Search
Find a vulnerability
Search criteria
3 vulnerabilities found for PCS-XC1 by Sony Corporation
CVE-2016-7830 (GCVE-0-2016-7830)
Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
EPSS
VEX
Summary
Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors.
Severity
No CVSS data available.
CWE
- Authentication bypass
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.sony.co.uk/pro/support/attachment/123… | x_refsource_CONFIRM |
| https://jvn.jp/en/jp/JVN42070907/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Sony Corporation | PCS-XG100 |
Affected:
firmware versions prior to Ver.1.51
|
|
| Sony Corporation | PCS-XG100S |
Affected:
firmware versions prior to Ver.1.51
|
|
| Sony Corporation | PCS-XG100C |
Affected:
firmware versions prior to Ver.1.51
|
|
| Sony Corporation | PCS-XG77 |
Affected:
firmware versions prior to Ver.1.51
|
|
| Sony Corporation | PCS-XG77S |
Affected:
firmware versions prior to Ver.1.51
|
|
| Sony Corporation | PCS-XG77C |
Affected:
firmware versions prior to Ver.1.51
|
|
| Sony Corporation | PCS-XC1 |
Affected:
firmware version prior to Ver.1.22
|
Date Public
2016-12-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf"
},
{
"name": "JVN#42070907",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN42070907/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PCS-XG100",
"vendor": "Sony Corporation",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to Ver.1.51"
}
]
},
{
"product": "PCS-XG100S",
"vendor": "Sony Corporation",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to Ver.1.51"
}
]
},
{
"product": "PCS-XG100C",
"vendor": "Sony Corporation",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to Ver.1.51"
}
]
},
{
"product": "PCS-XG77",
"vendor": "Sony Corporation",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to Ver.1.51"
}
]
},
{
"product": "PCS-XG77S",
"vendor": "Sony Corporation",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to Ver.1.51"
}
]
},
{
"product": "PCS-XG77C",
"vendor": "Sony Corporation",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to Ver.1.51"
}
]
},
{
"product": "PCS-XC1",
"vendor": "Sony Corporation",
"versions": [
{
"status": "affected",
"version": "firmware version prior to Ver.1.22"
}
]
}
],
"datePublic": "2016-12-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-09T15:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf"
},
{
"name": "JVN#42070907",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN42070907/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PCS-XG100",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to Ver.1.51"
}
]
}
},
{
"product_name": "PCS-XG100S",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to Ver.1.51"
}
]
}
},
{
"product_name": "PCS-XG100C",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to Ver.1.51"
}
]
}
},
{
"product_name": "PCS-XG77",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to Ver.1.51"
}
]
}
},
{
"product_name": "PCS-XG77S",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to Ver.1.51"
}
]
}
},
{
"product_name": "PCS-XG77C",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to Ver.1.51"
}
]
}
},
{
"product_name": "PCS-XC1",
"version": {
"version_data": [
{
"version_value": "firmware version prior to Ver.1.22"
}
]
}
}
]
},
"vendor_name": "Sony Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf",
"refsource": "CONFIRM",
"url": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf"
},
{
"name": "JVN#42070907",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN42070907/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7830",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:56.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7830 (GCVE-0-2016-7830)
Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
EPSS
VEX
Summary
Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors.
Severity
No CVSS data available.
