Search

Find a vulnerability

Search criteria

    3 vulnerabilities found for PCS-XG77 by Sony Corporation

    CVE-2016-7830 (GCVE-0-2016-7830)

    Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
    VLAI
    Summary
    Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Authentication bypass
    Assigner
    References
    URL Tags
    https://www.sony.co.uk/pro/support/attachment/123… x_refsource_CONFIRM
    https://jvn.jp/en/jp/JVN42070907/index.html third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    Sony Corporation PCS-XG100 Affected: firmware versions prior to Ver.1.51
    Create a notification for this product.
    Sony Corporation PCS-XG100S Affected: firmware versions prior to Ver.1.51
    Create a notification for this product.
    Sony Corporation PCS-XG100C Affected: firmware versions prior to Ver.1.51
    Create a notification for this product.
    Sony Corporation PCS-XG77 Affected: firmware versions prior to Ver.1.51
    Create a notification for this product.
    Sony Corporation PCS-XG77S Affected: firmware versions prior to Ver.1.51
    Create a notification for this product.
    Sony Corporation PCS-XG77C Affected: firmware versions prior to Ver.1.51
    Create a notification for this product.
    Sony Corporation PCS-XC1 Affected: firmware version prior to Ver.1.22
    Create a notification for this product.
    Date Public
    2016-12-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:04:56.072Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf"
              },
              {
                "name": "JVN#42070907",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN42070907/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "PCS-XG100",
              "vendor": "Sony Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions prior to Ver.1.51"
                }
              ]
            },
            {
              "product": "PCS-XG100S",
              "vendor": "Sony Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions prior to Ver.1.51"
                }
              ]
            },
            {
              "product": "PCS-XG100C",
              "vendor": "Sony Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions prior to Ver.1.51"
                }
              ]
            },
            {
              "product": "PCS-XG77",
              "vendor": "Sony Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions prior to Ver.1.51"
                }
              ]
            },
            {
              "product": "PCS-XG77S",
              "vendor": "Sony Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions prior to Ver.1.51"
                }
              ]
            },
            {
              "product": "PCS-XG77C",
              "vendor": "Sony Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions prior to Ver.1.51"
                }
              ]
            },
            {
              "product": "PCS-XC1",
              "vendor": "Sony Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware version prior to Ver.1.22"
                }
              ]
            }
          ],
          "datePublic": "2016-12-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authentication bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-09T15:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf"
            },
            {
              "name": "JVN#42070907",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN42070907/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-7830",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "PCS-XG100",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware versions prior to Ver.1.51"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "PCS-XG100S",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware versions prior to Ver.1.51"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "PCS-XG100C",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware versions prior to Ver.1.51"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "PCS-XG77",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware versions prior to Ver.1.51"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "PCS-XG77S",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware versions prior to Ver.1.51"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "PCS-XG77C",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware versions prior to Ver.1.51"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "PCS-XC1",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware version prior to Ver.1.22"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sony Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authentication bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf"
                },
                {
                  "name": "JVN#42070907",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN42070907/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-7830",
        "datePublished": "2017-06-09T16:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:04:56.072Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-7830 (GCVE-0-2016-7830)

    Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
    VLAI
    Summary
    Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Authentication bypass
    Assigner
    References
    URL Tags
    https://www.sony.co.uk/pro/support/attachment/123… x_refsource_CONFIRM
    https://jvn.jp/en/jp/JVN42070907/index.html third-party-advisoryx_refsource_JVN
    Impacted products
    Vendor Product Version
    Sony Corporation PCS-XG100 Affected: firmware versions prior to Ver.1.51
    Create a notification for this product.
    Sony Corporation PCS-XG100S Affected: firmware versions prior to Ver.1.51
    Create a notification for this product.
    Sony Corporation PCS-XG100C Affected: firmware versions prior to Ver.1.51
    Create a notification for this product.
    Sony Corporation PCS-XG77 Affected: firmware versions prior to Ver.1.51
    Create a notification for this product.
    Sony Corporation PCS-XG77S Affected: firmware versions prior to Ver.1.51
    Create a notification for this product.
    Sony Corporation PCS-XG77C Affected: firmware versions prior to Ver.1.51
    Create a notification for this product.
    Sony Corporation PCS-XC1 Affected: firmware version prior to Ver.1.22
    Create a notification for this product.
    Date Public
    2016-12-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:04:56.072Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf"
              },
              {
                "name": "JVN#42070907",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN42070907/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "PCS-XG100",
              "vendor": "Sony Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions prior to Ver.1.51"
                }
              ]
            },
            {
              "product": "PCS-XG100S",
              "vendor": "Sony Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions prior to Ver.1.51"
                }
              ]
            },
            {
              "product": "PCS-XG100C",
              "vendor": "Sony Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions prior to Ver.1.51"
                }
              ]
            },
            {
              "product": "PCS-XG77",
              "vendor": "Sony Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions prior to Ver.1.51"
                }
              ]
            },
            {
              "product": "PCS-XG77S",
              "vendor": "Sony Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions prior to Ver.1.51"
                }
              ]
            },
            {
              "product": "PCS-XG77C",
              "vendor": "Sony Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions prior to Ver.1.51"
                }
              ]
            },
            {
              "product": "PCS-XC1",
              "vendor": "Sony Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware version prior to Ver.1.22"
                }
              ]
            }
          ],
          "datePublic": "2016-12-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authentication bypass",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-09T15:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf"
            },
            {
              "name": "JVN#42070907",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN42070907/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-7830",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "PCS-XG100",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware versions prior to Ver.1.51"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "PCS-XG100S",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware versions prior to Ver.1.51"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "PCS-XG100C",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware versions prior to Ver.1.51"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "PCS-XG77",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware versions prior to Ver.1.51"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "PCS-XG77S",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware versions prior to Ver.1.51"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "PCS-XG77C",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware versions prior to Ver.1.51"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "PCS-XC1",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware version prior to Ver.1.22"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Sony Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authentication bypass"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://www.sony.co.uk/pro/support/attachment/1237494431832/1237494431864/videoconferencesecurityenhancement-v3.pdf"
                },
                {
                  "name": "JVN#42070907",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN42070907/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-7830",
        "datePublished": "2017-06-09T16:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:04:56.072Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2016-000246

    Vulnerability from jvndb - Published: 2016-12-16 14:11 - Updated:2018-01-17 14:03
    Severity
    Summary
    Mutiple SONY Videoconference Systems do not properly perform authentication
    Details
    Multiple SONY Videoconference Systems have a default user account which does not require authentication to login to a device (CWE-306). This user account has a privilege to view some of the system configuration files. As a result, the device may be manipulated by an attacker with administrative privileges. telnet/ssl functionality is implemented based on the specifications in the device, and it is disabled by default. When this functionality is enabled, a user in the same subnetwork can login to the device.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000246.html",
      "dc:date": "2018-01-17T14:03+09:00",
      "dcterms:issued": "2016-12-16T14:11+09:00",
      "dcterms:modified": "2018-01-17T14:03+09:00",
      "description": "Multiple SONY Videoconference Systems have a default user account which does not require authentication to login to a device (CWE-306).\r\nThis user account has a privilege to view some of the system configuration files.  As a result, the device may be manipulated by an attacker with administrative privileges.\r\n\r\ntelnet/ssl functionality is implemented based on the specifications in the device, and it is disabled by default.  When this functionality is enabled, a user in the same subnetwork can login to the device.",
      "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000246.html",
      "sec:cpe": [
        {
          "#text": "cpe:/h:sony:pcs-xc1",
          "@product": "PCS-XC1",
          "@vendor": "Sony Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:sony:pcs-xg100",
          "@product": "PCS-XG100",
          "@vendor": "Sony Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:sony:pcs-xg100s",
          "@product": "PCS-XG100S",
          "@vendor": "Sony Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:sony:pcs-xg77",
          "@product": "PCS-XG77",
          "@vendor": "Sony Corporation",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/h:sony:pcs-xg77s",
          "@product": "PCS-XG77S",
          "@vendor": "Sony Corporation",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "2.9",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
          "@version": "2.0"
        },
        {
          "@score": "5.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2016-000246",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN42070907/index.html",
          "@id": "JVN#42070907",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7830",
          "@id": "CVE-2016-7830",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-7830",
          "@id": "CVE-2016-7830",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-287",
          "@title": "Improper Authentication(CWE-287)"
        }
      ],
      "title": "Mutiple SONY Videoconference Systems do not properly perform authentication"
    }