Search
Find a vulnerability
Search criteria
6 vulnerabilities by kabona
VAR-201702-0303
Vulnerability from variot - Updated: 2025-04-20 23:13An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. The web server URL inputs are not sanitized correctly, which may allow cross-site scripting vulnerabilities. Kabona AB WDC is a web-based SCADA system from Kabona AB, Sweden. An attacker could use this vulnerability to redirect a user to a malicious page. Kabona AB WDC is prone to multiple security vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, this may allow the attacker to steal cookie-based authentication credentials and to launch other attacks or by constructing a crafted URI and enticing a user to follow it and when an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site and to bypass the authentication mechanism
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0303",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webdatorcentral",
"scope": "eq",
"trust": 1.6,
"vendor": "kabona ab",
"version": null
},
{
"model": "webdatorcentral",
"scope": "lt",
"trust": 0.8,
"vendor": "kabona ab",
"version": "3.4.0"
},
{
"model": "ab wdc",
"scope": "lt",
"trust": 0.6,
"vendor": "kabona",
"version": "3.4.0"
},
{
"model": "ab wdc",
"scope": "eq",
"trust": 0.3,
"vendor": "kabona",
"version": "0"
},
{
"model": "ab wdc",
"scope": "ne",
"trust": 0.3,
"vendor": "kabona",
"version": "3.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "webdatorcentral",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "7d2dde9b-e7ce-41a6-bddd-f573ab4c0e04"
},
{
"db": "CNVD",
"id": "CNVD-2016-09863"
},
{
"db": "BID",
"id": "93547"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007583"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-458"
},
{
"db": "NVD",
"id": "CVE-2016-8356"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:kabona_ab:webdatorcentral",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007583"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Martin Jartelius and John Stock of Outpost 24.",
"sources": [
{
"db": "BID",
"id": "93547"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-458"
}
],
"trust": 0.9
},
"cve": "CVE-2016-8356",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-8356",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-09863",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "7d2dde9b-e7ce-41a6-bddd-f573ab4c0e04",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-8356",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-8356",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-8356",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-09863",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-458",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d2dde9b-e7ce-41a6-bddd-f573ab4c0e04",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d2dde9b-e7ce-41a6-bddd-f573ab4c0e04"
},
{
"db": "CNVD",
"id": "CNVD-2016-09863"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007583"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-458"
},
{
"db": "NVD",
"id": "CVE-2016-8356"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. The web server URL inputs are not sanitized correctly, which may allow cross-site scripting vulnerabilities. Kabona AB WDC is a web-based SCADA system from Kabona AB, Sweden. An attacker could use this vulnerability to redirect a user to a malicious page. Kabona AB WDC is prone to multiple security vulnerabilities. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, this may allow the attacker to steal cookie-based authentication credentials and to launch other attacks or by constructing a crafted URI and enticing a user to follow it and when an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site and to bypass the authentication mechanism",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8356"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007583"
},
{
"db": "CNVD",
"id": "CNVD-2016-09863"
},
{
"db": "BID",
"id": "93547"
},
{
"db": "IVD",
"id": "7d2dde9b-e7ce-41a6-bddd-f573ab4c0e04"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8356",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-287-07",
"trust": 2.7
},
{
"db": "BID",
"id": "93547",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2016-09863",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-458",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007583",
"trust": 0.8
},
{
"db": "IVD",
"id": "7D2DDE9B-E7CE-41A6-BDDD-F573AB4C0E04",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d2dde9b-e7ce-41a6-bddd-f573ab4c0e04"
},
{
"db": "CNVD",
"id": "CNVD-2016-09863"
},
{
"db": "BID",
"id": "93547"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007583"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-458"
},
{
"db": "NVD",
"id": "CVE-2016-8356"
}
]
},
"id": "VAR-201702-0303",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d2dde9b-e7ce-41a6-bddd-f573ab4c0e04"
},
{
"db": "CNVD",
"id": "CNVD-2016-09863"
}
],
"trust": 1.675
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7d2dde9b-e7ce-41a6-bddd-f573ab4c0e04"
},
{
"db": "CNVD",
"id": "CNVD-2016-09863"
}
]
},
"last_update_date": "2025-04-20T23:13:22.880000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u0027WDC\u0027 (WebDatorCentral)",
"trust": 0.8,
"url": "http://www.kabona.com/building-automation/wdc/"
},
{
"title": "Kabona AB WDC Open Redirection Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/82890"
},
{
