Search
Find a vulnerability
Search criteria
8 vulnerabilities found for gecko_lite_managed_switch_firmware by belden_hirschmann
CVE-2017-6040 (GCVE-0-2017-6040)
Vulnerability from nvd – Published: 2017-06-30 02:35 – Updated: 2024-08-05 15:18
VLAI
Summary
An Information Exposure issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. Non-sensitive information can be obtained anonymously.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Belden Hirschmann GECKO |
Affected:
Belden Hirschmann GECKO
|
Date Public
2017-06-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Belden Hirschmann GECKO",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Belden Hirschmann GECKO"
}
]
}
],
"datePublic": "2017-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Information Exposure issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. Non-sensitive information can be obtained anonymously."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T02:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Belden Hirschmann GECKO",
"version": {
"version_data": [
{
"version_value": "Belden Hirschmann GECKO"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Information Exposure issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. Non-sensitive information can be obtained anonymously."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6040",
"datePublished": "2017-06-30T02:35:00.000Z",
"dateReserved": "2017-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:18:49.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6038 (GCVE-0-2017-6038)
Vulnerability from nvd – Published: 2017-06-30 02:35 – Updated: 2024-08-05 15:18
VLAI
Summary
A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were provided by the user who submitted the request.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Belden Hirschmann GECKO |
Affected:
Belden Hirschmann GECKO
|
Date Public
2017-06-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Belden Hirschmann GECKO",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Belden Hirschmann GECKO"
}
]
}
],
"datePublic": "2017-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were provided by the user who submitted the request."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T02:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Belden Hirschmann GECKO",
"version": {
"version_data": [
{
"version_value": "Belden Hirschmann GECKO"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were provided by the user who submitted the request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6038",
"datePublished": "2017-06-30T02:35:00.000Z",
"dateReserved": "2017-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:18:49.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6036 (GCVE-0-2017-6036)
Vulnerability from nvd – Published: 2017-06-30 02:35 – Updated: 2024-08-05 15:18
VLAI
Summary
A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web server receives a request, but does not sufficiently verify that the request is being sent to the expected destination.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Belden Hirschmann GECKO |
Affected:
Belden Hirschmann GECKO
|
Date Public
2017-06-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Belden Hirschmann GECKO",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Belden Hirschmann GECKO"
}
]
}
],
"datePublic": "2017-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web server receives a request, but does not sufficiently verify that the request is being sent to the expected destination."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T02:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6036",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Belden Hirschmann GECKO",
"version": {
"version_data": [
{
"version_value": "Belden Hirschmann GECKO"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web server receives a request, but does not sufficiently verify that the request is being sent to the expected destination."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6036",
"datePublished": "2017-06-30T02:35:00.000Z",
"dateReserved": "2017-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:18:49.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5163 (GCVE-0-2017-5163)
Vulnerability from nvd – Published: 2017-02-13 21:00 – Updated: 2024-08-05 14:55
VLAI
Summary
An issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. After an administrator downloads a configuration file, a copy of the configuration file, which includes hashes of user passwords, is saved to a location that is accessible without authentication by path traversal.
Severity
No CVSS data available.
