          {
            "trust": 1.7,
            "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-743465.pdf"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1488"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1488"
          },
          {
            "trust": 0.3,
            "url": "http://subscriber.communications.siemens.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-00391"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90307"
          },
          {
            "db": "BID",
            "id": "80915"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-001549"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201601-367"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1488"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "62b00c84-2351-11e6-abef-000c29c66e3d"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-00391"
          },
          {
            "db": "VULHUB",
            "id": "VHN-90307"
          },
          {
            "db": "BID",
            "id": "80915"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-001549"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201601-367"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1488"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-01-21T00:00:00",
            "db": "IVD",
            "id": "62b00c84-2351-11e6-abef-000c29c66e3d"
          },
          {
            "date": "2016-01-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-00391"
          },
          {
            "date": "2016-01-30T00:00:00",
            "db": "VULHUB",
            "id": "VHN-90307"
          },
          {
            "date": "2016-01-15T00:00:00",
            "db": "BID",
            "id": "80915"
          },
          {
            "date": "2016-03-02T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-001549"
          },
          {
            "date": "2016-01-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201601-367"
          },
          {
            "date": "2016-01-30T12:59:03.103000",
            "db": "NVD",
            "id": "CVE-2016-1488"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-01-21T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-00391"
          },
          {
            "date": "2016-03-04T00:00:00",
            "db": "VULHUB",
            "id": "VHN-90307"
          },
          {
            "date": "2016-02-11T07:36:00",
            "db": "BID",
            "id": "80915"
          },
          {
            "date": "2016-03-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-001549"
          },
          {
            "date": "2016-02-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201601-367"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2016-1488"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201601-367"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Siemens OZW672 and OZW772 Cross-Site Scripting Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-00391"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201601-367"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201601-367"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202411-0737

    Vulnerability from variot - Updated: 2024-11-28 20:10

    A vulnerability has been identified in OZW672 (All versions < V5.2), OZW772 (All versions < V5.2). The user accounts tab of affected devices is vulnerable to stored cross-site scripting (XSS) attacks.

    This could allow an authenticated remote attacker to inject arbitrary JavaScript code that is later executed by another authenticated victim user with potential higher privileges than the attacker. Siemens' OZW672 firmware and OZW772 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. OZW devices (web servers) are used to remotely monitor building controller devices, such as heating controls or air conditioning.

    Siemens OZW devices (web servers) have a cross-site scripting vulnerability that can be exploited by attackers to inject arbitrary JavaScript code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202411-0737",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ozw672",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "siemens",
            "version": "5.2"
          },
          {
            "model": "ozw772",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "siemens",
            "version": "5.2"
          },
          {
            "model": "ozw772",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
            "version": null
          },
          {
            "model": "ozw672",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-45220"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-012845"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-36140"
          }
        ]
      },
      "cve": "CVE-2024-36140",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2024-45220",
                "impactScore": 6.9,
                "integrityImpact": "COMPLETE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.3,
                "id": "CVE-2024-36140",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "productcert@siemens.com",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.3,
                "id": "CVE-2024-36140",
                "impactScore": 4.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.4,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2024-36140",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2024-36140",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "productcert@siemens.com",
                "id": "CVE-2024-36140",
                "trust": 1.0,
                "value": "High"
              },
              {
                "author": "NVD",
                "id": "CVE-2024-36140",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2024-45220",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-45220"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-012845"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-36140"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-36140"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability has been identified in OZW672 (All versions \u003c V5.2), OZW772 (All versions \u003c V5.2). The user accounts tab of affected devices is vulnerable to stored cross-site scripting (XSS) attacks. \r\n\r\nThis could allow an authenticated remote attacker to inject arbitrary JavaScript code that is later executed by another authenticated victim user with potential higher privileges than the attacker. Siemens\u0027 OZW672 firmware and OZW772 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. OZW devices (web servers) are used to remotely monitor building controller devices, such as heating controls or air conditioning. \n\nSiemens OZW devices (web servers) have a cross-site scripting vulnerability that can be exploited by attackers to inject arbitrary JavaScript code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-36140"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-012845"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-45220"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-36140",
            "trust": 3.2
          },
          {
            "db": "SIEMENS",
            "id": "SSA-230445",
            "trust": 2.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-24-319-03",
            "trust": 0.8
          },
          {
            "db": "JVN",
            "id": "JVNVU96191615",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-012845",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2024-45220",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-45220"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-012845"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-36140"
          }
        ]
      },
      "id": "VAR-202411-0737",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-45220"
          }
        ],
        "trust": 1.225
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-45220"
          }
        ]
      },
      "last_update_date": "2024-11-28T20:10:13.609000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Patch for Siemens OZW devices (web servers) cross-site scripting vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/617291"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-45220"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.0
          },
          {
            "problemtype": "Cross-site scripting (CWE-79) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-012845"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-36140"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-230445.html"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu96191615/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-36140"
          },
          {
            "trust": 0.8,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-03"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-45220"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-012845"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-36140"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2024-45220"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-012845"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-36140"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-11-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-45220"
          },
          {
            "date": "2024-11-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-012845"
          },
          {
            "date": "2024-11-12T13:15:07.957000",
            "db": "NVD",
            "id": "CVE-2024-36140"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-11-18T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2024-45220"
          },
          {
            "date": "2024-11-18T04:46:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-012845"
          },
          {
            "date": "2024-11-15T22:53:26.063000",
            "db": "NVD",
            "id": "CVE-2024-36140"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Siemens\u0027 \u00a0OZW672\u00a0 firmware and \u00a0OZW772\u00a0 Cross-site scripting vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-012845"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202002-1475