"title": "Kabona AB WDC Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64829"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09863"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007583"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-458"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007583"
},
{
"db": "NVD",
"id": "CVE-2016-8356"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-287-07"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/93547"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8356"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8356"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/93547/discuss"
},
{
"trust": 0.3,
"url": "http://www.kabona.com/building-automation/wdc/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09863"
},
{
"db": "BID",
"id": "93547"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007583"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-458"
},
{
"db": "NVD",
"id": "CVE-2016-8356"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d2dde9b-e7ce-41a6-bddd-f573ab4c0e04"
},
{
"db": "CNVD",
"id": "CNVD-2016-09863"
},
{
"db": "BID",
"id": "93547"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007583"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-458"
},
{
"db": "NVD",
"id": "CVE-2016-8356"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-24T00:00:00",
"db": "IVD",
"id": "7d2dde9b-e7ce-41a6-bddd-f573ab4c0e04"
},
{
"date": "2016-10-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-09863"
},
{
"date": "2016-10-13T00:00:00",
"db": "BID",
"id": "93547"
},
{
"date": "2017-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007583"
},
{
"date": "2016-10-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-458"
},
{
"date": "2017-02-13T21:59:00.893000",
"db": "NVD",
"id": "CVE-2016-8356"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-09863"
},
{
"date": "2016-10-26T09:08:00",
"db": "BID",
"id": "93547"
},
{
"date": "2017-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007583"
},
{
"date": "2016-10-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-458"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-8356"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-458"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kabona AB WDC Open redirection vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d2dde9b-e7ce-41a6-bddd-f573ab4c0e04"
},
{
"db": "CNVD",
"id": "CNVD-2016-09863"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-458"
}
],
"trust": 0.6
}
}
VAR-201702-0296
Vulnerability from variot - Updated: 2025-04-20 23:13An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. WDC does not limit authentication attempts that may allow a brute force attack method. Kabona AB WDC is a web-based SCADA system from Kabona AB, Sweden. Kabona AB WDC is prone to multiple security vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, this may allow the attacker to steal cookie-based authentication credentials and to launch other attacks or by constructing a crafted URI and enticing a user to follow it and when an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site and to bypass the authentication mechanism
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0296",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webdatorcentral",
"scope": "eq",
"trust": 1.6,
"vendor": "kabona ab",
"version": null
},
{
"model": "webdatorcentral",
"scope": "lt",
"trust": 0.8,
"vendor": "kabona ab",
"version": "3.4.0"
},
{
"model": "ab wdc",
"scope": "lt",
"trust": 0.6,
"vendor": "kabona",
"version": "3.4.0"
},
{
"model": "ab wdc",
"scope": "eq",
"trust": 0.3,
"vendor": "kabona",
"version": "0"
},
{
"model": "ab wdc",
"scope": "ne",
"trust": 0.3,
"vendor": "kabona",
"version": "3.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "webdatorcentral",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "d8d77204-4f3b-4a4d-8f8f-cecd7e82ec8b"
},
{
"db": "CNVD",
"id": "CNVD-2016-09846"
},
{
"db": "BID",
"id": "93547"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007829"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-460"
},
{
"db": "NVD",
"id": "CVE-2016-8347"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:kabona_ab:webdatorcentral",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007829"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Martin Jartelius and John Stock of Outpost 24.",
"sources": [
{
"db": "BID",
"id": "93547"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-460"
}
],
"trust": 0.9
},
"cve": "CVE-2016-8347",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-8347",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-09846",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "d8d77204-4f3b-4a4d-8f8f-cecd7e82ec8b",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-8347",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-8347",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-8347",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2016-09846",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-460",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "d8d77204-4f3b-4a4d-8f8f-cecd7e82ec8b",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "d8d77204-4f3b-4a4d-8f8f-cecd7e82ec8b"
},
{
"db": "CNVD",
"id": "CNVD-2016-09846"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007829"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-460"
},
{
"db": "NVD",