CWE
- Belden Hirschmann GECKO path traversal
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/95815 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Belden Hirschmann GECKO 2.0.00 and prior |
Affected:
Belden Hirschmann GECKO 2.0.00 and prior
|
Date Public
2017-02-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95815",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95815"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Belden Hirschmann GECKO 2.0.00 and prior",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Belden Hirschmann GECKO 2.0.00 and prior"
}
]
}
],
"datePublic": "2017-02-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. After an administrator downloads a configuration file, a copy of the configuration file, which includes hashes of user passwords, is saved to a location that is accessible without authentication by path traversal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Belden Hirschmann GECKO path traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-14T10:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "95815",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95815"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-5163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Belden Hirschmann GECKO 2.0.00 and prior",
"version": {
"version_data": [
{
"version_value": "Belden Hirschmann GECKO 2.0.00 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. After an administrator downloads a configuration file, a copy of the configuration file, which includes hashes of user passwords, is saved to a location that is accessible without authentication by path traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Belden Hirschmann GECKO path traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95815",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95815"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-5163",
"datePublished": "2017-02-13T21:00:00.000Z",
"dateReserved": "2017-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:55:35.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6038 (GCVE-0-2017-6038)
Vulnerability from cvelistv5 – Published: 2017-06-30 02:35 – Updated: 2024-08-05 15:18
VLAI
Summary
A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were provided by the user who submitted the request.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Belden Hirschmann GECKO |
Affected:
Belden Hirschmann GECKO
|
Date Public
2017-06-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Belden Hirschmann GECKO",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Belden Hirschmann GECKO"
}
]
}
],
"datePublic": "2017-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were provided by the user who submitted the request."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T02:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Belden Hirschmann GECKO",
"version": {
"version_data": [
{
"version_value": "Belden Hirschmann GECKO"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were provided by the user who submitted the request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6038",
"datePublished": "2017-06-30T02:35:00.000Z",
"dateReserved": "2017-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:18:49.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6040 (GCVE-0-2017-6040)
Vulnerability from cvelistv5 – Published: 2017-06-30 02:35 – Updated: 2024-08-05 15:18
VLAI
Summary
An Information Exposure issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. Non-sensitive information can be obtained anonymously.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Belden Hirschmann GECKO |
Affected:
Belden Hirschmann GECKO
|
Date Public
2017-06-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Belden Hirschmann GECKO",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Belden Hirschmann GECKO"
}
]
}
],
"datePublic": "2017-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Information Exposure issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. Non-sensitive information can be obtained anonymously."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T02:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Belden Hirschmann GECKO",
"version": {
"version_data": [
{
"version_value": "Belden Hirschmann GECKO"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Information Exposure issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. Non-sensitive information can be obtained anonymously."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6040",
"datePublished": "2017-06-30T02:35:00.000Z",
"dateReserved": "2017-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:18:49.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6036 (GCVE-0-2017-6036)
Vulnerability from cvelistv5 – Published: 2017-06-30 02:35 – Updated: 2024-08-05 15:18
VLAI
Summary
A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web server receives a request, but does not sufficiently verify that the request is being sent to the expected destination.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Belden Hirschmann GECKO |
Affected:
Belden Hirschmann GECKO
|
Date Public
2017-06-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Belden Hirschmann GECKO",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Belden Hirschmann GECKO"
}
]
}
],
"datePublic": "2017-06-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web server receives a request, but does not sufficiently verify that the request is being sent to the expected destination."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T02:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6036",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Belden Hirschmann GECKO",
"version": {
"version_data": [
{
"version_value": "Belden Hirschmann GECKO"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web server receives a request, but does not sufficiently verify that the request is being sent to the expected destination."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02A"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6036",
"datePublished": "2017-06-30T02:35:00.000Z",
"dateReserved": "2017-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:18:49.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5163 (GCVE-0-2017-5163)
Vulnerability from cvelistv5 – Published: 2017-02-13 21:00 – Updated: 2024-08-05 14:55
VLAI
Summary
An issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. After an administrator downloads a configuration file, a copy of the configuration file, which includes hashes of user passwords, is saved to a location that is accessible without authentication by path traversal.
Severity
No CVSS data available.
CWE
- Belden Hirschmann GECKO path traversal
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/95815 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Belden Hirschmann GECKO 2.0.00 and prior |
Affected:
Belden Hirschmann GECKO 2.0.00 and prior
|
Date Public
2017-02-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95815",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95815"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Belden Hirschmann GECKO 2.0.00 and prior",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Belden Hirschmann GECKO 2.0.00 and prior"
}
]
}
],
"datePublic": "2017-02-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. After an administrator downloads a configuration file, a copy of the configuration file, which includes hashes of user passwords, is saved to a location that is accessible without authentication by path traversal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Belden Hirschmann GECKO path traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-14T10:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "95815",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95815"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-5163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Belden Hirschmann GECKO 2.0.00 and prior",
"version": {
"version_data": [
{
"version_value": "Belden Hirschmann GECKO 2.0.00 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. After an administrator downloads a configuration file, a copy of the configuration file, which includes hashes of user passwords, is saved to a location that is accessible without authentication by path traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Belden Hirschmann GECKO path traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95815",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95815"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-5163",
"datePublished": "2017-02-13T21:00:00.000Z",
"dateReserved": "2017-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:55:35.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}