    Vulnerability from variot - Updated: 2024-11-23 21:21

    A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10.00). Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application's export function. By accessing a specific uniform resource locator on the web server, a remote attacker could be able to download a project file without prior authentication. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected system. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system. OZW672 and OZW772 Contains vulnerabilities in externally accessible files or directories.Information may be obtained. Siemens OZW672 and OZW772 are the building controller products of Germany's Siemens

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202002-1475",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ozw772",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "10.00"
          },
          {
            "model": "ozw672",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "siemens",
            "version": "10.00"
          },
          {
            "model": "ozw672",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "siemens",
            "version": "10.00"
          },
          {
            "model": "ozw772",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "siemens",
            "version": "10.00"
          },
          {
            "model": "ozw672",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "siemens",
            "version": "v10.00"
          },
          {
            "model": "ozw772",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "siemens",
            "version": "v10.00"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ozw672",
            "version": "*"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "ozw772",
            "version": "*"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "9d70a0cb-14c2-49ad-8202-3ae7b396c3ad"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-15262"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014548"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13941"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:siemens:ozw672_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:siemens:ozw772_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014548"
          }
        ]
      },
      "cve": "CVE-2019-13941",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-13941",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014548",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2020-15262",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "9d70a0cb-14c2-49ad-8202-3ae7b396c3ad",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-13941",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2019-014548",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-13941",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "JVNDB-2019-014548",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-15262",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202002-454",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "9d70a0cb-14c2-49ad-8202-3ae7b396c3ad",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "9d70a0cb-14c2-49ad-8202-3ae7b396c3ad"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-15262"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-454"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13941"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability has been identified in OZW672 (All versions \u003c V10.00), OZW772 (All versions \u003c V10.00). Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application\u0027s export function. By accessing a specific uniform resource locator on the web server, a remote attacker could be able to download a project file without prior authentication. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected system. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system. OZW672 and OZW772 Contains vulnerabilities in externally accessible files or directories.Information may be obtained. Siemens OZW672 and OZW772 are the building controller products of Germany\u0027s Siemens",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-13941"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014548"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-15262"
          },
          {
            "db": "IVD",
            "id": "9d70a0cb-14c2-49ad-8202-3ae7b396c3ad"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-13941",
            "trust": 3.2
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-042-09",
            "trust": 3.0
          },
          {
            "db": "SIEMENS",
            "id": "SSA-986695",
            "trust": 1.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-15262",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-454",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014548",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0486",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0486.3",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2020.0486.2",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-042-06",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-042-07",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-042-10",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-042-02",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-042-05",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-042-08",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-042-04",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-042-03",
            "trust": 0.6
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-20-042-01",
            "trust": 0.6
          },
          {
            "db": "IVD",
            "id": "9D70A0CB-14C2-49AD-8202-3AE7B396C3AD",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "9d70a0cb-14c2-49ad-8202-3ae7b396c3ad"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-15262"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-454"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13941"
          }
        ]
      },
      "id": "VAR-202002-1475",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "9d70a0cb-14c2-49ad-8202-3ae7b396c3ad"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-15262"
          }
        ],
        "trust": 1.425
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "9d70a0cb-14c2-49ad-8202-3ae7b396c3ad"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-15262"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:21:04.171000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "SSA-986695",
            "trust": 0.8,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-986695.pdf"
          },
          {
            "title": "Patch for Siemens OZW672 and OZW772 Information Disclosure Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/206793"
          },
          {
            "title": "Siemens OZW672  and OZW772 Remediation measures for authorization problem vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110189"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-15262"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-454"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-552",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014548"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13941"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-09"
          },
          {
            "trust": 1.6,
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-986695.pdf"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13941"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13941"
          },
          {
            "trust": 0.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-10"
          },
          {
            "trust": 0.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-08"
          },
          {
            "trust": 0.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-07"
          },
          {
            "trust": 0.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-06"
          },
          {
            "trust": 0.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-05"
          },
          {
            "trust": 0.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-04"
          },
          {
            "trust": 0.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-03"
          },
          {
            "trust": 0.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-02"
          },
          {
            "trust": 0.6,
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-01"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0486/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0486.2/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2020.0486.3/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-15262"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-454"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13941"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "9d70a0cb-14c2-49ad-8202-3ae7b396c3ad"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-15262"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014548"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-454"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-13941"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-02-11T00:00:00",
            "db": "IVD",
            "id": "9d70a0cb-14c2-49ad-8202-3ae7b396c3ad"
          },
          {
            "date": "2020-03-04T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-15262"
          },
          {
            "date": "2020-02-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014548"
          },
          {
            "date": "2020-02-11T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-454"
          },
          {
            "date": "2020-02-11T16:15:14.897000",
            "db": "NVD",
            "id": "CVE-2019-13941"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-03-04T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-15262"
          },
          {
            "date": "2020-03-26T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-014548"
          },
          {
            "date": "2021-01-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202002-454"
          },
          {
            "date": "2024-11-21T04:25:44.447000",
            "db": "NVD",
            "id": "CVE-2019-13941"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-454"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OZW672 and  OZW772 Vulnerability in externally accessible files or directories in",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-014548"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202002-454"
          }
        ],
        "trust": 0.6
      }
    }