"id": "CVE-2016-8347"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. WDC does not limit authentication attempts that may allow a brute force attack method. Kabona AB WDC is a web-based SCADA system from Kabona AB, Sweden. Kabona AB WDC is prone to multiple security vulnerabilities. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, this may allow the attacker to steal cookie-based authentication credentials and to launch other attacks or by constructing a crafted URI and enticing a user to follow it and when an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site and to bypass the authentication mechanism",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8347"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007829"
},
{
"db": "CNVD",
"id": "CNVD-2016-09846"
},
{
"db": "BID",
"id": "93547"
},
{
"db": "IVD",
"id": "d8d77204-4f3b-4a4d-8f8f-cecd7e82ec8b"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8347",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-287-07",
"trust": 2.7
},
{
"db": "BID",
"id": "93547",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2016-09846",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-460",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007829",
"trust": 0.8
},
{
"db": "IVD",
"id": "D8D77204-4F3B-4A4D-8F8F-CECD7E82EC8B",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "d8d77204-4f3b-4a4d-8f8f-cecd7e82ec8b"
},
{
"db": "CNVD",
"id": "CNVD-2016-09846"
},
{
"db": "BID",
"id": "93547"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007829"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-460"
},
{
"db": "NVD",
"id": "CVE-2016-8347"
}
]
},
"id": "VAR-201702-0296",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "d8d77204-4f3b-4a4d-8f8f-cecd7e82ec8b"
},
{
"db": "CNVD",
"id": "CNVD-2016-09846"
}
],
"trust": 1.675
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "d8d77204-4f3b-4a4d-8f8f-cecd7e82ec8b"
},
{
"db": "CNVD",
"id": "CNVD-2016-09846"
}
]
},
"last_update_date": "2025-04-20T23:13:22.844000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WebDatorCentral (WDC)",
"trust": 0.8,
"url": "http://www.kabona.com/building-automation/wdc/"
},
{
"title": "Kabona AB WDC brute force vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/82887"
},
{
"title": "Kabona AB WDC Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64831"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09846"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007829"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-460"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007829"
},
{
"db": "NVD",
"id": "CVE-2016-8347"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-287-07"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/93547"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8347"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8347"
},
{
"trust": 0.3,
"url": "http://www.kabona.com/building-automation/wdc/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09846"
},
{
"db": "BID",
"id": "93547"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007829"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-460"
},
{
"db": "NVD",
"id": "CVE-2016-8347"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "d8d77204-4f3b-4a4d-8f8f-cecd7e82ec8b"
},
{
"db": "CNVD",
"id": "CNVD-2016-09846"
},
{
"db": "BID",
"id": "93547"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007829"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-460"
},
{
"db": "NVD",
"id": "CVE-2016-8347"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-24T00:00:00",
"db": "IVD",
"id": "d8d77204-4f3b-4a4d-8f8f-cecd7e82ec8b"
},
{
"date": "2016-10-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-09846"
},
{
"date": "2016-10-13T00:00:00",
"db": "BID",
"id": "93547"
},
{
"date": "2017-03-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007829"
},
{
"date": "2016-10-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-460"
},
{
"date": "2017-02-13T21:59:00.673000",
"db": "NVD",
"id": "CVE-2016-8347"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-09846"
},
{
"date": "2016-10-26T09:08:00",
"db": "BID",
"id": "93547"
},
{
"date": "2017-03-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007829"
},
{
"date": "2016-10-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-460"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-8347"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-460"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kabona AB WebDatorCentral Vulnerabilities that allow brute force methods in applications",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007829"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-460"
}
],
"trust": 0.6
}
}
VAR-201711-0006
Vulnerability from variot - Updated: 2025-04-20 23:13A Plaintext Storage of a Password issue was discovered in Kabona AB WebDatorCentral (WDC) versions prior to Version 3.4.0. WDC stores password credentials in plaintext. Kabona AB WebDatorCentral (WDC) Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Kabona AB WebDatorCentral (WDC) is a web-based SCADA system from Kabona AB, Sweden. An attacker could exploit the vulnerability to obtain information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0006",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webdatorcentral",
"scope": "lt",
"trust": 1.0,
"vendor": "kabona",
"version": "3.4.0"
},
{
"model": "webdatorcentral",
"scope": "lt",
"trust": 0.8,
"vendor": "kabona ab",
"version": "3.4.0"
},
{
"model": "ab webdatorcentral",
"scope": "lt",
"trust": 0.6,
"vendor": "kabona",