CWE
- Authentication bypass
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.sony.co.uk/pro/support/attachment/123… | x_refsource_CONFIRM |
| https://jvn.jp/en/jp/JVN42070907/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Sony Corporation | PCS-XG100 |
Affected:
firmware versions prior to Ver.1.51
|
|
| Sony Corporation | PCS-XG100S |
Affected:
firmware versions prior to Ver.1.51
|
|
| Sony Corporation | PCS-XG100C |
Affected:
firmware versions prior to Ver.1.51
|
|
| Sony Corporation | PCS-XG77 |
Affected:
firmware versions prior to Ver.1.51
|
|
| Sony Corporation | PCS-XG77S |
Affected:
firmware versions prior to Ver.1.51
|
|
| Sony Corporation | PCS-XG77C |
Affected:
firmware versions prior to Ver.1.51
|
|
| Sony Corporation | PCS-XC1 |
Affected:
firmware version prior to Ver.1.22
|
Date Public
2016-12-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf"
},
{
"name": "JVN#42070907",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN42070907/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PCS-XG100",
"vendor": "Sony Corporation",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to Ver.1.51"
}
]
},
{
"product": "PCS-XG100S",
"vendor": "Sony Corporation",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to Ver.1.51"
}
]
},
{
"product": "PCS-XG100C",
"vendor": "Sony Corporation",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to Ver.1.51"
}
]
},
{
"product": "PCS-XG77",
"vendor": "Sony Corporation",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to Ver.1.51"
}
]
},
{
"product": "PCS-XG77S",
"vendor": "Sony Corporation",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to Ver.1.51"
}
]
},
{
"product": "PCS-XG77C",
"vendor": "Sony Corporation",
"versions": [
{
"status": "affected",
"version": "firmware versions prior to Ver.1.51"
}
]
},
{
"product": "PCS-XC1",
"vendor": "Sony Corporation",
"versions": [
{
"status": "affected",
"version": "firmware version prior to Ver.1.22"
}
]
}
],
"datePublic": "2016-12-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-09T15:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf"
},
{
"name": "JVN#42070907",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN42070907/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PCS-XG100",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to Ver.1.51"
}
]
}
},
{
"product_name": "PCS-XG100S",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to Ver.1.51"
}
]
}
},
{
"product_name": "PCS-XG100C",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to Ver.1.51"
}
]
}
},
{
"product_name": "PCS-XG77",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to Ver.1.51"
}
]
}
},
{
"product_name": "PCS-XG77S",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to Ver.1.51"
}
]
}
},
{
"product_name": "PCS-XG77C",
"version": {
"version_data": [
{
"version_value": "firmware versions prior to Ver.1.51"
}
]
}
},
{
"product_name": "PCS-XC1",
"version": {
"version_data": [
{
"version_value": "firmware version prior to Ver.1.22"
}
]
}
}
]
},
"vendor_name": "Sony Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf",
"refsource": "CONFIRM",
"url": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf"
},
{
"name": "JVN#42070907",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN42070907/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7830",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:56.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2016-000246
Vulnerability from jvndb - Published: 2016-12-16 14:11 - Updated:2018-01-17 14:03
Severity
Summary
Mutiple SONY Videoconference Systems do not properly perform authentication
Details
Multiple SONY Videoconference Systems have a default user account which does not require authentication to login to a device (CWE-306).
This user account has a privilege to view some of the system configuration files. As a result, the device may be manipulated by an attacker with administrative privileges.
telnet/ssl functionality is implemented based on the specifications in the device, and it is disabled by default. When this functionality is enabled, a user in the same subnetwork can login to the device.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000246.html",
"dc:date": "2018-01-17T14:03+09:00",
"dcterms:issued": "2016-12-16T14:11+09:00",
"dcterms:modified": "2018-01-17T14:03+09:00",
"description": "Multiple SONY Videoconference Systems have a default user account which does not require authentication to login to a device (CWE-306).\r\nThis user account has a privilege to view some of the system configuration files. As a result, the device may be manipulated by an attacker with administrative privileges.\r\n\r\ntelnet/ssl functionality is implemented based on the specifications in the device, and it is disabled by default. When this functionality is enabled, a user in the same subnetwork can login to the device.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000246.html",
"sec:cpe": [
{
"#text": "cpe:/h:sony:pcs-xc1",
"@product": "PCS-XC1",
"@vendor": "Sony Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:sony:pcs-xg100",
"@product": "PCS-XG100",
"@vendor": "Sony Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:sony:pcs-xg100s",
"@product": "PCS-XG100S",
"@vendor": "Sony Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:sony:pcs-xg77",
"@product": "PCS-XG77",
"@vendor": "Sony Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/h:sony:pcs-xg77s",
"@product": "PCS-XG77S",
"@vendor": "Sony Corporation",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "2.9",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000246",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN42070907/index.html",
"@id": "JVN#42070907",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7830",
"@id": "CVE-2016-7830",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-7830",
"@id": "CVE-2016-7830",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-287",
"@title": "Improper Authentication(CWE-287)"
}
],
"title": "Mutiple SONY Videoconference Systems do not properly perform authentication"
}