"version": "3.4.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "webdatorcentral",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2debdae-39ab-11e9-b1ba-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-35245"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008862"
},
{
"db": "NVD",
"id": "CVE-2016-0872"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:kabona_ab:webdatorcentral",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008862"
}
]
},
"cve": "CVE-2016-0872",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-0872",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-35245",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2debdae-39ab-11e9-b1ba-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-0872",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-0872",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-0872",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-35245",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-242",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2debdae-39ab-11e9-b1ba-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2debdae-39ab-11e9-b1ba-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-35245"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008862"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-242"
},
{
"db": "NVD",
"id": "CVE-2016-0872"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Plaintext Storage of a Password issue was discovered in Kabona AB WebDatorCentral (WDC) versions prior to Version 3.4.0. WDC stores password credentials in plaintext. Kabona AB WebDatorCentral (WDC) Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Kabona AB WebDatorCentral (WDC) is a web-based SCADA system from Kabona AB, Sweden. An attacker could exploit the vulnerability to obtain information",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0872"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008862"
},
{
"db": "CNVD",
"id": "CNVD-2017-35245"
},
{
"db": "IVD",
"id": "e2debdae-39ab-11e9-b1ba-000c29342cb1"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-0872",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-16-287-07",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2017-35245",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201711-242",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008862",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2DEBDAE-39AB-11E9-B1BA-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2debdae-39ab-11e9-b1ba-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-35245"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008862"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-242"
},
{
"db": "NVD",
"id": "CVE-2016-0872"
}
]
},
"id": "VAR-201711-0006",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2debdae-39ab-11e9-b1ba-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-35245"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2debdae-39ab-11e9-b1ba-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-35245"
}
]
},
"last_update_date": "2025-04-20T23:13:19.291000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WebDatorCentral (WDC)",
"trust": 0.8,
"url": "http://www.kabona.com/building-automation/wdc/"
},
{
"title": "Kabona AB WebDatorCentral password plaintext storage vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/107043"
},
{
"title": "Kabona AB WebDatorCentral Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76184"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35245"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008862"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-242"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008862"
},
{
"db": "NVD",
"id": "CVE-2016-0872"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-287-07"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0872"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0872"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35245"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008862"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-242"
},
{
"db": "NVD",
"id": "CVE-2016-0872"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2debdae-39ab-11e9-b1ba-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2017-35245"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008862"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-242"
},
{
"db": "NVD",
"id": "CVE-2016-0872"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-28T00:00:00",
"db": "IVD",
"id": "e2debdae-39ab-11e9-b1ba-000c29342cb1"
},
{
"date": "2017-11-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35245"
},
{
"date": "2017-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008862"
},
{
"date": "2017-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-242"
},
{
"date": "2017-11-07T21:29:00.260000",
"db": "NVD",
"id": "CVE-2016-0872"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35245"
},
{
"date": "2017-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008862"
},
{
"date": "2017-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-242"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-0872"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-242"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kabona AB WebDatorCentral Vulnerabilities related to certificate and password management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008862"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Trust management",
"sources": [
{
"db": "IVD",
"id": "e2debdae-39ab-11e9-b1ba-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-242"
}
],
"trust": 0.8
}
}
VAR-201702-0081
Vulnerability from variot - Updated: 2025-04-20 23:13An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. This non-validated redirect/non-validated forward (OPEN REDIRECT) allows chaining with authenticated vulnerabilities. Kabona AB WDC is a web-based SCADA system from Kabona AB, Sweden. An attacker could use this vulnerability to redirect a user to a malicious page. Kabona AB WDC is prone to multiple security vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, this may allow the attacker to steal cookie-based authentication credentials and to launch other attacks or by constructing a crafted URI and enticing a user to follow it and when an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site and to bypass the authentication mechanism
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0081",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webdatorcentral",
"scope": "eq",
"trust": 1.6,
"vendor": "kabona ab",
"version": null
},
{
"model": "webdatorcentral",
"scope": "lt",
"trust": 0.8,
"vendor": "kabona ab",
"version": "3.4.0"
},
{
"model": "ab wdc",
"scope": "lt",
"trust": 0.6,
"vendor": "kabona",
"version": "3.4.0"
},
{
"model": "ab wdc",
"scope": "eq",
"trust": 0.3,
"vendor": "kabona",
"version": "0"
},
{
"model": "ab wdc",
"scope": "ne",
"trust": 0.3,
"vendor": "kabona",
"version": "3.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "webdatorcentral",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "35821faa-74b5-4b9b-8a1e-d05e8a517632"
},
{
"db": "CNVD",
"id": "CNVD-2016-09845"
},
{
"db": "BID",
"id": "93547"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007584"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-459"
},
{
"db": "NVD",
"id": "CVE-2016-8376"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:kabona_ab:webdatorcentral",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007584"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Martin Jartelius and John Stock of Outpost 24.",
"sources": [
{
"db": "BID",
"id": "93547"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-459"
}
],
"trust": 0.9
},
"cve": "CVE-2016-8376",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-8376",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-09845",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "35821faa-74b5-4b9b-8a1e-d05e8a517632",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.6,
"id": "CVE-2016-8376",
"impactScore": 4.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-8376",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-8376",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-09845",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-459",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "35821faa-74b5-4b9b-8a1e-d05e8a517632",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "35821faa-74b5-4b9b-8a1e-d05e8a517632"
},
{
"db": "CNVD",
"id": "CNVD-2016-09845"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007584"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-459"
},
{
"db": "NVD",
"id": "CVE-2016-8376"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. This non-validated redirect/non-validated forward (OPEN REDIRECT) allows chaining with authenticated vulnerabilities. Kabona AB WDC is a web-based SCADA system from Kabona AB, Sweden. An attacker could use this vulnerability to redirect a user to a malicious page. Kabona AB WDC is prone to multiple security vulnerabilities. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, this may allow the attacker to steal cookie-based authentication credentials and to launch other attacks or by constructing a crafted URI and enticing a user to follow it and when an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site and to bypass the authentication mechanism",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8376"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007584"
},
{
"db": "CNVD",
"id": "CNVD-2016-09845"
},
{
"db": "BID",
"id": "93547"
},
{
"db": "IVD",
"id": "35821faa-74b5-4b9b-8a1e-d05e8a517632"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8376",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-287-07",
"trust": 2.7
},
{
"db": "BID",
"id": "93547",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2016-09845",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-459",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007584",
"trust": 0.8
},
{
"db": "IVD",
"id": "35821FAA-74B5-4B9B-8A1E-D05E8A517632",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "35821faa-74b5-4b9b-8a1e-d05e8a517632"
},
{
"db": "CNVD",
"id": "CNVD-2016-09845"
},
{
"db": "BID",
"id": "93547"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007584"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-459"
},
{
"db": "NVD",
"id": "CVE-2016-8376"
}
]
},
"id": "VAR-201702-0081",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "35821faa-74b5-4b9b-8a1e-d05e8a517632"
},
{
"db": "CNVD",
"id": "CNVD-2016-09845"
}
],
"trust": 1.675
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "35821faa-74b5-4b9b-8a1e-d05e8a517632"
},
{
"db": "CNVD",
"id": "CNVD-2016-09845"
}
]
},
"last_update_date": "2025-04-20T23:13:19.256000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u0027WDC\u0027 (WebDatorCentral)",
"trust": 0.8,
"url": "http://www.kabona.com/building-automation/wdc/"
},
{
"title": "Patch for Kabona AB WDC Open Redirection Vulnerability (CNVD-2016-09845)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/82889"
},
{
"title": "Kabona AB WDC Fixes for open redirect vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64830"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09845"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007584"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-459"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-601",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007584"
},
{
"db": "NVD",
"id": "CVE-2016-8376"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-287-07"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/93547"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8376"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8376"
},
{
"trust": 0.3,
"url": "http://www.kabona.com/building-automation/wdc/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09845"
},
{
"db": "BID",
"id": "93547"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007584"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-459"
},
{
"db": "NVD",
"id": "CVE-2016-8376"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "35821faa-74b5-4b9b-8a1e-d05e8a517632"
},
{
"db": "CNVD",
"id": "CNVD-2016-09845"
},
{
"db": "BID",
"id": "93547"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007584"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-459"
},
{
"db": "NVD",
"id": "CVE-2016-8376"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-24T00:00:00",
"db": "IVD",
"id": "35821faa-74b5-4b9b-8a1e-d05e8a517632"
},
{
"date": "2016-10-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-09845"
},
{
"date": "2016-10-13T00:00:00",
"db": "BID",
"id": "93547"
},
{
"date": "2017-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007584"
},
{
"date": "2016-10-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-459"
},
{
"date": "2017-02-13T21:59:01.313000",
"db": "NVD",
"id": "CVE-2016-8376"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-09845"
},
{
"date": "2016-10-26T09:08:00",
"db": "BID",
"id": "93547"
},
{
"date": "2017-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007584"
},
{
"date": "2016-10-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-459"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-8376"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-459"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kabona AB WebDatorCentral (WDC) Application vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007584"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "35821faa-74b5-4b9b-8a1e-d05e8a517632"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-459"
}
],
"trust": 0.8
}
}
CVE-2016-0872 (GCVE-0-2016-0872)
Vulnerability from nvd – Published: 2017-11-07 21:00 – Updated: 2024-08-05 22:30
VLAI
Summary
A Plaintext Storage of a Password issue was discovered in Kabona AB WebDatorCentral (WDC) versions prior to Version 3.4.0. WDC stores password credentials in plaintext.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-16-287-07 | x_refsource_MISC |
Date Public
2017-11-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:05.141Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-07"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Plaintext Storage of a Password issue was discovered in Kabona AB WebDatorCentral (WDC) versions prior to Version 3.4.0. WDC stores password credentials in plaintext."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-07T20:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-07"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-0872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Plaintext Storage of a Password issue was discovered in Kabona AB WebDatorCentral (WDC) versions prior to Version 3.4.0. WDC stores password credentials in plaintext."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-07",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-07"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-0872",
"datePublished": "2017-11-07T21:00:00.000Z",
"dateReserved": "2015-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:30:05.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-0872 (GCVE-0-2016-0872)
Vulnerability from cvelistv5 – Published: 2017-11-07 21:00 – Updated: 2024-08-05 22:30
VLAI
Summary
A Plaintext Storage of a Password issue was discovered in Kabona AB WebDatorCentral (WDC) versions prior to Version 3.4.0. WDC stores password credentials in plaintext.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-16-287-07 | x_refsource_MISC |
Date Public
2017-11-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:05.141Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-07"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Plaintext Storage of a Password issue was discovered in Kabona AB WebDatorCentral (WDC) versions prior to Version 3.4.0. WDC stores password credentials in plaintext."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-07T20:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-07"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2016-0872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Plaintext Storage of a Password issue was discovered in Kabona AB WebDatorCentral (WDC) versions prior to Version 3.4.0. WDC stores password credentials in plaintext."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-07",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-287-07"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2016-0872",
"datePublished": "2017-11-07T21:00:00.000Z",
"dateReserved": "2015-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:30:05.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}